mirror of
https://github.com/kataras/iris.git
synced 2025-01-23 18:51:03 +01:00
92 lines
2.6 KiB
Go
92 lines
2.6 KiB
Go
package main
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/kataras/iris/v12"
|
|
"github.com/kataras/iris/v12/middleware/jwt"
|
|
)
|
|
|
|
var (
|
|
sigKey = []byte("signature_hmac_secret_shared_key")
|
|
encKey = []byte("GCM_AES_256_secret_shared_key_32")
|
|
)
|
|
|
|
type fooClaims struct {
|
|
Foo string `json:"foo"`
|
|
}
|
|
|
|
/*
|
|
In this example you will learn the essentials
|
|
of the Iris builtin JWT middleware based on the github.com/kataras/jwt package.
|
|
*/
|
|
|
|
func main() {
|
|
app := iris.New()
|
|
|
|
signer := jwt.NewSigner(jwt.HS256, sigKey, 10*time.Minute)
|
|
// Enable payload encryption with:
|
|
// signer.WithEncryption(encKey, nil)
|
|
app.Get("/", generateToken(signer))
|
|
|
|
verifier := jwt.NewVerifier(jwt.HS256, sigKey)
|
|
// Enable server-side token block feature (even before its expiration time):
|
|
verifier.WithDefaultBlocklist()
|
|
// Enable payload decryption with:
|
|
// verifier.WithDecryption(encKey, nil)
|
|
verifyMiddleware := verifier.Verify(func() interface{} {
|
|
return new(fooClaims)
|
|
})
|
|
|
|
protectedAPI := app.Party("/protected")
|
|
// Register the verify middleware to allow access only to authorized clients.
|
|
protectedAPI.Use(verifyMiddleware)
|
|
// ^ or UseRouter(verifyMiddleware) to disallow unauthorized http error handlers too.
|
|
|
|
protectedAPI.Get("/", protected)
|
|
// Invalidate the token through server-side, even if it's not expired yet.
|
|
protectedAPI.Get("/logout", logout)
|
|
|
|
// http://localhost:8080
|
|
// http://localhost:8080/protected?token=$token (or Authorization: Bearer $token)
|
|
// http://localhost:8080/protected/logout?token=$token
|
|
// http://localhost:8080/protected?token=$token (401)
|
|
app.Listen(":8080")
|
|
}
|
|
|
|
func generateToken(signer *jwt.Signer) iris.Handler {
|
|
return func(ctx iris.Context) {
|
|
claims := fooClaims{Foo: "bar"}
|
|
|
|
token, err := signer.Sign(claims)
|
|
if err != nil {
|
|
ctx.StopWithStatus(iris.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
ctx.Write(token)
|
|
}
|
|
}
|
|
|
|
func protected(ctx iris.Context) {
|
|
// Get the verified and decoded claims.
|
|
claims := jwt.Get(ctx).(*fooClaims)
|
|
|
|
// Optionally, get token information if you want to work with them.
|
|
// Just an example on how you can retrieve all the standard claims (set by signer's max age, "exp").
|
|
standardClaims := jwt.GetVerifiedToken(ctx).StandardClaims
|
|
expiresAtString := standardClaims.ExpiresAt().Format(ctx.Application().ConfigurationReadOnly().GetTimeFormat())
|
|
timeLeft := standardClaims.Timeleft()
|
|
|
|
ctx.Writef("foo=%s\nexpires at: %s\ntime left: %s\n", claims.Foo, expiresAtString, timeLeft)
|
|
}
|
|
|
|
func logout(ctx iris.Context) {
|
|
err := ctx.Logout()
|
|
if err != nil {
|
|
ctx.WriteString(err.Error())
|
|
} else {
|
|
ctx.Writef("token invalidated, a new token is required to access the protected API")
|
|
}
|
|
}
|