open token authentication
This commit is contained in:
Fran Jurmanović
@@ -34,7 +34,7 @@ func NewMembershipController(service *service.MembershipService, auth *middlewar
|
|||||||
}
|
}
|
||||||
|
|
||||||
routeGroups.Auth.Post("/login", mc.Login)
|
routeGroups.Auth.Post("/login", mc.Login)
|
||||||
routeGroups.Auth.Post("/open-token", mc.GenerateOpenToken)
|
routeGroups.Auth.Post("/open-token", mc.auth.Authenticate, mc.GenerateOpenToken)
|
||||||
|
|
||||||
usersGroup := routeGroups.Membership
|
usersGroup := routeGroups.Membership
|
||||||
usersGroup.Use(mc.auth.Authenticate)
|
usersGroup.Use(mc.auth.Authenticate)
|
||||||
|
|||||||
@@ -52,20 +52,28 @@ func NewAuthMiddleware(ms *service.MembershipService, cache *cache.InMemoryCache
|
|||||||
|
|
||||||
// Authenticate is a middleware for JWT authentication with enhanced security.
|
// Authenticate is a middleware for JWT authentication with enhanced security.
|
||||||
func (m *AuthMiddleware) AuthenticateOpen(ctx *fiber.Ctx) error {
|
func (m *AuthMiddleware) AuthenticateOpen(ctx *fiber.Ctx) error {
|
||||||
return m.AuthenticateWithHandler(m.openJWTHandler.JWTHandler, ctx)
|
return m.AuthenticateWithHandler(m.openJWTHandler.JWTHandler, true, ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Authenticate is a middleware for JWT authentication with enhanced security.
|
// Authenticate is a middleware for JWT authentication with enhanced security.
|
||||||
func (m *AuthMiddleware) Authenticate(ctx *fiber.Ctx) error {
|
func (m *AuthMiddleware) Authenticate(ctx *fiber.Ctx) error {
|
||||||
return m.AuthenticateWithHandler(m.jwtHandler, ctx)
|
return m.AuthenticateWithHandler(m.jwtHandler, false, ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *AuthMiddleware) AuthenticateWithHandler(jwtHandler *jwt.JWTHandler, ctx *fiber.Ctx) error {
|
func (m *AuthMiddleware) AuthenticateWithHandler(jwtHandler *jwt.JWTHandler, isOpenToken bool, ctx *fiber.Ctx) error {
|
||||||
// Log authentication attempt
|
// Log authentication attempt
|
||||||
ip := ctx.IP()
|
ip := ctx.IP()
|
||||||
userAgent := ctx.Get("User-Agent")
|
userAgent := ctx.Get("User-Agent")
|
||||||
|
|
||||||
authHeader := ctx.Get("Authorization")
|
authHeader := ctx.Get("Authorization")
|
||||||
|
|
||||||
|
if jwtHandler.IsOpenToken && !isOpenToken {
|
||||||
|
logging.Error("Authentication failed: attempting to authenticate with open token")
|
||||||
|
return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||||||
|
"error": "Wrong token type used",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
if authHeader == "" {
|
if authHeader == "" {
|
||||||
logging.Error("Authentication failed: missing Authorization header from IP %s", ip)
|
logging.Error("Authentication failed: missing Authorization header from IP %s", ip)
|
||||||
return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||||||
|
|||||||
@@ -19,6 +19,7 @@ type Claims struct {
|
|||||||
|
|
||||||
type JWTHandler struct {
|
type JWTHandler struct {
|
||||||
SecretKey []byte
|
SecretKey []byte
|
||||||
|
IsOpenToken bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type OpenJWTHandler struct {
|
type OpenJWTHandler struct {
|
||||||
@@ -28,6 +29,7 @@ type OpenJWTHandler struct {
|
|||||||
// NewJWTHandler creates a new JWTHandler instance with the provided secret key.
|
// NewJWTHandler creates a new JWTHandler instance with the provided secret key.
|
||||||
func NewOpenJWTHandler(jwtSecret string) *OpenJWTHandler {
|
func NewOpenJWTHandler(jwtSecret string) *OpenJWTHandler {
|
||||||
jwtHandler := NewJWTHandler(jwtSecret)
|
jwtHandler := NewJWTHandler(jwtSecret)
|
||||||
|
jwtHandler.IsOpenToken = true
|
||||||
return &OpenJWTHandler{
|
return &OpenJWTHandler{
|
||||||
JWTHandler: jwtHandler,
|
JWTHandler: jwtHandler,
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user