feat: support auth in header, cookie, and query arg

This commit is contained in:
Derrick Hammer 2024-01-18 20:56:49 -05:00
parent 82f34726d6
commit 8044591697
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
1 changed files with 29 additions and 7 deletions

View File

@ -12,20 +12,42 @@ import (
const ( const (
AuthUserIDKey = "userID" AuthUserIDKey = "userID"
AuthCookieName = "s5-auth-token"
AuthQueryParam = "auth_token"
) )
func findAuthToken(r *http.Request) string {
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
return ""
}
authHeader = strings.TrimPrefix(authHeader, "Bearer ")
if authHeader != "" {
return authHeader
}
for _, cookie := range r.Cookies() {
if cookie.Name == AuthCookieName {
return cookie.Value
}
}
return r.FormValue(AuthQueryParam)
}
func AuthMiddleware(handler jape.Handler, portal interfaces.Portal) jape.Handler { func AuthMiddleware(handler jape.Handler, portal interfaces.Portal) jape.Handler {
return jape.Adapt(func(h http.Handler) http.Handler { return jape.Adapt(func(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization") authToken := findAuthToken(r)
if authHeader == "" {
http.Error(w, "Authorization header is required", http.StatusBadRequest) if authToken == "" {
http.Error(w, "Invalid JWT", http.StatusUnauthorized)
return return
} }
tokenString := strings.TrimPrefix(authHeader, "Bearer ") token, err := jwt.Parse(authToken, func(token *jwt.Token) (interface{}, error) {
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok { if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
} }