-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbasicAuthentication.go
123 lines (97 loc) · 3.32 KB
/
basicAuthentication.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main
import (
"encoding/base64"
"fmt"
"github.com/jgavinray/jwt-go"
"net/http"
"os"
"strings"
"time"
)
func BasicAuth(pass http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
auth := strings.SplitN(r.Header["Authorization"][0], " ", 2)
// Check to see if the Authorization Header has two parts. A "Basic" followed by something
if len(auth) != 2 || auth[0] != "Basic" {
http.Error(w, "bad syntax", http.StatusBadRequest)
return
}
// Get the second element of the auth array, and attempt to base64 decode it
payload, _ := base64.StdEncoding.DecodeString(auth[1])
// Split the username:password string into two array elements
pair := strings.SplitN(string(payload), ":", 2)
// Check to make sure we have two elements in the pair array, or that we can confirm the credentials are valid
if len(pair) != 2 || !IsValidateUser(pair[0], pair[1]) {
http.Error(w, "authorization failed", http.StatusUnauthorized)
return
}
// If both of the above checks pass, forward the original request to the appropriate function.
pass(w, r)
}
}
func IsValidateUser(username, password string) bool {
// Make come database call to validate username and password
if username == "foo" && password == "bar" {
return true
}
return false
}
func TokenAuth(pass http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
auth := strings.SplitN(r.Header["Authorization"][0], " ", 2)
// Check to see if the Authorization Header has two parts. A "Bearer" followed by something
if len(auth) != 2 || auth[0] != "Bearer" {
http.Error(w, "bad syntax", http.StatusBadRequest)
return
}
// Get the second element of the auth array, and attempt to base64 decode it
payload, _ := base64.StdEncoding.DecodeString(auth[1])
// Attempt to Validate what was sent in the second array element of the Authorization header
if !ValidateToken(payload) {
http.Error(w, "authorization failed", http.StatusUnauthorized)
return
}
fmt.Fprintf(w, "Before\n")
pass(w, r)
fmt.Fprintf(w, "After\n")
}
}
func ValidateToken(tkn []byte) bool {
tokenToBeValidated := string(tkn)
token, err := jwt.Parse(tokenToBeValidated, func(token *jwt.Token) (interface{}, error) {
// Check What Algorithm Signed the Token
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
// Get the key used to sign the token in generateToken
return GetSigningKey(), nil
})
if err == nil && token.Valid {
return true
} else {
return false
}
}
func GetSigningKey() []byte {
// Read File, Database Call, Environment Variable, whereever we want to store the key
mySigningKey := []byte(os.Getenv("SuperSecretKey"))
if mySigningKey == nil {
mySigningKey = []byte("SecretLike")
}
return mySigningKey
}
func generateToken(w http.ResponseWriter, r *http.Request) {
mySigningKey := GetSigningKey()
token := jwt.New(jwt.SigningMethodHS512)
// Set some claims
token.Claims["foo"] = "bar"
token.Claims["nbf"] = time.Now()
token.Claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
// Sign and get the complete encoded token as a string
tokenString, err := token.SignedString(mySigningKey)
if err != nil {
fmt.Fprintf(w, "%s\n", err)
return
}
fmt.Fprintf(w, "%s\n", tokenString)
}