Inicio Explorar Ayuda
Iniciar sesión
torabkheslat
/
ZiCloud-API
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: c6b19b5572
Ramas Etiquetas
ZiCloud-API
/
handler.go

handler.go 2.3 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"net/http"
    6. 

  6. 

  7. 	"github.com/dgrijalva/jwt-go"
    8. 

  8. 	"github.com/labstack/echo"
    9. 

  9. )
    10. 

  10. 

  11. type handler struct{}
    12. 

  12. 

  13. // Most of the code is taken from the echo guide
    14. 

  14. // https://echo.labstack.com/cookbook/jwt
    15. 

  15. func (h *handler) login(c echo.Context) error {
    16. 

  16. 	username := c.FormValue("username")
    17. 

  17. 	password := c.FormValue("password")
    18. 

  18. 

  19. 	// Check in your db if the user exists or not
    20. 

  20. 	if username == "jon" && password == "password" {
    21. 

  21. 		tokens, err := generateTokenPair()
    22. 

  22. 		if err != nil {
    23. 

  23. 			return err
    24. 

  24. 		}
    25. 

  25. 

  26. 		return c.JSON(http.StatusOK, tokens)
    27. 

  27. 	}
    28. 

  28. 

  29. 	return echo.ErrUnauthorized
    30. 

  30. }
    31. 

  31. 

  32. // This is the api to refresh tokens
    33. 

  33. // Most of the code is taken from the jwt-go package's sample codes
    34. 

  34. // https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac
    35. 

  35. func (h *handler) token(c echo.Context) error {
    36. 

  36. 	type tokenReqBody struct {
    37. 

  37. 		RefreshToken string `json:"refresh_token"`
    38. 

  38. 	}
    39. 

  39. 	tokenReq := tokenReqBody{}
    40. 

  40. 	c.Bind(&tokenReq)
    41. 

  41. 

  42. 	// Parse takes the token string and a function for looking up the key.
    43. 

  43. 	// The latter is especially useful if you use multiple keys for your application.
    44. 

  44. 	// The standard is to use 'kid' in the head of the token to identify
    45. 

  45. 	// which key to use, but the parsed token (head and claims) is provided
    46. 

  46. 	// to the callback, providing flexibility.
    47. 

  47. 	token, err := jwt.Parse(tokenReq.RefreshToken, func(token *jwt.Token) (interface{}, error) {
    48. 

  48. 		// Don't forget to validate the alg is what you expect:
    49. 

  49. 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
    50. 

  50. 			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
    51. 

  51. 		}
    52. 

  52. 

  53. 		// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
    54. 

  54. 		return []byte("secret"), nil
    55. 

  55. 	})
    56. 

  56. 

  57. 	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
    58. 

  58. 		// Get the user record from database or
    59. 

  59. 		// run through your business logic to verify if the user can log in
    60. 

  60. 		if int(claims["sub"].(float64)) == 1 {
    61. 

  61. 

  62. 			newTokenPair, err := generateTokenPair()
    63. 

  63. 			if err != nil {
    64. 

  64. 				return err
    65. 

  65. 			}
    66. 

  66. 

  67. 			return c.JSON(http.StatusOK, newTokenPair)
    68. 

  68. 		}
    69. 

  69. 

  70. 		return echo.ErrUnauthorized
    71. 

  71. 	}
    72. 

  72. 

  73. 	return err
    74. 

  74. }
    75. 

  75. 

  76. // Most of the code is taken from the echo guide
    77. 

  77. // https://echo.labstack.com/cookbook/jwt
    78. 

  78. func (h *handler) private(c echo.Context) error {
    79. 

  79. 	user := c.Get("user").(*jwt.Token)
    80. 

  80. 	claims := user.Claims.(jwt.MapClaims)
    81. 

  81. 	name := claims["name"].(string)
    82. 

  82. 	return c.String(http.StatusOK, "Welcome "+name+"!")
    83. 

  83. }
    84.