mirror of
https://github.com/mainflux/mainflux.git
synced 2025-05-02 22:17:10 +08:00
0ab627730f
* user service - wraping errors Signed-off-by: Ivan Milošević <iva@blokovi.com> * wrapping more errors unwrap only wrapped errors Signed-off-by: Ivan Milošević <iva@blokovi.com> * Add internal database error Wrap internal database error Signed-off-by: Ivan Milošević <iva@blokovi.com> * Wrap user not found error Signed-off-by: Ivan Milošević <iva@blokovi.com> * Wrapping errors in idp and hasher Signed-off-by: Ivan Milošević <iva@blokovi.com> * Use error.Is for testing errors in Identify test Signed-off-by: Ivan Milošević <iva@blokovi.com> * Get wraper from wrapped errors Signed-off-by: Ivan Milošević <iva@blokovi.com> * Switch order of wrapping errors Remove dead code (comments) Signed-off-by: Ivan Milošević <iva@blokovi.com> * assert true in tests Signed-off-by: Ivan Milošević <iva@blokovi.com> * Change comparing errors in tests (assert.True) Signed-off-by: Ivan Milošević <iva@blokovi.com> * Add errorRes structure to API responses in body in things service Signed-off-by: Ivan Milošević <iva@blokovi.com> * resolve conflicts after rebasing Signed-off-by: Ivan Milošević <iva@blokovi.com> * Create errors package Signed-off-by: Ivan Milošević <iva@blokovi.com> * implement new errors package Signed-off-by: Ivan Milošević <iva@blokovi.com> * Modify tests Signed-off-by: Ivan Milošević <iva@blokovi.com> * return copyright comments Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove changes from .gitignore Signed-off-by: Ivan Milošević <iva@blokovi.com> * Move logging to encode errors Comment exported vars and methods Formatting Signed-off-by: Ivan Milošević <iva@blokovi.com> * Login function returns errors.Error Signed-off-by: Ivan Milošević <iva@blokovi.com> * Modify login tests to meet login returning errors.Error Signed-off-by: Ivan Milošević <iva@blokovi.com> * Error interface Signed-off-by: Ivan Milošević <iva@blokovi.com> * Change parameter in Wrapper to interface Error Signed-off-by: Ivan Milošević <iva@blokovi.com> * implement new error interface Signed-off-by: Ivan Milošević <iva@blokovi.com> * Modify tests to use new Error interface Signed-off-by: Ivan Milošević <iva@blokovi.com> * Fix Login Signed-off-by: Ivan Milošević <iva@blokovi.com> * Remove unnecessary errir casting Signed-off-by: Ivan Milošević <iva@blokovi.com> * new error interface implementation Signed-off-by: Ivan Milošević <iva@blokovi.com> * check if Error is empty in registrationEndpoint Signed-off-by: Ivan Milošević <iva@blokovi.com> * Add Empty factory function Use new Empty factory function Use isEmpty method Signed-off-by: Ivan Milošević <iva@blokovi.com> * Lose else in encodeError Signed-off-by: Ivan Milošević <iva@blokovi.com> * Modify tests Signed-off-by: Ivan Milošević <iva@blokovi.com> * Remove *json.UnmarshalTypeError and *json.SyntaxError types from encodeError type switch Signed-off-by: Ivan Milošević <iva@blokovi.com> * Fix nil error value in jwtIdentityProvider Signed-off-by: Ivan Milošević <iva@blokovi.com> * Fix gprc to use new error package Signed-off-by: Ivan Milošević <iva@blokovi.com> * rename receiver in errors package grpc errors Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove debugging code Signed-off-by: Ivan Milošević <iva@blokovi.com> * Resolving conflicts after rebase Signed-off-by: Ivan Milošević <iva@blokovi.com> * Remove comment Signed-off-by: Ivan Milošević <iva@blokovi.com> * Remove Empty from custom error Implement custom error on new methods Signed-off-by: Ivan Milošević <iva@blokovi.com> * WIP tests Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove wrap from Error interface Signed-off-by: Ivan Milošević <iva@blokovi.com> * password-change related tests remove debug code Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove dead code Signed-off-by: Ivan Milošević <iva@blokovi.com> * Move all errors casting to errors package Signed-off-by: Ivan Milošević <iva@blokovi.com> * Fix comment in error package Signed-off-by: Ivan Milošević <iva@blokovi.com> * Change struct pointer to interface in package methods Signed-off-by: Ivan Milošević <iva@blokovi.com> * resolving reviews Signed-off-by: Ivan Milošević <iva@blokovi.com> * fix return in database.go Signed-off-by: Ivan Milošević <iva@blokovi.com> * Fix copyright header Signed-off-by: Ivan Milošević <iva@blokovi.com> * Fix comment in hasher Signed-off-by: Ivan Milošević <iva@blokovi.com>
76 lines
1.7 KiB
Go
76 lines
1.7 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Package jwt provides a JWT identity provider.
|
|
package jwt
|
|
|
|
import (
|
|
"time"
|
|
|
|
jwt "github.com/dgrijalva/jwt-go"
|
|
"github.com/mainflux/mainflux/errors"
|
|
"github.com/mainflux/mainflux/users"
|
|
)
|
|
|
|
const (
|
|
issuer string = "mainflux"
|
|
duration time.Duration = 10 * time.Hour
|
|
)
|
|
|
|
var _ users.IdentityProvider = (*jwtIdentityProvider)(nil)
|
|
|
|
type jwtIdentityProvider struct {
|
|
secret string
|
|
}
|
|
|
|
// New instantiates a JWT identity provider.
|
|
func New(secret string) users.IdentityProvider {
|
|
return &jwtIdentityProvider{secret}
|
|
}
|
|
|
|
func (idp *jwtIdentityProvider) TemporaryKey(id string) (string, errors.Error) {
|
|
now := time.Now().UTC()
|
|
exp := now.Add(duration)
|
|
|
|
claims := jwt.StandardClaims{
|
|
Subject: id,
|
|
Issuer: issuer,
|
|
IssuedAt: now.Unix(),
|
|
ExpiresAt: exp.Unix(),
|
|
}
|
|
|
|
return idp.jwt(claims)
|
|
}
|
|
|
|
func (idp *jwtIdentityProvider) Identity(key string) (string, errors.Error) {
|
|
token, err := jwt.Parse(key, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, users.ErrUnauthorizedAccess
|
|
}
|
|
|
|
return []byte(idp.secret), nil
|
|
})
|
|
|
|
if err != nil {
|
|
return "", errors.Wrap(users.ErrUnauthorizedAccess, err)
|
|
|
|
}
|
|
|
|
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
|
if sub := claims["sub"]; sub != nil {
|
|
return sub.(string), nil
|
|
}
|
|
}
|
|
|
|
return "", users.ErrUnauthorizedAccess
|
|
}
|
|
|
|
func (idp *jwtIdentityProvider) jwt(claims jwt.StandardClaims) (string, errors.Error) {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
tok, err := token.SignedString([]byte(idp.secret))
|
|
if err != nil {
|
|
return tok, errors.Wrap(users.ErrGetToken, err)
|
|
}
|
|
return tok, nil
|
|
}
|