Categorygithub.com/deeper-x/gojwt
modulepackage
0.5.3
Repository: https://github.com/deeper-x/gojwt.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
4
Dependents
0
Files
163 SLOC

# README

GOJWT

installation:

go get -v github.com/deeper-x/gojwt

Implementation example:

func main() {
	http.HandleFunc("/signin", Login)
	http.HandleFunc("/protected_content", ProtectedContent)
	http.HandleFunc("/renew", Renew)

	log.Println("Running server...")
	log.Fatal(http.ListenAndServe(":8000", nil))
}

// Login index login, with username and password in the body of a GET request
func Login(w http.ResponseWriter, req *http.Request) {
	jsess := gojwt.NewJWTSess(w, req)

	var creds gojwt.Credentials

	err := json.NewDecoder(jsess.Req.Body).Decode(&creds)
	if err != nil {
		log.Println(err)
		jsess.RW.WriteHeader(http.StatusBadRequest)
		return
	}

	// check fake credentials
	expectedPassword := "password1"

	if expectedPassword != creds.Password {
		jsess.RW.WriteHeader(http.StatusUnauthorized)
		return
	}

	// client registration, with username registration and token expiration in 10 minutes
	token, err := jsess.Register(creds.Username, 10)

	if err != nil {
		log.Println(err)
		w.WriteHeader(http.StatusInternalServerError)
		return
	}

	// success
	w.WriteHeader(http.StatusOK)
	w.Write([]byte(token))
	log.Println("Token assigned", time.Now())
}

// ProtectedContent is the registered-users-only content
func ProtectedContent(w http.ResponseWriter, req *http.Request) {
	jsess := gojwt.NewJWTSess(w, req)

	ok, sts := jsess.IsAuth()
	if sts.Error != nil {
		log.Println(sts.Message)
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	if !ok {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	w.WriteHeader(http.StatusOK)
	w.Write([]byte("WELCOME, THIS IS A SECRET CONTENT\n\n"))
}

// Renew ask for a new token, if available
func Renew(w http.ResponseWriter, req *http.Request) {
	jsess := gojwt.NewJWTSess(w, req)

	token, sts := jsess.Renew()
	if sts.Error != nil {
		log.Println(sts.Message)

		// no token released
		w.WriteHeader(http.StatusInternalServerError)
		return
	}

	if sts.Code != gojwt.SUCCESS {
		w.WriteHeader(http.StatusBadRequest)
		w.Write([]byte(sts.Message))
		return
	}

	// token released
	w.WriteHeader(http.StatusOK)
	w.Write([]byte(token))
}

Client example:

# registration
curl --location --request GET 'http://127.0.0.1:8000/signin' --header 'Content-Type: text/plain' --data-raw '{"username": "user1", "password": "password1"}'

# accessing *protected* content
curl --location --request GET 'http://127.0.0.1:8000/protected_content' --header 'Cookie: token=<YOUR_TOKEN>'

# renew
curl --location --request GET 'http://127.0.0.1:8000/refresh' --header 'Cookie: token=<YOUR_TOKEN>'

# Functions

NewJWTSess is the JWTSess builder.
TokenIsValid checks if the token is valid.

# Constants

INVALIDTKN invalid token.
RENEWMINS is the minutes window token can be updated.
SUCCESS is the OK code.
SYSERR is the generic internal server error.
TKNBROKEN token invalid/broken.
TKNSTILLVALID token is still valid.

# Structs

Claims is a struct that contains the custom claims of the token.
Credentials is a struct user to map the username and password to the request body.
JWTSess is the object used for session management.