|
|
@ -2,6 +2,7 @@ package handler
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"context"
|
|
|
|
|
|
|
|
"errors"
|
|
|
|
"net/http"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httputil"
|
|
|
|
"net/http/httputil"
|
|
|
|
|
|
|
|
|
|
|
@ -12,13 +13,19 @@ import (
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
const (
|
|
|
|
jwtAudience = "aud"
|
|
|
|
jwtAudience = "aud"
|
|
|
|
jwtExpire = "exp"
|
|
|
|
jwtExpire = "exp"
|
|
|
|
jwtId = "jti"
|
|
|
|
jwtId = "jti"
|
|
|
|
jwtIssueAt = "iat"
|
|
|
|
jwtIssueAt = "iat"
|
|
|
|
jwtIssuer = "iss"
|
|
|
|
jwtIssuer = "iss"
|
|
|
|
jwtNotBefore = "nbf"
|
|
|
|
jwtNotBefore = "nbf"
|
|
|
|
jwtSubject = "sub"
|
|
|
|
jwtSubject = "sub"
|
|
|
|
|
|
|
|
noDetailReason = "no detail reason"
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
|
|
|
errInvalidToken = errors.New("invalid auth token")
|
|
|
|
|
|
|
|
errNoClaims = errors.New("no auth params")
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type (
|
|
|
|
type (
|
|
|
@ -47,13 +54,13 @@ func Authorize(secret string, opts ...AuthorizeOption) func(http.Handler) http.H
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if !token.Valid {
|
|
|
|
if !token.Valid {
|
|
|
|
unauthorized(w, r, err, authOpts.Callback)
|
|
|
|
unauthorized(w, r, errInvalidToken, authOpts.Callback)
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
|
|
if !ok {
|
|
|
|
if !ok {
|
|
|
|
unauthorized(w, r, err, authOpts.Callback)
|
|
|
|
unauthorized(w, r, errNoClaims, authOpts.Callback)
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -93,10 +100,15 @@ func detailAuthLog(r *http.Request, reason string) {
|
|
|
|
func unauthorized(w http.ResponseWriter, r *http.Request, err error, callback UnauthorizedCallback) {
|
|
|
|
func unauthorized(w http.ResponseWriter, r *http.Request, err error, callback UnauthorizedCallback) {
|
|
|
|
writer := newGuardedResponseWriter(w)
|
|
|
|
writer := newGuardedResponseWriter(w)
|
|
|
|
|
|
|
|
|
|
|
|
detailAuthLog(r, err.Error())
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
detailAuthLog(r, err.Error())
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
detailAuthLog(r, noDetailReason)
|
|
|
|
|
|
|
|
}
|
|
|
|
if callback != nil {
|
|
|
|
if callback != nil {
|
|
|
|
callback(writer, r, err)
|
|
|
|
callback(writer, r, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
writer.WriteHeader(http.StatusUnauthorized)
|
|
|
|
writer.WriteHeader(http.StatusUnauthorized)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|