diff options
| author | Vidhu Kant Sharma <vidhukant@vidhukant.xyz> | 2023-01-29 20:11:09 +0530 |
|---|---|---|
| committer | Vidhu Kant Sharma <vidhukant@vidhukant.xyz> | 2023-01-29 20:11:09 +0530 |
| commit | ac7aa8c6e95023def1eba7615d8a42ad52271500 (patch) | |
| tree | b3477a9d3ae39244a759b19fe42e7d3bccbda38d /util | |
| parent | 0607478f1e4c86619a606af7876a6625e859ee1a (diff) | |
checking password before editing/deleting user
Diffstat (limited to 'util')
| -rw-r--r-- | util/authorize.go (renamed from util/jwt_middleware.go) | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/util/jwt_middleware.go b/util/authorize.go index ce8c20a..ca6660e 100644 --- a/util/jwt_middleware.go +++ b/util/authorize.go @@ -18,12 +18,14 @@ package util import ( - "github.com/golang-jwt/jwt/v4" "github.com/gin-gonic/gin" + "github.com/golang-jwt/jwt/v4" "net/http" + "time" ) var accessSecret []byte + func init() { conf := GetConfig().Crypto accessSecret = []byte(conf.AccessTokenSecret) @@ -39,13 +41,28 @@ func Authorize() gin.HandlerFunc { if err != nil { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "access token expired"}) } else { - ctx.Set("userId", token.Claims.(*jwt.StandardClaims).Issuer) - ctx.Next() + ctx.Set("userId", token.Claims.(*jwt.StandardClaims).Issuer) + ctx.Next() } } else { - // invalid Authorization header - ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "not logged in"}) + // invalid Authorization header + ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "not logged in"}) } } } + +// generate new access token +func newAccessToken(userId string) (string, error) { + claims := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{ + Issuer: userId, + ExpiresAt: time.Now().Add(time.Second * 15).Unix(), + }) + + token, err := claims.SignedString(accessSecret) + if err != nil { + return "", err + } + + return token, nil +} |