summaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
Diffstat (limited to 'util')
-rw-r--r--util/jwt_middleware.go51
1 files changed, 51 insertions, 0 deletions
diff --git a/util/jwt_middleware.go b/util/jwt_middleware.go
new file mode 100644
index 0000000..ce8c20a
--- /dev/null
+++ b/util/jwt_middleware.go
@@ -0,0 +1,51 @@
+/* OpenBills-server - Server for libre billing software OpenBills-web
+ * Copyright (C) 2022 Vidhu Kant Sharma <vidhukant@vidhukant.xyz>
+
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package util
+
+import (
+ "github.com/golang-jwt/jwt/v4"
+ "github.com/gin-gonic/gin"
+ "net/http"
+)
+
+var accessSecret []byte
+func init() {
+ conf := GetConfig().Crypto
+ accessSecret = []byte(conf.AccessTokenSecret)
+}
+
+func Authorize() gin.HandlerFunc {
+ return func(ctx *gin.Context) {
+ tokenHeader := ctx.Request.Header["Authorization"]
+ if tokenHeader != nil {
+ token, err := jwt.ParseWithClaims(tokenHeader[0], &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
+ return []byte(accessSecret), nil
+ })
+ if err != nil {
+ ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "access token expired"})
+ } else {
+ ctx.Set("userId", token.Claims.(*jwt.StandardClaims).Issuer)
+ ctx.Next()
+ }
+ } else {
+ // invalid Authorization header
+ ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"message": "not logged in"})
+ }
+
+ }
+}