echo/middleware/auth.go

package middleware

import (
	"encoding/base64"
	"errors"
	"strings"

	"github.com/dgrijalva/jwt-go"
	"github.com/labstack/bolt"
)

type (
	BasicAuthFunc       func(usr, pwd string) bool
	AuthorizedHandler   bolt.HandlerFunc
	UnauthorizedHandler func(c *bolt.Context, err error)
	JwtKeyFunc          func(kid string) ([]byte, error)
	Claims              map[string]interface{}
)

var (
	ErrBasicAuth = errors.New("bolt: basic auth error")
	ErrJwtAuth   = errors.New("bolt: jwt auth error")
)

func BasicAuth(ah AuthorizedHandler, uah UnauthorizedHandler, fn BasicAuthFunc) bolt.HandlerFunc {
	return func(c *bolt.Context) {
		auth := strings.Fields(c.Request.Header.Get("Authorization"))
		if len(auth) == 2 {
			scheme := auth[0]
			s, err := base64.StdEncoding.DecodeString(auth[1])
			if err != nil {
				uah(c, err)
				return
			}
			cred := strings.Split(string(s), ":")
			if scheme == "Basic" && len(cred) == 2 {
				if ok := fn(cred[0], cred[1]); ok {
					ah(c)
					return
				}
			}
		}
		uah(c, ErrBasicAuth)
	}
}

func JwtAuth(ah AuthorizedHandler, uah UnauthorizedHandler, fn JwtKeyFunc) bolt.HandlerFunc {
	return func(c *bolt.Context) {
		auth := strings.Fields(c.Request.Header.Get("Authorization"))
		if len(auth) == 2 {
			t, err := jwt.Parse(auth[1], func(token *jwt.Token) (interface{}, error) {
				if kid := token.Header["kid"]; kid != nil {
					return fn(kid.(string))
				}
				return fn("")
			})
			if t.Valid {
				c.Set("claims", Claims(t.Claims))
				ah(c)
				c.Next()
			} else {
				// TODO: capture errors
				uah(c, err)
			}
			return
		}
		uah(c, ErrJwtAuth)
	}
}
initial commit Signed-off-by: Vishal Rana <vr@labstack.com> 2015-03-01 09:45:13 -08:00			`package middleware`

			`import (`
			`"encoding/base64"`
			`"errors"`
			`"strings"`

			`"github.com/dgrijalva/jwt-go"`
			`"github.com/labstack/bolt"`
			`)`

			`type (`
			`BasicAuthFunc func(usr, pwd string) bool`
			`AuthorizedHandler bolt.HandlerFunc`
			`UnauthorizedHandler func(c *bolt.Context, err error)`
			`JwtKeyFunc func(kid string) ([]byte, error)`
			`Claims map[string]interface{}`
			`)`

			`var (`
			`ErrBasicAuth = errors.New("bolt: basic auth error")`
			`ErrJwtAuth = errors.New("bolt: jwt auth error")`
			`)`

			`func BasicAuth(ah AuthorizedHandler, uah UnauthorizedHandler, fn BasicAuthFunc) bolt.HandlerFunc {`
			`return func(c *bolt.Context) {`
			`auth := strings.Fields(c.Request.Header.Get("Authorization"))`
			`if len(auth) == 2 {`
			`scheme := auth[0]`
			`s, err := base64.StdEncoding.DecodeString(auth[1])`
			`if err != nil {`
			`uah(c, err)`
			`return`
			`}`
			`cred := strings.Split(string(s), ":")`
			`if scheme == "Basic" && len(cred) == 2 {`
			`if ok := fn(cred[0], cred[1]); ok {`
			`ah(c)`
			`return`
			`}`
			`}`
			`}`
			`uah(c, ErrBasicAuth)`
			`}`
			`}`

			`func JwtAuth(ah AuthorizedHandler, uah UnauthorizedHandler, fn JwtKeyFunc) bolt.HandlerFunc {`
			`return func(c *bolt.Context) {`
			`auth := strings.Fields(c.Request.Header.Get("Authorization"))`
			`if len(auth) == 2 {`
			`t, err := jwt.Parse(auth[1], func(token *jwt.Token) (interface{}, error) {`
			`if kid := token.Header["kid"]; kid != nil {`
			`return fn(kid.(string))`
			`}`
			`return fn("")`
			`})`
			`if t.Valid {`
			`c.Set("claims", Claims(t.Claims))`
			`ah(c)`
			`c.Next()`
			`} else {`
			`// TODO: capture errors`
			`uah(c, err)`
			`}`
			`return`
			`}`
			`uah(c, ErrJwtAuth)`
			`}`
			`}`