go/echo
go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-01-12 01:22:21 +02:00
Code Issues Releases Activity

Closes #631

Browse Source
This commit is contained in:
matcornic 2016-08-20 17:59:36 +02:00
parent ad8f0dd012
commit 2557d33c4b
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
middleware/jwt.go
View File

@ -35,6 +35,10 @@ type (
// - "header:<name>" // - "header:<name>"
// - "query:<name>" // - "query:<name>"
TokenLookup string `json:"token_lookup"` TokenLookup string `json:"token_lookup"`
// Claims are extendable claims data defining token content.
// Optional. Default value jwt.MapClaims
Claims jwt.Claims
} }
jwtExtractor func(echo.Context) (string, error) jwtExtractor func(echo.Context) (string, error)
@ -56,6 +60,7 @@ var (
SigningMethod: AlgorithmHS256, SigningMethod: AlgorithmHS256,
ContextKey: "user", ContextKey: "user",
TokenLookup: "header:" + echo.HeaderAuthorization, TokenLookup: "header:" + echo.HeaderAuthorization,
Claims: jwt.MapClaims{},
} }
) )
@ -91,6 +96,9 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
if config.TokenLookup == "" { if config.TokenLookup == "" {
config.TokenLookup = DefaultJWTConfig.TokenLookup config.TokenLookup = DefaultJWTConfig.TokenLookup
} }
if config.Claims == nil {
config.Claims = DefaultJWTConfig.Claims
}
// Initialize // Initialize
parts := strings.Split(config.TokenLookup, ":") parts := strings.Split(config.TokenLookup, ":")
@ -110,7 +118,7 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
if err != nil { if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err.Error()) return echo.NewHTTPError(http.StatusBadRequest, err.Error())
} }
token, err := jwt.Parse(auth, func(t *jwt.Token) (interface{}, error) { token, err := jwt.ParseWithClaims(auth, config.Claims, func(t *jwt.Token) (interface{}, error) {
// Check the signing method // Check the signing method
if t.Method.Alg() != config.SigningMethod { if t.Method.Alg() != config.SigningMethod {
return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"]) return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])

26
middleware/jwt_test.go
View File

@ -10,6 +10,18 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
// CustomInfo defines some custom types we're going to use within our tokens
type CustomInfo struct {
Name string `json:"name"`
Admin bool `json:"admin"`
}
// MyCustomClaims are custom claims expanding default ones
type MyCustomClaims struct {
*jwt.StandardClaims
CustomInfo
}
func TestJWT(t *testing.T) { func TestJWT(t *testing.T) {
e := echo.New() e := echo.New()
req := test.NewRequest(echo.GET, "/", nil) req := test.NewRequest(echo.GET, "/", nil)
@ -49,9 +61,23 @@ func TestJWT(t *testing.T) {
assert.Equal(t, claims["name"], "John Doe") assert.Equal(t, claims["name"], "John Doe")
} }
// Valid JWT with custom claims
config = JWTConfig{
Claims: &MyCustomClaims{},
SigningKey: []byte("secret"),
}
h = JWTWithConfig(config)(handler)
if assert.NoError(t, h(c)) {
user := c.Get("user").(*jwt.Token)
claims := user.Claims.(*MyCustomClaims)
assert.Equal(t, claims.Name, "John Doe")
assert.Equal(t, claims.Admin, true)
}
// Invalid Authorization header // Invalid Authorization header
req.Header().Set(echo.HeaderAuthorization, "invalid-auth") req.Header().Set(echo.HeaderAuthorization, "invalid-auth")
h = JWT([]byte("secret"))(handler) h = JWT([]byte("secret"))(handler)
he = h(c).(*echo.HTTPError) he = h(c).(*echo.HTTPError)
assert.Equal(t, http.StatusBadRequest, he.Code) assert.Equal(t, http.StatusBadRequest, he.Code)
} }