1
0
mirror of https://github.com/labstack/echo.git synced 2024-12-24 20:14:31 +02:00

JWT middleware has been changed from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt` due former library being unmaintained and having security

issues.
NOTE: `golang-jwt/jwt` now only supports last 2 Go releases. So 1.15+
For detailed information please read https://github.com/labstack/echo/discussions/1940
This commit is contained in:
toimtoimtoim 2021-08-01 11:12:23 +03:00 committed by Martti T
parent 58366f93e6
commit 647af2acec
4 changed files with 11 additions and 7 deletions

2
go.mod
View File

@ -3,7 +3,7 @@ module github.com/labstack/echo/v4
go 1.15 go 1.15
require ( require (
github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/labstack/gommon v0.3.0 github.com/labstack/gommon v0.3.0
github.com/mattn/go-colorable v0.1.8 // indirect github.com/mattn/go-colorable v0.1.8 // indirect
github.com/stretchr/testify v1.4.0 github.com/stretchr/testify v1.4.0

4
go.sum
View File

@ -1,7 +1,7 @@
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/labstack/gommon v0.3.0 h1:JEeO0bvc78PKdyHxloTKiF8BD5iGrH8T6MSeGvSgob0= github.com/labstack/gommon v0.3.0 h1:JEeO0bvc78PKdyHxloTKiF8BD5iGrH8T6MSeGvSgob0=
github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=

View File

@ -1,3 +1,5 @@
// +build go1.15
package middleware package middleware
import ( import (
@ -7,7 +9,7 @@ import (
"reflect" "reflect"
"strings" "strings"
"github.com/dgrijalva/jwt-go" "github.com/golang-jwt/jwt"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
) )
@ -88,7 +90,7 @@ type (
// ParseTokenFunc defines a user-defined function that parses token from given auth. Returns an error when token // ParseTokenFunc defines a user-defined function that parses token from given auth. Returns an error when token
// parsing fails or parsed token is invalid. // parsing fails or parsed token is invalid.
// Defaults to implementation using `github.com/dgrijalva/jwt-go` as JWT implementation library // Defaults to implementation using `github.com/golang-jwt/jwt` as JWT implementation library
ParseTokenFunc func(auth string, c echo.Context) (interface{}, error) ParseTokenFunc func(auth string, c echo.Context) (interface{}, error)
} }

View File

@ -1,3 +1,5 @@
// +build go1.15
package middleware package middleware
import ( import (
@ -9,7 +11,7 @@ import (
"strings" "strings"
"testing" "testing"
"github.com/dgrijalva/jwt-go" "github.com/golang-jwt/jwt"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -562,7 +564,7 @@ func TestJWTConfig_custom_ParseTokenFunc_Keyfunc(t *testing.T) {
return c.String(http.StatusTeapot, "test") return c.String(http.StatusTeapot, "test")
}) })
// example of minimal custom ParseTokenFunc implementation. Allows you to use different versions of `github.com/dgrijalva/jwt-go` // example of minimal custom ParseTokenFunc implementation. Allows you to use different versions of `github.com/golang-jwt/jwt`
// with current JWT middleware // with current JWT middleware
signingKey := []byte("secret") signingKey := []byte("secret")