Dropped custom error handler for jwt, closes #589, closes ##591

Signed-off-by: Vishal Rana <vr@labstack.com>
2025-07-15 01:34:53 +02:00 · 2016-08-27 10:52:35 -07:00
parent 4187265fa4 a8b48af608
commit bc7b992d23
2 changed files with 172 additions and 57 deletions
--- a/middleware/jwt.go
+++ b/middleware/jwt.go
@ -38,6 +38,7 @@ type (
 		// Possible values:
 		// - "header:<name>"
 		// - "query:<name>"
+		// - "cookie:<name>"
 		TokenLookup string `json:"token_lookup"`
 	}

@ -67,10 +68,11 @@ var (
 // JWT returns a JSON Web Token (JWT) auth middleware.
 //
 // For valid token, it sets the user in context and calls next handler.
-// For invalid token, it sends "401 - Unauthorized" response.
+// For invalid token, it returns "401 - Unauthorized" error.
 // For empty or invalid `Authorization` header, it sends "400 - Bad Request".
 //
 // See: https://jwt.io/introduction
+// See `JWTConfig.TokenLookup`
 func JWT(key []byte) echo.MiddlewareFunc {
 	c := DefaultJWTConfig
 	c.SigningKey = key
@ -93,12 +95,12 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
 	if config.ContextKey == "" {
 		config.ContextKey = DefaultJWTConfig.ContextKey
 	}
-	if config.TokenLookup == "" {
-		config.TokenLookup = DefaultJWTConfig.TokenLookup
-	}
 	if config.Claims == nil {
 		config.Claims = DefaultJWTConfig.Claims
 	}
+	if config.TokenLookup == "" {
+		config.TokenLookup = DefaultJWTConfig.TokenLookup
+	}

 	// Initialize
 	parts := strings.Split(config.TokenLookup, ":")
@ -106,6 +108,8 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
 	switch parts[0] {
 	case "query":
 		extractor = jwtFromQuery(parts[1])
+	case "cookie":
+		extractor = jwtFromCookie(parts[1])
 	}

 	return func(next echo.HandlerFunc) echo.HandlerFunc {
@ -136,8 +140,7 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
 	}
 }

-// jwtFromHeader returns a `jwtExtractor` that extracts token from the provided
-// request header.
+// jwtFromHeader returns a `jwtExtractor` that extracts token from request header.
 func jwtFromHeader(header string) jwtExtractor {
 	return func(c echo.Context) (string, error) {
 		auth := c.Request().Header().Get(header)
@ -145,18 +148,29 @@ func jwtFromHeader(header string) jwtExtractor {
 		if len(auth) > l+1 && auth[:l] == bearer {
 			return auth[l+1:], nil
 		}
-		return "", errors.New("empty or invalid jwt in authorization header")
+		return "", errors.New("empty or invalid jwt in request header")
 	}
 }

-// jwtFromQuery returns a `jwtExtractor` that extracts token from the provided query
-// parameter.
+// jwtFromQuery returns a `jwtExtractor` that extracts token from query string.
 func jwtFromQuery(param string) jwtExtractor {
 	return func(c echo.Context) (string, error) {
 		token := c.QueryParam(param)
+		var err error
 		if token == "" {
-			return "", errors.New("empty jwt in query param")
+			return "", errors.New("empty jwt in query string")
 		}
-		return token, nil
+		return token, err
+	}
+}
+
+// jwtFromCookie returns a `jwtExtractor` that extracts token from named cookie.
+func jwtFromCookie(name string) jwtExtractor {
+	return func(c echo.Context) (string, error) {
+		cookie, err := c.Cookie(name)
+		if err != nil {
+			return "", errors.New("empty jwt in cookie")
+		}
+		return cookie.Value(), nil
 	}
 }