diff --git a/README.md b/README.md index 4dbf98a4..eb6dbaa2 100644 --- a/README.md +++ b/README.md @@ -239,7 +239,7 @@ Middleware | Description [Recover](https://labstack.com/echo/guide/recover-middleware) | Recover from panics [Gzip](https://labstack.com/echo/guide/gzip-middleware) | Send gzip HTTP response [BasicAuth](https://labstack.com/echo/guide/basic-auth-middleware) | HTTP basic authentication -[JWTAuth](https://labstack.com/echo/guide/jwt-auth-middleware) | JWT authentication +[JWTAuth](https://labstack.com/echo/guide/jwt-middleware) | JWT authentication [Secure](https://labstack.com/echo/guide/secure-middleware) | Protection against attacks [CORS](https://labstack.com/echo/guide/cors-middleware) | Cross-Origin Resource Sharing [Static](https://labstack.com/echo/guide/static-middleware) | Serve static files diff --git a/middleware/jwt_auth.go b/middleware/jwt.go similarity index 80% rename from middleware/jwt_auth.go rename to middleware/jwt.go index 7cdc7be9..7a792e20 100644 --- a/middleware/jwt_auth.go +++ b/middleware/jwt.go @@ -9,8 +9,8 @@ import ( ) type ( - // JWTAuthConfig defines the config for JWT auth middleware. - JWTAuthConfig struct { + // JWTConfig defines the config for JWT auth middleware. + JWTConfig struct { // SigningKey is the key to validate token. // Required. SigningKey []byte @@ -44,42 +44,42 @@ const ( ) var ( - // DefaultJWTAuthConfig is the default JWT auth middleware config. - DefaultJWTAuthConfig = JWTAuthConfig{ + // DefaultJWTConfig is the default JWT auth middleware config. + DefaultJWTConfig = JWTConfig{ SigningMethod: AlgorithmHS256, ContextKey: "user", Extractor: JWTFromHeader, } ) -// JWTAuth returns a JSON Web Token (JWT) auth middleware. +// JWT returns a JSON Web Token (JWT) auth middleware. // // For valid token, it sets the user in context and calls next handler. // For invalid token, it sends "401 - Unauthorized" response. // For empty or invalid `Authorization` header, it sends "400 - Bad Request". // // See https://jwt.io/introduction -func JWTAuth(key []byte) echo.MiddlewareFunc { - c := DefaultJWTAuthConfig +func JWT(key []byte) echo.MiddlewareFunc { + c := DefaultJWTConfig c.SigningKey = key - return JWTAuthWithConfig(c) + return JWTWithConfig(c) } -// JWTAuthWithConfig returns a JWT auth middleware from config. -// See `JWTAuth()`. -func JWTAuthWithConfig(config JWTAuthConfig) echo.MiddlewareFunc { +// JWTWithConfig returns a JWT auth middleware from config. +// See `JWT()`. +func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc { // Defaults if config.SigningKey == nil { panic("jwt middleware requires signing key") } if config.SigningMethod == "" { - config.SigningMethod = DefaultJWTAuthConfig.SigningMethod + config.SigningMethod = DefaultJWTConfig.SigningMethod } if config.ContextKey == "" { - config.ContextKey = DefaultJWTAuthConfig.ContextKey + config.ContextKey = DefaultJWTConfig.ContextKey } if config.Extractor == nil { - config.Extractor = DefaultJWTAuthConfig.Extractor + config.Extractor = DefaultJWTConfig.Extractor } return func(next echo.HandlerFunc) echo.HandlerFunc { diff --git a/middleware/jwt_auth_test.go b/middleware/jwt_test.go similarity index 84% rename from middleware/jwt_auth_test.go rename to middleware/jwt_test.go index 23ec6635..5debc969 100644 --- a/middleware/jwt_auth_test.go +++ b/middleware/jwt_test.go @@ -10,7 +10,7 @@ import ( "github.com/stretchr/testify/assert" ) -func TestJWTAuth(t *testing.T) { +func TestJWT(t *testing.T) { e := echo.New() req := test.NewRequest(echo.GET, "/", nil) res := test.NewResponseRecorder() @@ -18,18 +18,18 @@ func TestJWTAuth(t *testing.T) { handler := func(c echo.Context) error { return c.String(http.StatusOK, "test") } - config := JWTAuthConfig{} + config := JWTConfig{} token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ" // No signing key provided assert.Panics(t, func() { - JWTAuthWithConfig(config) + JWTWithConfig(config) }) // Unexpected signing method config.SigningKey = []byte("secret") config.SigningMethod = "RS256" - h := JWTAuthWithConfig(config)(handler) + h := JWTWithConfig(config)(handler) he := h(c).(*echo.HTTPError) assert.Equal(t, http.StatusBadRequest, he.Code) @@ -37,12 +37,12 @@ func TestJWTAuth(t *testing.T) { auth := bearer + " " + token req.Header().Set(echo.HeaderAuthorization, auth) config.SigningKey = []byte("invalid-key") - h = JWTAuthWithConfig(config)(handler) + h = JWTWithConfig(config)(handler) he = h(c).(*echo.HTTPError) assert.Equal(t, http.StatusUnauthorized, he.Code) // Valid JWT - h = JWTAuth([]byte("secret"))(handler) + h = JWT([]byte("secret"))(handler) if assert.NoError(t, h(c)) { user := c.Get("user").(*jwt.Token) assert.Equal(t, user.Claims["name"], "John Doe") @@ -50,7 +50,7 @@ func TestJWTAuth(t *testing.T) { // Invalid Authorization header req.Header().Set(echo.HeaderAuthorization, "invalid-auth") - h = JWTAuth([]byte("secret"))(handler) + h = JWT([]byte("secret"))(handler) he = h(c).(*echo.HTTPError) assert.Equal(t, http.StatusBadRequest, he.Code) }