mirror of
https://github.com/raseels-repos/golang-saas-starter-kit.git
synced 2025-06-06 23:46:29 +02:00
137 lines
3.5 KiB
Go
137 lines
3.5 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"time"
|
|
|
|
jwt "github.com/dgrijalva/jwt-go"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// These are the expected values for Claims.Roles.
|
|
const (
|
|
RoleAdmin = "admin"
|
|
RoleUser = "user"
|
|
)
|
|
|
|
// ctxKey represents the type of value for the context key.
|
|
type ctxKey int
|
|
|
|
// Key is used to store/retrieve a Claims value from a context.Context.
|
|
const Key ctxKey = 1
|
|
|
|
// Claims represents the authorization claims transmitted via a JWT.
|
|
type Claims struct {
|
|
RootUserID string `json:"root_user_id"`
|
|
RootAccountID string `json:"root_account_id"`
|
|
AccountIDs []string `json:"accounts"`
|
|
Roles []string `json:"roles"`
|
|
Preferences ClaimPreferences `json:"prefs"`
|
|
jwt.StandardClaims
|
|
}
|
|
|
|
// ClaimPreferences defines preferences for the user.
|
|
type ClaimPreferences struct {
|
|
Timezone string `json:"timezone"`
|
|
DatetimeFormat string `json:"pref_datetime_format"`
|
|
DateFormat string `json:"pref_date_format"`
|
|
TimeFormat string `json:"pref_time_format"`
|
|
tz *time.Location
|
|
}
|
|
|
|
// NewClaims constructs a Claims value for the identified user. The Claims
|
|
// expire within a specified duration of the provided time. Additional fields
|
|
// of the Claims can be set after calling NewClaims is desired.
|
|
func NewClaims(userID, accountID string, accountIDs []string, roles []string, prefs ClaimPreferences, now time.Time, expires time.Duration) Claims {
|
|
c := Claims{
|
|
AccountIDs: accountIDs,
|
|
RootAccountID: accountID,
|
|
RootUserID: userID,
|
|
Roles: roles,
|
|
Preferences: prefs,
|
|
StandardClaims: jwt.StandardClaims{
|
|
Subject: userID,
|
|
Audience: accountID,
|
|
IssuedAt: now.Unix(),
|
|
ExpiresAt: now.Add(expires).Unix(),
|
|
},
|
|
}
|
|
|
|
return c
|
|
}
|
|
|
|
// NewClaimPreferences constructs ClaimPreferences for the user/account.
|
|
func NewClaimPreferences(timezone *time.Location, datetimeFormat, dateFormat, timeFormat string) ClaimPreferences {
|
|
p := ClaimPreferences{
|
|
DatetimeFormat: datetimeFormat,
|
|
DateFormat: dateFormat,
|
|
TimeFormat: timeFormat,
|
|
}
|
|
|
|
if timezone != nil {
|
|
p.Timezone = timezone.String()
|
|
}
|
|
|
|
return p
|
|
}
|
|
|
|
// Valid is called during the parsing of a token.
|
|
func (c Claims) Valid() error {
|
|
for _, r := range c.Roles {
|
|
switch r {
|
|
case RoleAdmin, RoleUser: // Role is valid.
|
|
default:
|
|
return fmt.Errorf("invalid role %q", r)
|
|
}
|
|
}
|
|
if err := c.StandardClaims.Valid(); err != nil {
|
|
return errors.Wrap(err, "validating standard claims")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// HasAuth returns true the user is authenticated.
|
|
func (c Claims) HasAuth() bool {
|
|
if c.Subject != "" {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// HasRole returns true if the claims has at least one of the provided roles.
|
|
func (c Claims) HasRole(roles ...string) bool {
|
|
for _, has := range c.Roles {
|
|
for _, want := range roles {
|
|
if has == want {
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// TimeLocation returns the timezone used to format datetimes for the user.
|
|
func (c ClaimPreferences) TimeLocation() *time.Location {
|
|
if c.tz == nil && c.Timezone != "" {
|
|
c.tz, _ = time.LoadLocation(c.Timezone)
|
|
}
|
|
return c.tz
|
|
}
|
|
|
|
// TimeLocation returns the timezone used to format datetimes for the user.
|
|
func (c Claims) TimeLocation() *time.Location {
|
|
return c.Preferences.TimeLocation()
|
|
}
|
|
|
|
// ClaimsFromContext loads the claims from context.
|
|
func ClaimsFromContext(ctx context.Context) (Claims, error) {
|
|
claims, ok := ctx.Value(Key).(Claims)
|
|
if !ok {
|
|
// TODO(jlw) should this be a web.Shutdown?
|
|
return Claims{}, errors.New("claims missing from context: HasRole called without/before Authenticate")
|
|
}
|
|
|
|
return claims, nil
|
|
}
|