middleware/auth/jwt/jwt.go

package jwt

import (
	"context"
	"errors"
	"net/http"

	"github.com/lestrrat-go/jwx/v2/jwa"
	"github.com/lestrrat-go/jwx/v2/jwt"

	"go.pkg.cx/middleware"
)

// Errors
var (
	ErrTokenInvalid  = errors.New("token invalid")
	ErrTokenNotFound = errors.New("token not found")
)

// Context keys
var (
	JWTCtxKey  = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "JWT"}
	DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "Data"}
)

// DefaultOptions represents default jwt auth middleware options
var DefaultOptions = Options(
	WithFindTokenFn(middleware.TokenFromAuthorizationHeader),
	WithFindTokenFn(middleware.TokenFromQuery("jwt")),
	WithFindTokenFn(middleware.TokenFromCookie("jwt")),
	SetResponseHandler(RespondWithUnauthorized),
	SetValidateTokenFn(allowAll),
)

// Options turns a list of option instances into an option
func Options(opts ...Option) Option {
	return func(a *auth) {
		for _, opt := range opts {
			opt(a)
		}
	}
}

// Option configures jwt auth middleware
type Option func(a *auth)

// SetKey sets key to verify jwt token with
func SetKey(key interface{}) Option {
	return func(a *auth) {
		a.key = key
	}
}

// SetAlgorithm sets algorithm to verify jwt token with
func SetAlgorithm(alg jwa.SignatureAlgorithm) Option {
	return func(a *auth) {
		a.algorithm = alg
	}
}

// WithFindTokenFn adds jwt token find function to the list
func WithFindTokenFn(fn func(r *http.Request) string) Option {
	return func(a *auth) {
		a.findTokenFns = append(a.findTokenFns, fn)
	}
}

// SetFindTokenFns sets jwt token find functions list
func SetFindTokenFns(fns ...func(r *http.Request) string) Option {
	return func(a *auth) {
		a.findTokenFns = fns
	}
}

// WithVerifyOption adds jwt verify option to the list
func WithVerifyOption(opt jwt.ValidateOption) Option {
	return func(a *auth) {
		a.verifyOptions = append(a.verifyOptions, opt)
	}
}

// SetVerifyOptions sets jwt verify options list
func SetVerifyOptions(opts ...jwt.ValidateOption) Option {
	return func(a *auth) {
		a.verifyOptions = opts
	}
}

// SetValidateTokenFn sets token validation function
func SetValidateTokenFn(fn func(token jwt.Token) (bool, interface{})) Option {
	return func(a *auth) {
		a.validateTokenFn = fn
	}
}

// SetResponseHandler sets response handler
func SetResponseHandler(fn middleware.ResponseHandle) Option {
	return func(a *auth) {
		a.responseHandler = fn
	}
}

type auth struct {
	key             interface{}
	algorithm       jwa.SignatureAlgorithm
	verifyOptions   []jwt.ValidateOption
	findTokenFns    []func(r *http.Request) string
	validateTokenFn func(token jwt.Token) (bool, interface{})
	responseHandler middleware.ResponseHandle
}

// Middleware returns jwt auth middleware
func Middleware(key interface{}, alg jwa.SignatureAlgorithm, opts ...Option) func(next http.Handler) http.Handler {
	a := &auth{}
	opts = append(opts, SetKey(key), SetAlgorithm(alg))
	opts = append([]Option{DefaultOptions}, opts...)

	for _, opt := range opts {
		opt(a)
	}

	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			var token string
			for _, findTokenFn := range a.findTokenFns {
				token = findTokenFn(r)
				if token != "" {
					break
				}
			}

			if token == "" {
				a.responseHandler(w, r, ErrTokenNotFound)
				return
			}

			jwtToken, err := jwt.ParseString(token, jwt.WithKey(a.algorithm, a.key))
			if err != nil {
				a.responseHandler(w, r, err)
				return
			}

			if err := jwt.Validate(jwtToken, a.verifyOptions...); err != nil {
				a.responseHandler(w, r, err)
				return
			}

			valid, data := a.validateTokenFn(jwtToken)
			if !valid {
				a.responseHandler(w, r, ErrTokenInvalid)
				return
			}

			ctx := r.Context()
			ctx = context.WithValue(ctx, JWTCtxKey, jwtToken)
			ctx = context.WithValue(ctx, DataCtxKey, data)

			next.ServeHTTP(w, r.WithContext(ctx))
		})
	}
}

// RespondWithUnauthorized is a default response handler
func RespondWithUnauthorized(w http.ResponseWriter, _ *http.Request, _ error) {
	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
}

func allowAll(_ jwt.Token) (bool, interface{}) {
	return true, nil
}
Merge some middlewares 2020-11-07 11:59:33 +00:00			`package jwt`

			`import (`
			`"context"`
			`"errors"`
			`"net/http"`

Update JWT authentication middleware 2023-12-02 04:44:50 +00:00			`"github.com/lestrrat-go/jwx/v2/jwa"`
			`"github.com/lestrrat-go/jwx/v2/jwt"`
Merge some middlewares 2020-11-07 11:59:33 +00:00
			`"go.pkg.cx/middleware"`
			`)`

			`// Errors`
			`var (`
			`ErrTokenInvalid = errors.New("token invalid")`
			`ErrTokenNotFound = errors.New("token not found")`
			`)`

			`// Context keys`
			`var (`
			`JWTCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "JWT"}`
Update JWT authentication middleware 2023-12-02 04:44:50 +00:00			`DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "Data"}`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`)`

			`// DefaultOptions represents default jwt auth middleware options`
			`var DefaultOptions = Options(`
			`WithFindTokenFn(middleware.TokenFromAuthorizationHeader),`
			`WithFindTokenFn(middleware.TokenFromQuery("jwt")),`
			`WithFindTokenFn(middleware.TokenFromCookie("jwt")),`
			`SetResponseHandler(RespondWithUnauthorized),`
			`SetValidateTokenFn(allowAll),`
			`)`

Fix comment format 2023-06-25 21:40:26 +00:00			`// Options turns a list of option instances into an option`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`func Options(opts ...Option) Option {`
			`return func(a *auth) {`
			`for _, opt := range opts {`
			`opt(a)`
			`}`
			`}`
			`}`

			`// Option configures jwt auth middleware`
			`type Option func(a *auth)`

			`// SetKey sets key to verify jwt token with`
			`func SetKey(key interface{}) Option {`
			`return func(a *auth) {`
			`a.key = key`
			`}`
			`}`

			`// SetAlgorithm sets algorithm to verify jwt token with`
			`func SetAlgorithm(alg jwa.SignatureAlgorithm) Option {`
			`return func(a *auth) {`
			`a.algorithm = alg`
			`}`
			`}`

			`// WithFindTokenFn adds jwt token find function to the list`
			`func WithFindTokenFn(fn func(r *http.Request) string) Option {`
			`return func(a *auth) {`
			`a.findTokenFns = append(a.findTokenFns, fn)`
			`}`
			`}`

			`// SetFindTokenFns sets jwt token find functions list`
			`func SetFindTokenFns(fns ...func(r *http.Request) string) Option {`
			`return func(a *auth) {`
			`a.findTokenFns = fns`
			`}`
			`}`

			`// WithVerifyOption adds jwt verify option to the list`
Upgrade dependencies 2020-12-21 13:49:16 +00:00			`func WithVerifyOption(opt jwt.ValidateOption) Option {`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`return func(a *auth) {`
			`a.verifyOptions = append(a.verifyOptions, opt)`
			`}`
			`}`

			`// SetVerifyOptions sets jwt verify options list`
Upgrade dependencies 2020-12-21 13:49:16 +00:00			`func SetVerifyOptions(opts ...jwt.ValidateOption) Option {`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`return func(a *auth) {`
			`a.verifyOptions = opts`
			`}`
			`}`

			`// SetValidateTokenFn sets token validation function`
			`func SetValidateTokenFn(fn func(token jwt.Token) (bool, interface{})) Option {`
			`return func(a *auth) {`
			`a.validateTokenFn = fn`
			`}`
			`}`

			`// SetResponseHandler sets response handler`
			`func SetResponseHandler(fn middleware.ResponseHandle) Option {`
			`return func(a *auth) {`
			`a.responseHandler = fn`
			`}`
			`}`

			`type auth struct {`
			`key interface{}`
			`algorithm jwa.SignatureAlgorithm`
Upgrade dependencies 2020-12-21 13:49:16 +00:00			`verifyOptions []jwt.ValidateOption`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`findTokenFns []func(r *http.Request) string`
			`validateTokenFn func(token jwt.Token) (bool, interface{})`
			`responseHandler middleware.ResponseHandle`
			`}`

			`// Middleware returns jwt auth middleware`
			`func Middleware(key interface{}, alg jwa.SignatureAlgorithm, opts ...Option) func(next http.Handler) http.Handler {`
			`a := &auth{}`
Fix lint errors 2023-06-25 20:10:30 +00:00			`opts = append(opts, SetKey(key), SetAlgorithm(alg))`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`opts = append([]Option{DefaultOptions}, opts...)`

			`for _, opt := range opts {`
			`opt(a)`
			`}`

			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`var token string`
			`for _, findTokenFn := range a.findTokenFns {`
			`token = findTokenFn(r)`
			`if token != "" {`
			`break`
			`}`
			`}`

			`if token == "" {`
			`a.responseHandler(w, r, ErrTokenNotFound)`
			`return`
			`}`

Update JWT authentication middleware 2023-12-02 04:44:50 +00:00			`jwtToken, err := jwt.ParseString(token, jwt.WithKey(a.algorithm, a.key))`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`if err != nil {`
			`a.responseHandler(w, r, err)`
			`return`
			`}`

Upgrade dependencies 2021-07-02 02:12:02 +00:00			`if err := jwt.Validate(jwtToken, a.verifyOptions...); err != nil {`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`a.responseHandler(w, r, err)`
			`return`
			`}`

			`valid, data := a.validateTokenFn(jwtToken)`
			`if !valid {`
			`a.responseHandler(w, r, ErrTokenInvalid)`
			`return`
			`}`

			`ctx := r.Context()`
			`ctx = context.WithValue(ctx, JWTCtxKey, jwtToken)`
			`ctx = context.WithValue(ctx, DataCtxKey, data)`

			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`
			`}`

			`// RespondWithUnauthorized is a default response handler`
Fix lint errors 2023-06-25 20:10:30 +00:00			`func RespondWithUnauthorized(w http.ResponseWriter, _ *http.Request, _ error) {`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)`
			`}`

Fix lint errors 2023-06-25 20:10:30 +00:00			`func allowAll(_ jwt.Token) (bool, interface{}) {`
Merge some middlewares 2020-11-07 11:59:33 +00:00			`return true, nil`
			`}`