Update JWT authentication middleware

2023-12-02 07:44:50 +03:00 · 2023-12-02 07:44:50 +03:00 · 1f6b32dd60
commit 1f6b32dd60
parent d1efc54112
4 changed files with 35 additions and 31 deletions
--- a/auth/jwt/jwt.go
+++ b/auth/jwt/jwt.go
@ -5,8 +5,8 @@ import (
 	"errors"
 	"net/http"

-	"github.com/lestrrat-go/jwx/jwa"
-	"github.com/lestrrat-go/jwx/jwt"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwt"

 	"go.pkg.cx/middleware"
 )
@ -20,7 +20,7 @@ var (
 // Context keys
 var (
 	JWTCtxKey  = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "JWT"}
-	DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/token", Name: "Data"}
+	DataCtxKey = &middleware.CtxKey{Pkg: "go.pkg.cx/middleware/auth/jwt", Name: "Data"}
 )

 // DefaultOptions represents default jwt auth middleware options
@ -134,7 +134,7 @@ func Middleware(key interface{}, alg jwa.SignatureAlgorithm, opts ...Option) fun
 				return
 			}

-			jwtToken, err := jwt.ParseString(token, jwt.WithVerify(a.algorithm, a.key))
+			jwtToken, err := jwt.ParseString(token, jwt.WithKey(a.algorithm, a.key))
 			if err != nil {
 				a.responseHandler(w, r, err)
 				return
--- a/auth/jwt/jwt_test.go
+++ b/auth/jwt/jwt_test.go
@ -7,8 +7,8 @@ import (
 	"testing"
 	"time"

-	"github.com/lestrrat-go/jwx/jwa"
-	"github.com/lestrrat-go/jwx/jwt"
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwt"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

@ -41,7 +41,7 @@ func TestJWTAuthDefaults(t *testing.T) {
 	assert.Equal(t, "Unauthorized\n", string(b))

 	token := jwt.New()
-	payload, err := jwt.Sign(token, jwa.HS256, []byte("changethis"))
+	payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis")))
 	assert.NoError(t, err)

 	res, err = http.Get(server.URL + "/?jwt=" + string(payload))
@ -72,7 +72,7 @@ func TestJWTAuthParseVerify(t *testing.T) {

 	token := jwt.New()

-	payload, err := jwt.Sign(token, jwa.HS512, []byte("tkey"))
+	payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS512, []byte("tkey")))
 	assert.NoError(t, err)

 	res, err := http.Get(server.URL + "/?token=" + string(payload))
@ -80,7 +80,7 @@ func TestJWTAuthParseVerify(t *testing.T) {
 	defer res.Body.Close()
 	assert.Equal(t, http.StatusUnauthorized, res.StatusCode)

-	payload, err = jwt.Sign(token, jwa.HS256, []byte("tkey"))
+	payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("tkey")))
 	assert.NoError(t, err)

 	res, err = http.Get(server.URL + "/?token=" + string(payload))
@ -88,7 +88,7 @@ func TestJWTAuthParseVerify(t *testing.T) {
 	defer res.Body.Close()
 	assert.Equal(t, http.StatusUnauthorized, res.StatusCode)

-	payload, err = jwt.Sign(token, jwa.HS512, []byte("wrongkey"))
+	payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS512, []byte("wrongkey")))
 	assert.NoError(t, err)

 	res, err = http.Get(server.URL + "/?token=" + string(payload))
@ -99,7 +99,7 @@ func TestJWTAuthParseVerify(t *testing.T) {
 	now := time.Now()
 	token.Set(jwt.IssuedAtKey, now.Add(-1*time.Hour))      // nolint:errcheck // No need to check error here
 	token.Set(jwt.ExpirationKey, now.Add(-58*time.Minute)) // nolint:errcheck // No need to check error here
-	payload, err = jwt.Sign(token, jwa.HS512, []byte("tkey"))
+	payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS512, []byte("tkey")))
 	assert.NoError(t, err)

 	res, err = http.Get(server.URL + "/?token=" + string(payload))
@ -121,7 +121,7 @@ func TestJWTAuthVerifyOptions(t *testing.T) {
 	token := jwt.New()

 	token.Set(jwt.IssuerKey, "wrongissuer") // nolint:errcheck // No need to check error here
-	payload, err := jwt.Sign(token, jwa.HS256, []byte("changethis"))
+	payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis")))
 	assert.NoError(t, err)

 	res, err := http.Get(server.URL + "/?jwt=" + string(payload))
@ -130,7 +130,7 @@ func TestJWTAuthVerifyOptions(t *testing.T) {
 	assert.Equal(t, http.StatusUnauthorized, res.StatusCode)

 	token.Set(jwt.IssuerKey, "tissuer") // nolint:errcheck // No need to check error here
-	payload, err = jwt.Sign(token, jwa.HS256, []byte("changethis"))
+	payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis")))
 	assert.NoError(t, err)

 	res, err = http.Get(server.URL + "/?jwt=" + string(payload))
@ -173,7 +173,7 @@ func TestJWTAuthContext(t *testing.T) {
 	server := httptest.NewServer(auth(testCtxHandler))
 	defer server.Close()

-	payload, err := jwt.Sign(token, jwa.HS256, []byte("changethis"))
+	payload, err := jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis")))
 	assert.NoError(t, err)

 	res, err := http.Get(server.URL + "/?jwt=" + string(payload))
@ -182,7 +182,7 @@ func TestJWTAuthContext(t *testing.T) {
 	assert.Equal(t, http.StatusOK, res.StatusCode)

 	token.Set(jwt.JwtIDKey, "invalid") // nolint:errcheck // No need to check error here
-	payload, err = jwt.Sign(token, jwa.HS256, []byte("changethis"))
+	payload, err = jwt.Sign(token, jwt.WithKey(jwa.HS256, []byte("changethis")))
 	assert.NoError(t, err)

 	res, err = http.Get(server.URL + "/?jwt=" + string(payload))
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.15

 require (
 	github.com/go-pkgz/expirable-cache v1.0.0
-	github.com/lestrrat-go/jwx v1.2.26
+	github.com/lestrrat-go/jwx/v2 v2.0.17
 	github.com/stretchr/testify v1.8.4
-	golang.org/x/crypto v0.10.0 // indirect
+	golang.org/x/crypto v0.16.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -8,23 +8,23 @@ github.com/go-pkgz/expirable-cache v1.0.0 h1:ns5+1hjY8hntGv8bPaQd9Gr7Jyo+Uw5SLyI
 github.com/go-pkgz/expirable-cache v1.0.0/go.mod h1:GTrEl0X+q0mPNqN6dtcQXksACnzCBQ5k/k1SwXJsZKs=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
-github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
-github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
-github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
+github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
 github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
 github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx v1.2.26 h1:4iFo8FPRZGDYe1t19mQP0zTRqA7n8HnJ5lkIiDvJcB0=
-github.com/lestrrat-go/jwx v1.2.26/go.mod h1:MaiCdGbn3/cckbOFSCluJlJMmp9dmZm5hDuIkx8ftpQ=
+github.com/lestrrat-go/jwx/v2 v2.0.17 h1:+WavkdKVWO90ECnIzUetOnjY+kcqqw4WXEUmil7sMCE=
+github.com/lestrrat-go/jwx/v2 v2.0.17/go.mod h1:G8randPHLGAqhcNCqtt6/V/7E6fvJRl3Sf9z777eTQ0=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@ -36,9 +36,9 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@ -52,22 +52,26 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=