135 lines
3.5 KiB
Go
135 lines
3.5 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
"sismedika.com/sas/westone/configs"
|
|
"sismedika.com/sas/westone/types"
|
|
"sismedika.com/sas/westone/utils"
|
|
)
|
|
|
|
type ContextKey string
|
|
|
|
const UserContextKey ContextKey = "mk1S2sKM12KASd02dp1"
|
|
|
|
// func WithJWTAuth(handlerFunc http.HandlerFunc, store types.UserStore) http.HandlerFunc {
|
|
// return func(w http.ResponseWriter, r *http.Request) {
|
|
// tokenString := utils.GetTokenFromRequest(r)
|
|
// token, err := validateJWT(tokenString)
|
|
// if err != nil {
|
|
// log.Printf("failed to validate token: %v", err)
|
|
// permissionDenied(w)
|
|
// return
|
|
// }
|
|
|
|
// if !token.Valid {
|
|
// log.Println("invalid token")
|
|
// permissionDenied(w)
|
|
// return
|
|
// }
|
|
|
|
// claims := token.Claims.(jwt.MapClaims)
|
|
// str := claims["userID"].(string)
|
|
|
|
// userID, err := strconv.Atoi(str)
|
|
// if err != nil {
|
|
// log.Printf("failed to convert userID to int: %v", err)
|
|
// permissionDenied(w)
|
|
// return
|
|
// }
|
|
|
|
// u, err := store.GetUserByID(userID)
|
|
// if err != nil {
|
|
// log.Printf("failed to get user by id: %v", err)
|
|
// permissionDenied(w)
|
|
// return
|
|
// }
|
|
|
|
// // Add the user to the context
|
|
// ctx := r.Context()
|
|
// ctx = context.WithValue(ctx, UserKey, u.MUserID)
|
|
// r = r.WithContext(ctx)
|
|
|
|
// // Call the function if the token is valid
|
|
// handlerFunc(w, r)
|
|
// }
|
|
// }
|
|
|
|
func CreateJWT(data types.DataJWT) (string, error) {
|
|
secret := []byte(configs.Envs.JWTSecret)
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
"M_UserID": data.M_UserID,
|
|
"M_UserEmail": data.M_UserEmail,
|
|
"M_UserUsername": data.M_UserUsername,
|
|
"M_UserGroupDashboard": data.M_UserGroupDashboard,
|
|
"M_UserDefaultTSampleStationID": data.M_UserDefaultTSampleStationID,
|
|
"M_StaffName": data.M_StaffName,
|
|
"Is_Courier": data.Is_Courier,
|
|
"Time_Autologout": data.Time_Autologout,
|
|
"Type_Akun": data.Type_Akun,
|
|
"IP": data.Ip,
|
|
"Agent": data.Agent,
|
|
"Version": data.Version,
|
|
"LastLogin": data.LastLogin,
|
|
})
|
|
|
|
tokenString, err := token.SignedString(secret)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return tokenString, err
|
|
}
|
|
|
|
func validateJWT(tokenString string) (*jwt.Token, error) {
|
|
return jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
|
|
return []byte(configs.Envs.JWTSecret), nil
|
|
})
|
|
}
|
|
|
|
func permissionDenied(w http.ResponseWriter) {
|
|
utils.WriteError(w, http.StatusForbidden, fmt.Errorf("PERMISSION DENIED"))
|
|
}
|
|
|
|
func GetUserIDFromContext(ctx context.Context) int {
|
|
userID, ok := ctx.Value(UserContextKey).(int)
|
|
if !ok {
|
|
return -1
|
|
}
|
|
|
|
return userID
|
|
}
|
|
|
|
func AuthMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
tokenstr := utils.GetTokenFromRequest(r)
|
|
token, err := validateJWT(tokenstr)
|
|
if err != nil {
|
|
log.Printf("[ERROR] Failed to validate jwt token: %v", err)
|
|
permissionDenied(w)
|
|
return
|
|
}
|
|
|
|
if !token.Valid {
|
|
log.Println("[ERROR] Invalid token")
|
|
permissionDenied(w)
|
|
return
|
|
}
|
|
|
|
claims := token.Claims.(jwt.MapClaims)
|
|
ctx := r.Context()
|
|
ctx = context.WithValue(ctx, UserContextKey, claims)
|
|
r = r.WithContext(ctx)
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|