add gin/frame authjwt module

2022-04-08 16:12:04 +08:00 · 2022-04-08 16:12:04 +08:00 · 37027e40dc
commit 37027e40dc
parent 6eae57da80
1 changed files with 54 additions and 0 deletions
--- a/pkg/gin/frame/auth_jwt.go
+++ b/pkg/gin/frame/auth_jwt.go
@ -0,0 +1,54 @@
+package frame
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/zhang2092/gohelpers/pkg/token"
+)
+
+const (
+	authorizationHeaderKey  = "authorization"
+	authorizationTypeBearer = "bearer"
+	authorizationPayloadKey = "authorization_payload"
+)
+
+// AuthJWT creates a gin middleware for authorization
+func AuthJWT(tokenMaker token.Maker) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authorizationHeader := c.GetHeader(authorizationHeaderKey)
+
+		if len(authorizationHeader) == 0 {
+			err := errors.New("authorization header is not provided")
+			WrapContext(c).Error(http.StatusUnauthorized, err.Error())
+			return
+		}
+
+		fields := strings.Fields(authorizationHeader)
+		if len(fields) < 2 {
+			err := errors.New("invalid authorization header format")
+			WrapContext(c).Error(http.StatusUnauthorized, err.Error())
+			return
+		}
+
+		authorizationType := strings.ToLower(fields[0])
+		if authorizationType != authorizationTypeBearer {
+			err := fmt.Errorf("unsupported authorization type %s", authorizationType)
+			WrapContext(c).Error(http.StatusUnauthorized, err.Error())
+			return
+		}
+
+		accessToken := fields[1]
+		payload, err := tokenMaker.VerifyToken(accessToken)
+		if err != nil {
+			WrapContext(c).Error(http.StatusUnauthorized, err.Error())
+			return
+		}
+
+		c.Set(authorizationPayloadKey, payload)
+		c.Next()
+	}
+}