-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
create and verify JWT & PASETO token
- Loading branch information
1 parent
fc24d05
commit cd4d477
Showing
8 changed files
with
323 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
package token | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
"time" | ||
|
||
"github.com/golang-jwt/jwt/v4" | ||
) | ||
|
||
const minSecretKeySize = 32 | ||
|
||
// JWTMaker is a JSON web token maker | ||
type JWTMaker struct { | ||
secretKey string | ||
} | ||
|
||
// NewJWTMaker creates a new JWTMaker | ||
func NewJWTMaker(secretKey string) (Maker, error) { | ||
if len(secretKey) < minSecretKeySize { | ||
return nil, fmt.Errorf("invalid key size: must be at least %d characters", minSecretKeySize) | ||
} | ||
|
||
return &JWTMaker{secretKey}, nil | ||
} | ||
|
||
func (maker *JWTMaker) CreateToken(username string, duration time.Duration) (string, error) { | ||
payload, err := NewPayload(username, duration) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, payload) | ||
return jwtToken.SignedString([]byte(maker.secretKey)) | ||
} | ||
|
||
func (maker *JWTMaker) VerifyToken(token string) (*Payload, error) { | ||
keyFunc := func(token *jwt.Token) (interface{}, error) { | ||
_, ok := token.Method.(*jwt.SigningMethodHMAC) | ||
if !ok { | ||
return nil, ErrInvalidToken | ||
} | ||
|
||
return []byte(maker.secretKey), nil | ||
} | ||
jwtToken, err := jwt.ParseWithClaims(token, &Payload{}, keyFunc) | ||
if err != nil { | ||
verr, ok := err.(*jwt.ValidationError) | ||
if ok && errors.Is(verr.Inner, ErrExpiredToken) { | ||
return nil, ErrExpiredToken | ||
} | ||
return nil, ErrInvalidToken | ||
} | ||
|
||
payload, ok := jwtToken.Claims.(*Payload) | ||
if !ok { | ||
return nil, ErrInvalidToken | ||
} | ||
return payload, nil | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package token | ||
|
||
import ( | ||
"testing" | ||
"time" | ||
|
||
"Banksy/util" | ||
|
||
"github.com/dgrijalva/jwt-go" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func TestJWTMaker(t *testing.T) { | ||
maker, err := NewJWTMaker(util.RandomString(32)) | ||
require.NoError(t, err) | ||
|
||
username := util.RandomOwner() | ||
duration := time.Minute | ||
|
||
issuedAt := time.Now() | ||
expiredAt := issuedAt.Add(duration) | ||
|
||
token, err := maker.CreateToken(username, duration) | ||
require.NoError(t, err) | ||
require.NotEmpty(t, token) | ||
|
||
payload, err := maker.VerifyToken(token) | ||
require.NoError(t, err) | ||
require.NotEmpty(t, token) | ||
|
||
require.NotZero(t, payload.ID) | ||
require.Equal(t, username, payload.Username) | ||
require.WithinDuration(t, issuedAt, payload.IssuedAt, time.Second) | ||
require.WithinDuration(t, expiredAt, payload.ExpiredAt, time.Second) | ||
} | ||
|
||
func TestExpiredJWTToken(t *testing.T) { | ||
maker, err := NewJWTMaker(util.RandomString(32)) | ||
require.NoError(t, err) | ||
|
||
token, err := maker.CreateToken(util.RandomOwner(), -time.Minute) | ||
require.NoError(t, err) | ||
require.NotEmpty(t, token) | ||
|
||
payload, err := maker.VerifyToken(token) | ||
require.Error(t, err) | ||
require.EqualError(t, err, ErrExpiredToken.Error()) | ||
require.Nil(t, payload) | ||
} | ||
|
||
func TestInvalidJWTTokenAlgNone(t *testing.T) { | ||
payload, err := NewPayload(util.RandomOwner(), time.Minute) | ||
require.NoError(t, err) | ||
|
||
jwtToken := jwt.NewWithClaims(jwt.SigningMethodNone, payload) | ||
token, err := jwtToken.SignedString(jwt.UnsafeAllowNoneSignatureType) | ||
require.NoError(t, err) | ||
|
||
maker, err := NewJWTMaker(util.RandomString(32)) | ||
require.NoError(t, err) | ||
|
||
payload, err = maker.VerifyToken(token) | ||
require.Error(t, err) | ||
require.EqualError(t, err, ErrInvalidToken.Error()) | ||
require.Nil(t, payload) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package token | ||
|
||
import "time" | ||
|
||
// Maker is an interface for managing tokens | ||
type Maker interface { | ||
|
||
// CreateToken creates a new token for a specific username and duration | ||
CreateToken(username string, duration time.Duration) (string, error) | ||
|
||
// VerifyToken checks if the token is valid or not | ||
VerifyToken(token string) (*Payload, error) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
package token | ||
|
||
import ( | ||
"fmt" | ||
"time" | ||
|
||
"github.com/aead/chacha20poly1305" | ||
"github.com/o1egl/paseto" | ||
) | ||
|
||
type PasetoMaker struct { | ||
paseto *paseto.V2 | ||
symmetricKey []byte | ||
} | ||
|
||
func NewPasetoMaker(symmetricKey string) (Maker, error) { | ||
if len(symmetricKey) != chacha20poly1305.KeySize { | ||
return nil, fmt.Errorf("invalid key size: must be exactly %d characters", chacha20poly1305.KeySize) | ||
} | ||
|
||
maker := &PasetoMaker{ | ||
paseto: paseto.NewV2(), | ||
symmetricKey: []byte(symmetricKey), | ||
} | ||
|
||
return maker, nil | ||
} | ||
|
||
func (maker *PasetoMaker) CreateToken(username string, duration time.Duration) (string, error) { | ||
payload, err := NewPayload(username, duration) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
return maker.paseto.Encrypt(maker.symmetricKey, payload, nil) | ||
} | ||
|
||
func (maker *PasetoMaker) VerifyToken(token string) (*Payload, error) { | ||
payload := &Payload{} | ||
|
||
err := maker.paseto.Decrypt(token, maker.symmetricKey, payload, nil) | ||
if err != nil { | ||
return nil, ErrInvalidToken | ||
} | ||
|
||
err = payload.Valid() | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return payload, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package token | ||
|
||
import ( | ||
"testing" | ||
"time" | ||
|
||
"Banksy/util" | ||
|
||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func TestPasetoMaker(t *testing.T) { | ||
maker, err := NewPasetoMaker(util.RandomString(32)) | ||
require.NoError(t, err) | ||
|
||
username := util.RandomOwner() | ||
duration := time.Minute | ||
|
||
issuedAt := time.Now() | ||
expiredAt := issuedAt.Add(duration) | ||
|
||
token, err := maker.CreateToken(username, duration) | ||
require.NoError(t, err) | ||
require.NotEmpty(t, token) | ||
|
||
payload, err := maker.VerifyToken(token) | ||
require.NoError(t, err) | ||
require.NotEmpty(t, token) | ||
|
||
require.NotZero(t, payload.ID) | ||
require.Equal(t, username, payload.Username) | ||
require.WithinDuration(t, issuedAt, payload.IssuedAt, time.Second) | ||
require.WithinDuration(t, expiredAt, payload.ExpiredAt, time.Second) | ||
} | ||
|
||
func TestExpiredPasetoToken(t *testing.T) { | ||
maker, err := NewPasetoMaker(util.RandomString(32)) | ||
require.NoError(t, err) | ||
|
||
token, err := maker.CreateToken(util.RandomOwner(), -time.Minute) | ||
require.NoError(t, err) | ||
require.NotEmpty(t, token) | ||
|
||
payload, err := maker.VerifyToken(token) | ||
require.Error(t, err) | ||
require.EqualError(t, err, ErrExpiredToken.Error()) | ||
require.Nil(t, payload) | ||
} |
Oops, something went wrong.