init gateway-service

2026-03-26 12:40:21 +00:00 · 2023-09-27 17:19:25 +01:00
parent b725dae0f9
commit 4aa5cd6dfc
29 changed files with 6871 additions and 0 deletions
--- a/services/gateway-service/internal/api/handlers/auth.go
+++ b/services/gateway-service/internal/api/handlers/auth.go
@@ -0,0 +1,59 @@
+package handlers
+
+import (
+	"crypto/rsa"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/middleware/keyauth"
+
+	"github.com/hexolan/panels/gateway-service/internal"
+)
+
+var AuthMiddleware fiber.Handler
+
+type TokenClaims struct {
+	jwt.RegisteredClaims
+}
+
+type tokenValidator struct {
+	pubKey *rsa.PublicKey
+}
+
+func NewAuthMiddleware(cfg internal.Config) {
+	tokenValidator := tokenValidator{pubKey: cfg.JWTPubKey}
+	AuthMiddleware = keyauth.New(keyauth.Config{
+		AuthScheme: "Bearer",
+		Validator: tokenValidator.ValidateToken,
+	})
+}
+
+func GetTokenClaims(c *fiber.Ctx) (TokenClaims, error) {
+	var tokenClaims TokenClaims
+	tokenClaims, ok := c.Locals("tokenClaims").(TokenClaims)
+	if !ok {
+		return TokenClaims{}, fiber.NewError(fiber.StatusUnauthorized, "unable to access token claims")
+	}
+	return tokenClaims, nil
+}
+
+func (tv tokenValidator) validateToken(token *jwt.Token) (interface{}, error) {
+	// Ensure token is signed with RSA
+	if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+		return nil, keyauth.ErrMissingOrMalformedAPIKey
+	}
+
+	// Validate token with public key
+	return tv.pubKey, nil
+}
+
+func (tv tokenValidator) ValidateToken(c *fiber.Ctx, userToken string) (bool, error) {
+	claims := TokenClaims{}
+	_, err := jwt.ParseWithClaims(userToken, &claims, tv.validateToken)
+	if err != nil {
+		return false, err
+	}
+
+	c.Locals("tokenClaims", claims)
+	return true, nil
+}