github.com/googlecloudplatform/kubernetes-workshops@v0.0.0-20180501174420-d8199445b2c3/bundles/kubernetes-101/workshop/app/handlers/login.go (about) 1 package handlers 2 3 import ( 4 "encoding/json" 5 "net/http" 6 "time" 7 8 "github.com/dgrijalva/jwt-go" 9 "github.com/GoogleCloudPlatform/kubernetes-workshops/bundles/kubernetes-101/workshop/app/user" 10 "golang.org/x/crypto/bcrypt" 11 ) 12 13 type LoginResponse struct { 14 Token string `json:"token"` 15 } 16 17 type loginHandler struct { 18 secret string 19 users user.Users 20 } 21 22 func (h *loginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { 23 username, password, ok := r.BasicAuth() 24 if !ok { 25 http.Error(w, "authorization failed", http.StatusUnauthorized) 26 return 27 } 28 29 user, ok := h.users[username] 30 if !ok { 31 http.Error(w, "authorization failed", http.StatusUnauthorized) 32 return 33 } 34 35 err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)) 36 if err != nil { 37 http.Error(w, "authorization failed", http.StatusUnauthorized) 38 return 39 } 40 41 token := jwt.New(jwt.SigningMethodHS256) 42 token.Claims["exp"] = time.Now().Add(time.Hour * 72).Unix() 43 token.Claims["iss"] = "auth.service" 44 token.Claims["iat"] = time.Now().Unix() 45 token.Claims["email"] = user.Email 46 token.Claims["sub"] = user.Username 47 48 tokenString, err := token.SignedString([]byte(h.secret)) 49 if err != nil { 50 http.Error(w, "authorization failed", http.StatusUnauthorized) 51 return 52 } 53 54 response := LoginResponse{ 55 Token: tokenString, 56 } 57 json.NewEncoder(w).Encode(response) 58 } 59 60 func LoginHandler(secret string, users user.Users) http.Handler { 61 return &loginHandler{ 62 secret: secret, 63 users: users, 64 } 65 }