github.com/mysteriumnetwork/node@v0.0.0-20240516044423-365054f76801/core/auth/jwt.go

github.com/mysteriumnetwork/node@v0.0.0-20240516044423-365054f76801/core/auth/jwt.go (about)

     1  /*
     2   * Copyright (C) 2019 The "MysteriumNetwork/node" Authors.
     3   *
     4   * This program is free software: you can redistribute it and/or modify
     5   * it under the terms of the GNU General Public License as published by
     6   * the Free Software Foundation, either version 3 of the License, or
     7   * (at your option) any later version.
     8   *
     9   * This program is distributed in the hope that it will be useful,
    10   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    11   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12   * GNU General Public License for more details.
    13   *
    14   * You should have received a copy of the GNU General Public License
    15   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    16   */
    17  
    18  package auth
    19  
    20  import (
    21  	"time"
    22  
    23  	"github.com/golang-jwt/jwt/v4"
    24  	"github.com/pkg/errors"
    25  )
    26  
    27  // JWTAuthenticator contains JWT handling methods
    28  type JWTAuthenticator struct {
    29  	encryptionKey []byte
    30  }
    31  
    32  // JWT contains token details
    33  type JWT struct {
    34  	Token          string
    35  	ExpirationTime time.Time
    36  }
    37  
    38  // JWTEncryptionKey contains the encryption key for JWT
    39  type JWTEncryptionKey []byte
    40  
    41  // JWTCookieName name of the cookie JWT token is stored in
    42  const JWTCookieName string = "token"
    43  
    44  type jwtClaims struct {
    45  	Username string `json:"username"`
    46  	jwt.RegisteredClaims
    47  }
    48  
    49  const expiresIn = 48 * time.Hour
    50  
    51  // NewJWTAuthenticator creates a new JWT authentication instance
    52  func NewJWTAuthenticator(encryptionKey JWTEncryptionKey) *JWTAuthenticator {
    53  	auth := &JWTAuthenticator{
    54  		encryptionKey,
    55  	}
    56  
    57  	return auth
    58  }
    59  
    60  // CreateToken creates a new JWT token
    61  func (jwtAuth *JWTAuthenticator) CreateToken(username string) (JWT, error) {
    62  	expirationTime := jwtAuth.getExpirationTime()
    63  	claims := &jwtClaims{
    64  		Username: username,
    65  		RegisteredClaims: jwt.RegisteredClaims{
    66  			ExpiresAt: jwt.NewNumericDate(expirationTime),
    67  		},
    68  	}
    69  
    70  	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
    71  	tokenString, err := token.SignedString(jwtAuth.encryptionKey)
    72  	if err != nil {
    73  		return JWT{}, err
    74  	}
    75  
    76  	return JWT{Token: tokenString, ExpirationTime: expirationTime}, nil
    77  }
    78  
    79  // ValidateToken validates a JWT token
    80  func (jwtAuth *JWTAuthenticator) ValidateToken(token string) (bool, error) {
    81  	claims := &jwtClaims{}
    82  
    83  	tkn, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
    84  		return jwtAuth.encryptionKey, nil
    85  	})
    86  	if err != nil {
    87  		return false, err
    88  	}
    89  
    90  	if tkn == nil || !tkn.Valid {
    91  		return false, errors.New("invalid JWT token")
    92  	}
    93  
    94  	return true, nil
    95  }
    96  
    97  func (jwtAuth *JWTAuthenticator) getExpirationTime() time.Time {
    98  	return time.Now().Add(expiresIn)
    99  }