65 lines
1.7 KiB
Go
65 lines
1.7 KiB
Go
package interceptors
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
|
|
"github.com/golang-jwt/jwt/v5"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/metadata"
|
|
"google.golang.org/grpc/status"
|
|
)
|
|
|
|
type JWTVerifier struct {
|
|
secret []byte
|
|
serverCtx context.Context
|
|
}
|
|
|
|
func NewJWTVerifier(ctx context.Context, secret []byte) *JWTVerifier {
|
|
return &JWTVerifier{
|
|
serverCtx: ctx,
|
|
secret: secret,
|
|
}
|
|
}
|
|
|
|
// This is an interceptors that should verify that a user is authorized
|
|
func (v *JWTVerifier) JWTAuthInterceptor(
|
|
ctx context.Context,
|
|
req interface{},
|
|
info *grpc.UnaryServerInfo,
|
|
handler grpc.UnaryHandler,
|
|
) (interface{}, error) {
|
|
log := logger.FromContext(v.serverCtx).WithValues("method", info.FullMethod)
|
|
if !strings.Contains(info.FullMethod, "NoAuth") {
|
|
log.Info("Checking the JWT token")
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
if !ok {
|
|
return nil, status.Error(codes.Unauthenticated, "User is not authorized")
|
|
}
|
|
|
|
tokenString := md.Get("token")[0]
|
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
|
|
// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
|
|
return v.secret, nil
|
|
}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))
|
|
if err != nil {
|
|
return nil, status.Error(codes.Unauthenticated, "User is not authorized")
|
|
}
|
|
|
|
if claims, ok := token.Claims.(jwt.MapClaims); ok {
|
|
fmt.Println(claims["userID"])
|
|
} else {
|
|
fmt.Println(err)
|
|
}
|
|
// Get the token from the metadata
|
|
// Validate the token
|
|
// Get the user id from the token
|
|
} else {
|
|
log.Info("Auth is not required for this request")
|
|
}
|
|
return handler(ctx, req)
|
|
}
|