func extractKeyIDAndLoadKeyFromDB(token *jwt.Token) (interface{}, error) { // Check whether the right signing algorithm was used. if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok { return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) } // Get the user ID userID := (token.Header["user"].(float64)) user, err := models.FindUserByID(int(userID)) if err != nil { return nil, err } privateKey, err := StringToPrivateKey(user.PrivateKey) return privateKey.Public(), err }
// ValidateJWTToken validates a JWT token and returns the user from the DB func ValidateJWTToken(input string) (*models.User, error) { if redis.TokenIsInBlacklist(input) { return nil, errors.New("Token is in blacklist.") } token, err := jwt.Parse(input, extractKeyIDAndLoadKeyFromDB) if err != nil || !token.Valid { return nil, err } if token.Claims["user"] != token.Header["user"] { return nil, errors.New("The token has been tampered with...inside.") } userID := (token.Claims["user"].(float64)) user, err := models.FindUserByID(int(userID)) return &user, err }
// GetFencesHandler GET /fences func GetFencesHandler(w http.ResponseWriter, r *http.Request) { lat, err1 := strconv.ParseFloat(r.URL.Query().Get("latitude"), 64) lon, err2 := strconv.ParseFloat(r.URL.Query().Get("longitude"), 64) radius, err3 := strconv.ParseInt(r.URL.Query().Get("radius"), 10, 64) userID, err4 := strconv.ParseInt(r.URL.Query().Get("user"), 10, 8) excludeOwn, _ := strconv.ParseBool(r.URL.Query().Get("excludeOwn")) if err1 == nil && err2 == nil && err3 == nil { user, err := auth.ValidateSession(r) var result []models.Fence if err == nil && excludeOwn { result, err = search.FindGeoFencesExceptByUser(lat, lon, radius, user.ID) } else { result, err = search.FindGeoFences(lat, lon, radius) } if err != nil { InternalServerError(err, w) return } fences := make([]fenceResponse, len(result)) for i := range result { f := result[i] fences[i].ID = f.ID fences[i].Lat = f.Lat fences[i].Lon = f.Lon fences[i].Name = f.Name fences[i].Radius = f.Radius fences[i].Owner = f.UserID fences[i].DiesAt = util.Timestamp(f.DiesAt) fences[i].RentMultiplier = f.RentMultiplier fences[i].OwnerName = f.User.Name if user != nil && f.UserID == user.ID { fences[i].Cost = f.Cost fences[i].TotalEarnings = f.TotalEarnings fences[i].TotalVisitors = f.TotalVisitors } } bytes, err := json.Marshal(&fences) if err != nil { InternalServerError(err, w) return } if user != nil { user.LastKnownGeoHash = geomodel.GeoCell(lat, lon, models.LastKnownGeoHashResolution) err = user.Save() if err != nil { InternalServerError(err, w) return } } w.Write(bytes) return } if err4 == nil { user, _ := auth.ValidateSession(r) fenceUser, errA := models.FindUserByID(int(userID)) if errA != nil { InternalServerError(errA, w) return } result, errA := fenceUser.GetFences() if errA != nil { InternalServerError(errA, w) return } fences := make([]fenceResponse, len(result)) for i := range result { f := result[i] fences[i].ID = f.ID fences[i].Lat = f.Lat fences[i].Lon = f.Lon fences[i].Name = f.Name fences[i].Radius = f.Radius fences[i].Owner = f.UserID fences[i].DiesAt = util.Timestamp(f.DiesAt) fences[i].RentMultiplier = f.RentMultiplier fences[i].OwnerName = fenceUser.Name if user != nil && f.UserID == user.ID { fences[i].Cost = f.Cost fences[i].TotalEarnings = f.TotalEarnings fences[i].TotalVisitors = f.TotalVisitors } } bytes, err := json.Marshal(&fences) if err != nil { InternalServerError(err, w) return } w.Write(bytes) return } err := err1 if err == nil { err = err2 } if err == nil { err = err3 } if err == nil { err = err4 } if err == nil { err = errors.New("Please specify valid query options.") } InternalServerError(err, w) }