func auth() echo.HandlerFunc { return func(c *echo.Context) error { if c.Request().URL.Path != "/account/login" { token := c.Request().Header.Get("Authorization") if token == "" { return echo.NewHTTPError(401, "Bad token") } user := authCache.get(token) if user != nil { c.Set("user", user) c.Set("token", token) c.Set("uuid", user.UUID(token)) return nil } user = store.GetUserByToken(token) if user == nil { return echo.NewHTTPError(401, "Bad token") } authCache.set(token, user) c.Set("user", user) c.Set("token", token) c.Set("uuid", user.UUID(token)) } return nil } }
// JWTAuth returns a JWT authentication middleware. // // For valid token it sets JWT claims in the context with key `_claims` and calls // the next handler. // For invalid Authorization header it sends "404 - Bad Request" response. // For invalid credentials, it sends "401 - Unauthorized" response. func JWTAuth(fn JWTValidateFunc) echo.HandlerFunc { return func(c *echo.Context) error { // Skip WebSocket if (c.Request().Header.Get(echo.Upgrade)) == echo.WebSocket { return nil } auth := c.Request().Header.Get("Authorization") l := len(Bearer) he := echo.NewHTTPError(http.StatusBadRequest) if len(auth) > l+1 && auth[:l] == Bearer { t, err := jwt.Parse(auth[l+1:], func(token *jwt.Token) (interface{}, error) { // Lookup key and verify method if kid := token.Header["kid"]; kid != nil { return fn(kid.(string), token.Method) } return fn("", token.Method) }) if err == nil && t.Valid { c.Set("_claims", t.Claims) return nil } else { he.SetCode(http.StatusUnauthorized) } } return he } }
// BasicAuth returns an HTTP basic authentication middleware. // // For valid credentials it calls the next handler. // For invalid Authorization header it sends "404 - Bad Request" response. // For invalid credentials, it sends "401 - Unauthorized" response. func BasicAuth(fn BasicValidateFunc) echo.HandlerFunc { return func(c *echo.Context) error { // Skip WebSocket if (c.Request().Header.Get(echo.Upgrade)) == echo.WebSocket { return nil } auth := c.Request().Header.Get(echo.Authorization) l := len(Basic) he := echo.NewHTTPError(http.StatusBadRequest) println(auth) if len(auth) > l+1 && auth[:l] == Basic { b, err := base64.StdEncoding.DecodeString(auth[l+1:]) if err == nil { cred := string(b) for i := 0; i < len(cred); i++ { if cred[i] == ':' { // Verify credentials if fn(cred[:i], cred[i+1:]) { return nil } he.SetCode(http.StatusUnauthorized) } } } } return he } }
// // POST /account/login // func login(c *echo.Context) error { if !formContains(c, "username", "password", "uuid", "clientname") { return echo.NewHTTPError(400) } user := store.GetUser(form(c, "username")) if user == nil { return echo.NewHTTPError(401) } if correctPassword(user.Password, form(c, "password")) { uuid := form(c, "uuid") for _, client := range user.Clients { if uuid == client.UUID { return c.JSON(200, token{client.Token}) } } t, err := createToken(32) if err != nil { return err } err = store.AddClient(user.ID, &Client{ Token: t, UUID: uuid, Name: form(c, "clientname"), }) if err != nil { return err } return c.JSON(200, token{t}) } return echo.NewHTTPError(401) }