Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
dmsc
/
arp
1
0
Fork 0
Súbory Issues 0 Pull requesty 0
Strom: cd713697e0
Branche Tagy
arp
/
auth
/
auth.go

auth.go 2.7 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 
  1. package auth
    2. 

  2. 

  3. import (
    4. 

  4. 	"errors"
    5. 

  5. 	"time"
    6. 

  6. 

  7. 	"github.com/golang-jwt/jwt/v5"
    8. 

  8. 	"gogs.dmsc.dev/arp/models"
    9. 

  9. 	"golang.org/x/crypto/bcrypt"
    10. 

  10. )
    11. 

  11. 

  12. // Token expiration: 10 years
    13. 

  13. const TokenExpiration = 10 * 365 * 24 * time.Hour
    14. 

  14. 

  15. // JWT secret key - in production this should be loaded from environment
    16. 

  16. var jwtSecret = []byte("your-secret-key-change-in-production")
    17. 

  17. 

  18. // Claims represents the JWT claims
    19. 

  19. type Claims struct {
    20. 

  20. 	UserID      uint        `json:"user_id"`
    21. 

  21. 	Email       string      `json:"email"`
    22. 

  22. 	Roles       []RoleClaim `json:"roles"`
    23. 

  23. 	Permissions []string    `json:"permissions"`
    24. 

  24. 	jwt.RegisteredClaims
    25. 

  25. }
    26. 

  26. 

  27. // RoleClaim represents a role in the JWT
    28. 

  28. type RoleClaim struct {
    29. 

  29. 	ID   uint   `json:"id"`
    30. 

  30. 	Name string `json:"name"`
    31. 

  31. }
    32. 

  32. 

  33. // HashPassword hashes a password using bcrypt
    34. 

  34. func HashPassword(password string) (string, error) {
    35. 

  35. 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
    36. 

  36. 	return string(bytes), err
    37. 

  37. }
    38. 

  38. 

  39. // CheckPassword verifies a password against a hash
    40. 

  40. func CheckPassword(password, hash string) bool {
    41. 

  41. 	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
    42. 

  42. 	return err == nil
    43. 

  43. }
    44. 

  44. 

  45. // GenerateToken creates a JWT token for a user
    46. 

  46. func GenerateToken(user models.User) (string, error) {
    47. 

  47. 	// Build role claims
    48. 

  48. 	roles := make([]RoleClaim, len(user.Roles))
    49. 

  49. 	for i, role := range user.Roles {
    50. 

  50. 		roles[i] = RoleClaim{
    51. 

  51. 			ID:   role.ID,
    52. 

  52. 			Name: role.Name,
    53. 

  53. 		}
    54. 

  54. 	}
    55. 

  55. 

  56. 	// Build permission codes (deduplicated)
    57. 

  57. 	permSet := make(map[string]bool)
    58. 

  58. 	for _, role := range user.Roles {
    59. 

  59. 		for _, perm := range role.Permissions {
    60. 

  60. 			permSet[perm.Code] = true
    61. 

  61. 		}
    62. 

  62. 	}
    63. 

  63. 	permissions := make([]string, 0, len(permSet))
    64. 

  64. 	for perm := range permSet {
    65. 

  65. 		permissions = append(permissions, perm)
    66. 

  66. 	}
    67. 

  67. 

  68. 	claims := Claims{
    69. 

  69. 		UserID:      user.ID,
    70. 

  70. 		Email:       user.Email,
    71. 

  71. 		Roles:       roles,
    72. 

  72. 		Permissions: permissions,
    73. 

  73. 		RegisteredClaims: jwt.RegisteredClaims{
    74. 

  74. 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(TokenExpiration)),
    75. 

  75. 			IssuedAt:  jwt.NewNumericDate(time.Now()),
    76. 

  76. 		},
    77. 

  77. 	}
    78. 

  78. 

  79. 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
    80. 

  80. 	return token.SignedString(jwtSecret)
    81. 

  81. }
    82. 

  82. 

  83. // ValidateToken validates a JWT token and returns the claims
    84. 

  84. func ValidateToken(tokenString string) (*Claims, error) {
    85. 

  85. 	token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
    86. 

  86. 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
    87. 

  87. 			return nil, errors.New("unexpected signing method")
    88. 

  88. 		}
    89. 

  89. 		return jwtSecret, nil
    90. 

  90. 	})
    91. 

  91. 

  92. 	if err != nil {
    93. 

  93. 		return nil, err
    94. 

  94. 	}
    95. 

  95. 

  96. 	if claims, ok := token.Claims.(*Claims); ok && token.Valid {
    97. 

  97. 		return claims, nil
    98. 

  98. 	}
    99. 

  99. 

  100. 	return nil, errors.New("invalid token")
    101. 

  101. }
    102. 

  102. 

  103. // SetJWTSecret sets the JWT secret key (for testing or configuration)
    104. 

  104. func SetJWTSecret(secret []byte) {
    105. 

  105. 	jwtSecret = secret
    106. 

  106. }
    107.