From 6fdba1671e94488b2d79327d8cdd7325e5167acd Mon Sep 17 00:00:00 2001
From: Gosha Tcherednitchenko <git@gosha.net>
Date: Fri, 6 Sep 2024 11:12:58 +0100
Subject: [PATCH] auth: Actually working JWT authentication

---
 dev/test.http                     |  9 +++++++--
 src/apossiblespace/parts.clj      |  3 ++-
 src/apossiblespace/parts/auth.clj | 14 ++++++++++++--
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/dev/test.http b/dev/test.http
index 5dc288b..1f9490b 100644
--- a/dev/test.http
+++ b/dev/test.http
@@ -8,8 +8,8 @@ POST http://localhost:3000/api/auth/login
 Content-Type: application/json
 
 {
-  "email": "bob@bobson.com",
-  "password": "test1234"
+  "email": "test9@example.com",
+  "password": "password9"
 }
 
 # Failing login
@@ -20,3 +20,8 @@ Content-Type: application/json
   "email": "bob@bobson.com",
   "password": "4321tset"
 }
+
+# Get account info
+GET http://localhost:3000/api/account
+Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyLWlkIjoiY2M1YTVkMTYtYjgzYS00OTZkLTk5M2EtOTM2ZjQxOGUxZDNlIiwiZXhwIjoxNzI1NjE4NzIwfQ.NpBrduSxGICyTryLbuDQyOBK9VR4Wg-V23F_kRKrPMI
+Content-Type: application/json
diff --git a/src/apossiblespace/parts.clj b/src/apossiblespace/parts.clj
index a08a35e..bea60b1 100644
--- a/src/apossiblespace/parts.clj
+++ b/src/apossiblespace/parts.clj
@@ -47,7 +47,8 @@
        ["/register"
         {:post {:handler account/register-account}}]]]]
     {:data {:middleware [[wrap-json-body {:keywords? true}]
-                         wrap-json-response]}})
+                         wrap-json-response
+                         auth/wrap-jwt-authentication]}})
    (ring/routes
     (swagger-ui/create-swagger-ui-handler
      {:path "/"
diff --git a/src/apossiblespace/parts/auth.clj b/src/apossiblespace/parts/auth.clj
index 2da32eb..0c6bf48 100644
--- a/src/apossiblespace/parts/auth.clj
+++ b/src/apossiblespace/parts/auth.clj
@@ -15,7 +15,17 @@
 (def secret
   (conf/jwt-secret (conf/config)))
 
-(def auth-backend (backends/jws {:secret secret}))
+(def auth-backend
+  (backends/jws
+   {:secret secret
+    :options {:alg :hs256}
+    :on-error (fn [_request ex]
+                (mulog/log ::auth-backend :error (.getMessage ex))
+                nil)
+    :token-name "Bearer"
+    :auth-fn (fn [claims]
+               (mulog/log ::auth-backend-auth-fn :claims claims)
+               claims)}))
 
 (defn create-token
   "Create a JWT token that will expire in 1 hour"
@@ -24,7 +34,7 @@
         exp (.plusSeconds now 3600)
         claims {:user-id user-id
                 :exp (.getEpochSecond exp)}]
-    (jwt/sign claims secret)))
+    (jwt/sign claims secret {:alg :hs256})))
 
 (defn hash-password
   [password]