-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjwt.go
104 lines (90 loc) · 2.6 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package jwt
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"encoding/json"
"strconv"
"strings"
"time"
)
type JWTPayload struct {
Admin bool
Email string
Expire int64
}
type JWTGenerator struct {
Secret []byte
}
func NewJWTGenerator(secret string) *JWTGenerator {
return &JWTGenerator{Secret: []byte(secret)}
}
func (generator *JWTGenerator) EncodeBase64(src []byte) string {
return base64.StdEncoding.EncodeToString(src)
}
func (generator *JWTGenerator) DecodeBase64(src string) []byte {
dst, _ := base64.StdEncoding.DecodeString(src)
return dst
}
func (generator *JWTGenerator) EncodeJWT(header string, payload string) []byte {
return generator.EncodeHMAC(header + "." + payload)
}
func (generator *JWTGenerator) EncodeHMAC(src string) []byte {
mac := hmac.New(sha256.New, generator.Secret)
mac.Write([]byte(src))
return mac.Sum(nil)
}
func (generator *JWTGenerator) ValidateJWT(src string) bool {
jwt := strings.Split(src, ".")
if len(jwt) != 3 {
return false
}
return hmac.Equal(generator.DecodeBase64(jwt[2]),
generator.EncodeJWT(jwt[0], jwt[1]))
}
func (generator *JWTGenerator) GenerateJWT(email string, admin bool) (jwt string) {
header := make(map[string]string)
payload := make(map[string]string)
header["alg"] = "HS256"
header["typ"] = "JWT"
payload["mail"] = email
payload["sub"] = "auth"
now := time.Now().Unix()
payload["exp"] = strconv.FormatInt(now+5*3600, 10)
if admin {
payload["admin"] = "1"
} else {
payload["admin"] = "0"
}
jsonHeader, _ := json.Marshal(header)
jsonPayload, _ := json.Marshal(payload)
bs64Header := generator.EncodeBase64(jsonHeader)
bs64payload := generator.EncodeBase64(jsonPayload)
bs64signature := generator.EncodeBase64(generator.EncodeJWT(bs64Header, bs64payload))
jwt = bs64Header + "." + bs64payload + "." + bs64signature
return
}
func (generator *JWTGenerator) RenewJWT(jwt string) (new string) {
payload := generator.Decode(jwt)
new = generator.GenerateJWT(payload.Email, payload.Admin)
return
}
func (generator *JWTGenerator) CheckExpire(exp int64) (expire bool) {
now := time.Now().Unix()
expire = now > exp
return
}
func (generator *JWTGenerator) CheckReLogin(exp int64) (relogin bool) {
now := time.Now().Unix()
relogin = now > exp+3600*24*14
return
}
func (generator *JWTGenerator) Decode(jwt string) (payload JWTPayload) {
bs64Payload := generator.DecodeBase64(strings.Split(jwt, ".")[1])
mapPayload := make(map[string]string)
json.Unmarshal(bs64Payload, &mapPayload)
payload.Email = mapPayload["mail"]
payload.Admin = mapPayload["admin"] == "1"
payload.Expire, _ = strconv.ParseInt(mapPayload["exp"], 10, 64)
return
}