From 7be0c7c6d3c0a5620b6c3d20f882c82eb0dfc67e Mon Sep 17 00:00:00 2001 From: ostiwe Date: Tue, 4 Nov 2025 13:46:19 +0300 Subject: [PATCH] refactor!: Update JWT logic - Change algo from ed25519 to rsa256 - Use gin-jwt lib for JWT middleware --- .env | 4 +-- _example/keys/jwt_private.pem | 28 ++++++++++++++++++++ _example/keys/jwt_private_key.pem | 3 --- _example/keys/jwt_public.pem | 9 +++++++ _example/keys/jwt_public_key.pem | 3 --- modules/jwt/jwt.go | 44 ++++++++++++++++--------------- 6 files changed, 62 insertions(+), 29 deletions(-) create mode 100644 _example/keys/jwt_private.pem delete mode 100644 _example/keys/jwt_private_key.pem create mode 100644 _example/keys/jwt_public.pem delete mode 100644 _example/keys/jwt_public_key.pem diff --git a/.env b/.env index 494244b..8442022 100644 --- a/.env +++ b/.env @@ -20,6 +20,6 @@ RABBIT_PASSWORD=user RABBIT_HOST=localhost RABBIT_PORT=5672 -JWT_SIGN_PUBLIC_KEY_PATH=_example/keys/jwt_public_key.pem -JWT_SIGN_PRIVATE_KEY_PATH=_example/keys/jwt_private_key.pem +JWT_SIGN_PUBLIC_KEY_PATH=_example/keys/jwt_public.pem +JWT_SIGN_PRIVATE_KEY_PATH=_example/keys/jwt_private.pem JWT_TRUSTED_HOSTS= \ No newline at end of file diff --git a/_example/keys/jwt_private.pem b/_example/keys/jwt_private.pem new file mode 100644 index 0000000..eb4693d --- /dev/null +++ b/_example/keys/jwt_private.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Pp5QB2glt2gs +l2A7I9h2ManWeoe/83TOethZGyC9ujZTgA3kO8M3bs7reEYuwEQvMijx3Qvf/ORp +cMag+VmNPKBWCpdzY3PANdQP546JqUjIVCNyPr2+z6N+ColSqAiuB159F7g6Lfei +5TR25Eu2tadvBX+oMCLrziIPwOuac4ZybyvEs5uPGN/uyQbN3d2bxa/07YkdMqDh +alVQZJ95r9vJj6wycxn1cslbGDXYDyXx7aC1x/8dLcewYb79WoBdTFHaa+2Kpv2q +e2LRgrAIk1JuHKNar5PjMoegsQ10WUeKl92afEL1MxSFliQbNyND91yNMTGkM+e2 +ERUyZHZpAgMBAAECggEAAgUaZ5O/GVsvv/26E0cDqR1HRXMSWB/c3BQHmCglMiBt +z3kH3b9flHMJP1TRShj3XV7iBqojAyMgL/ymc9KoPPOmaW3F40CYPmYv3OkI2zws +8p9FQC2KNuKPfTQ69Vtm9dPXfkx0CjFeYAi5CttYLoK6U8n274Pv24ukwDB5uTZI +wXcAsWeiB7UD4gdIU5JwFr1Awx7oWgxT979XC+X/jIKDHfpRSmF+VDz8Mkoi4gLK +YIqq3hXeMm9DKHuqxjH193G3oh06/yYZlS2durVWaQsu98WbkhZKIlV9Mgl+aPm/ +NgjG3QmcbTaPTrf+wrepiAr31NSTkOn5G07mFCMeMQKBgQDvxkRmuQ25F+8QfsFg +C0hIW7UF8V7y5bsIguzD+RymsfO8LaIcXPbZA+XRLvmzAxJuG4TTBd9Hk9VueEQF +dTXVjpjSSx2zWb1UkGA2TE2aQO+yhJ6gbhZ/OOJb3Kxp5imXRq/EgT6f5APnY31E +ysnALFSx+9BuAOo4gwvao+/30QKBgQDFx7P1wMuoCrFpr0mplqa4bXuM6H6cUonn +a9vPrVRwbRSx8xc+iMRoFjOR2BWsMxhAm2t6WleT1DrOXKxjHQmyf6VGknGydxdX +al4yLjkeD8nzfDR/EhVDMN+4ld990WNAZZWm+rX4Y4mISt8o8Z0Tq8N9R3s4g4aT +eFYBXHTTGQKBgCyVdz6Khky2cJNmnlpXfrdFpiFWwkr0AJUSkyfVeEheqm2BJrWT +a6rqmJ8O1ws8NP8YSthaLSxIBtWlszA4nSv6edwQb5NbymKg/eLayUs3a9qL4lr+ +XVyGnUBrhfui+nTQhfpJ9fURFtC9pRtXgbAkDhOSOS1bKjIb2+ZpuUMhAoGBALGZ +jK4nvDlfsMR4VStmTrvaBFIaDGePbqpTHoW03dg++5B3++15nvTgytoyMfP5xdNu +POsX6QCkWVIpwdsWnjidiup+Yn6hlmI27/Mbssqd3vk4FWPt9w3o+1yjqJcwyXFw +Rxw0kedEaqHqqc34eNbLLLZ409uBr/0I2CJMxdMxAoGAYVED4ltIlK8Z9fKaoNuG +eC6FBEDsN2RnXZg2qyE2yEw9DwWun6e42CO/mDXfRB2jOFxSVXP27w+6G9dsN+QG +U9Gv+AZY1Kr29qvHHheA6RhyeGMSrsfBj7U2TmUzj2xwvjoENsxBj1rDoCgIK8hB +o/nsWmEy9tf6xs8KTjztHZw= +-----END PRIVATE KEY----- diff --git a/_example/keys/jwt_private_key.pem b/_example/keys/jwt_private_key.pem deleted file mode 100644 index 385ed01..0000000 --- a/_example/keys/jwt_private_key.pem +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIErwGenQ53CBtItiMuRBUgrn5/l1uYW6RiAoE+9IFqtj ------END PRIVATE KEY----- diff --git a/_example/keys/jwt_public.pem b/_example/keys/jwt_public.pem new file mode 100644 index 0000000..43cc7e5 --- /dev/null +++ b/_example/keys/jwt_public.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT6eUAdoJbdoLJdgOyPY +djGp1nqHv/N0znrYWRsgvbo2U4AN5DvDN27O63hGLsBELzIo8d0L3/zkaXDGoPlZ +jTygVgqXc2NzwDXUD+eOialIyFQjcj69vs+jfgqJUqgIrgdefRe4Oi33ouU0duRL +trWnbwV/qDAi684iD8DrmnOGcm8rxLObjxjf7skGzd3dm8Wv9O2JHTKg4WpVUGSf +ea/byY+sMnMZ9XLJWxg12A8l8e2gtcf/HS3HsGG+/VqAXUxR2mvtiqb9qnti0YKw +CJNSbhyjWq+T4zKHoLENdFlHipfdmnxC9TMUhZYkGzcjQ/dcjTExpDPnthEVMmR2 +aQIDAQAB +-----END PUBLIC KEY----- diff --git a/_example/keys/jwt_public_key.pem b/_example/keys/jwt_public_key.pem deleted file mode 100644 index 8974694..0000000 --- a/_example/keys/jwt_public_key.pem +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN PUBLIC KEY----- -MCowBQYDK2VwAyEANttz9RhiE7FXL4A/PX3GfgxhWxSwKy5zhxrNHXifszs= ------END PUBLIC KEY----- diff --git a/modules/jwt/jwt.go b/modules/jwt/jwt.go index eafe250..39df32c 100644 --- a/modules/jwt/jwt.go +++ b/modules/jwt/jwt.go @@ -1,24 +1,24 @@ package jwt import ( - "crypto/ed25519" + "crypto/rsa" + "net/http" "os" "strings" "time" "git.ostiwe.com/ostiwe-com/status/model" "git.ostiwe.com/ostiwe-com/status/settings" - "github.com/go-chi/jwtauth/v5" + ginJwt "github.com/appleboy/gin-jwt/v3" "github.com/golang-jwt/jwt/v5" - "github.com/lestrrat-go/jwx/v2/jwa" ) var ( - signKey *ed25519.PrivateKey - publicSignKey *ed25519.PublicKey - signMethod jwt.SigningMethod + signKey *rsa.PrivateKey + publicSignKey *rsa.PublicKey + signMethod jwt.SigningMethod = jwt.SigningMethodRS256 - TokenAuth *jwtauth.JWTAuth + AuthMiddleware *ginJwt.GinJWTMiddleware ) func init() { @@ -32,6 +32,8 @@ func init() { jwtPrivateKeyPath = settings.WorkingDir + "/" + jwtPrivateKeyPath } + var err error + publicFile, err := os.ReadFile(jwtPublicKeyPath) if err != nil { panic(err) @@ -42,31 +44,31 @@ func init() { panic(err) } - privateKey, err := jwt.ParseEdPrivateKeyFromPEM(privateFile) + signKey, err = jwt.ParseRSAPrivateKeyFromPEM(privateFile) if err != nil { panic(err) } - publicKey, err := jwt.ParseEdPublicKeyFromPEM(publicFile) + publicSignKey, err = jwt.ParseRSAPublicKeyFromPEM(publicFile) if err != nil { panic(err) } - pk, ok := privateKey.(ed25519.PrivateKey) - if !ok { - panic("invalid ed25519 private key") + AuthMiddleware = &ginJwt.GinJWTMiddleware{ + SigningAlgorithm: signMethod.Alg(), + PrivKeyBytes: privateFile, + PubKeyBytes: publicFile, + Timeout: time.Hour * 6, + MaxRefresh: time.Hour * 24 * 7, + SecureCookie: true, + CookieHTTPOnly: true, + CookieSameSite: http.SameSiteStrictMode, + SendCookie: true, } - k, ok := publicKey.(ed25519.PublicKey) - if !ok { - panic("invalid ed25519 public key") + if err = AuthMiddleware.MiddlewareInit(); err != nil { + panic(err) } - - signKey = &pk - publicSignKey = &k - signMethod = jwt.SigningMethodEdDSA - - TokenAuth = jwtauth.New(string(jwa.EdDSA), signKey, publicSignKey) } func CreateByUser(user *model.User) (string, error) {