refactor!: Update JWT logic
- Change algo from ed25519 to rsa256 - Use gin-jwt lib for JWT middleware
This commit is contained in:
4
.env
4
.env
@@ -20,6 +20,6 @@ RABBIT_PASSWORD=user
|
||||
RABBIT_HOST=localhost
|
||||
RABBIT_PORT=5672
|
||||
|
||||
JWT_SIGN_PUBLIC_KEY_PATH=_example/keys/jwt_public_key.pem
|
||||
JWT_SIGN_PRIVATE_KEY_PATH=_example/keys/jwt_private_key.pem
|
||||
JWT_SIGN_PUBLIC_KEY_PATH=_example/keys/jwt_public.pem
|
||||
JWT_SIGN_PRIVATE_KEY_PATH=_example/keys/jwt_private.pem
|
||||
JWT_TRUSTED_HOSTS=
|
||||
28
_example/keys/jwt_private.pem
Normal file
28
_example/keys/jwt_private.pem
Normal file
@@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Pp5QB2glt2gs
|
||||
l2A7I9h2ManWeoe/83TOethZGyC9ujZTgA3kO8M3bs7reEYuwEQvMijx3Qvf/ORp
|
||||
cMag+VmNPKBWCpdzY3PANdQP546JqUjIVCNyPr2+z6N+ColSqAiuB159F7g6Lfei
|
||||
5TR25Eu2tadvBX+oMCLrziIPwOuac4ZybyvEs5uPGN/uyQbN3d2bxa/07YkdMqDh
|
||||
alVQZJ95r9vJj6wycxn1cslbGDXYDyXx7aC1x/8dLcewYb79WoBdTFHaa+2Kpv2q
|
||||
e2LRgrAIk1JuHKNar5PjMoegsQ10WUeKl92afEL1MxSFliQbNyND91yNMTGkM+e2
|
||||
ERUyZHZpAgMBAAECggEAAgUaZ5O/GVsvv/26E0cDqR1HRXMSWB/c3BQHmCglMiBt
|
||||
z3kH3b9flHMJP1TRShj3XV7iBqojAyMgL/ymc9KoPPOmaW3F40CYPmYv3OkI2zws
|
||||
8p9FQC2KNuKPfTQ69Vtm9dPXfkx0CjFeYAi5CttYLoK6U8n274Pv24ukwDB5uTZI
|
||||
wXcAsWeiB7UD4gdIU5JwFr1Awx7oWgxT979XC+X/jIKDHfpRSmF+VDz8Mkoi4gLK
|
||||
YIqq3hXeMm9DKHuqxjH193G3oh06/yYZlS2durVWaQsu98WbkhZKIlV9Mgl+aPm/
|
||||
NgjG3QmcbTaPTrf+wrepiAr31NSTkOn5G07mFCMeMQKBgQDvxkRmuQ25F+8QfsFg
|
||||
C0hIW7UF8V7y5bsIguzD+RymsfO8LaIcXPbZA+XRLvmzAxJuG4TTBd9Hk9VueEQF
|
||||
dTXVjpjSSx2zWb1UkGA2TE2aQO+yhJ6gbhZ/OOJb3Kxp5imXRq/EgT6f5APnY31E
|
||||
ysnALFSx+9BuAOo4gwvao+/30QKBgQDFx7P1wMuoCrFpr0mplqa4bXuM6H6cUonn
|
||||
a9vPrVRwbRSx8xc+iMRoFjOR2BWsMxhAm2t6WleT1DrOXKxjHQmyf6VGknGydxdX
|
||||
al4yLjkeD8nzfDR/EhVDMN+4ld990WNAZZWm+rX4Y4mISt8o8Z0Tq8N9R3s4g4aT
|
||||
eFYBXHTTGQKBgCyVdz6Khky2cJNmnlpXfrdFpiFWwkr0AJUSkyfVeEheqm2BJrWT
|
||||
a6rqmJ8O1ws8NP8YSthaLSxIBtWlszA4nSv6edwQb5NbymKg/eLayUs3a9qL4lr+
|
||||
XVyGnUBrhfui+nTQhfpJ9fURFtC9pRtXgbAkDhOSOS1bKjIb2+ZpuUMhAoGBALGZ
|
||||
jK4nvDlfsMR4VStmTrvaBFIaDGePbqpTHoW03dg++5B3++15nvTgytoyMfP5xdNu
|
||||
POsX6QCkWVIpwdsWnjidiup+Yn6hlmI27/Mbssqd3vk4FWPt9w3o+1yjqJcwyXFw
|
||||
Rxw0kedEaqHqqc34eNbLLLZ409uBr/0I2CJMxdMxAoGAYVED4ltIlK8Z9fKaoNuG
|
||||
eC6FBEDsN2RnXZg2qyE2yEw9DwWun6e42CO/mDXfRB2jOFxSVXP27w+6G9dsN+QG
|
||||
U9Gv+AZY1Kr29qvHHheA6RhyeGMSrsfBj7U2TmUzj2xwvjoENsxBj1rDoCgIK8hB
|
||||
o/nsWmEy9tf6xs8KTjztHZw=
|
||||
-----END PRIVATE KEY-----
|
||||
@@ -1,3 +0,0 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIErwGenQ53CBtItiMuRBUgrn5/l1uYW6RiAoE+9IFqtj
|
||||
-----END PRIVATE KEY-----
|
||||
9
_example/keys/jwt_public.pem
Normal file
9
_example/keys/jwt_public.pem
Normal file
@@ -0,0 +1,9 @@
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT6eUAdoJbdoLJdgOyPY
|
||||
djGp1nqHv/N0znrYWRsgvbo2U4AN5DvDN27O63hGLsBELzIo8d0L3/zkaXDGoPlZ
|
||||
jTygVgqXc2NzwDXUD+eOialIyFQjcj69vs+jfgqJUqgIrgdefRe4Oi33ouU0duRL
|
||||
trWnbwV/qDAi684iD8DrmnOGcm8rxLObjxjf7skGzd3dm8Wv9O2JHTKg4WpVUGSf
|
||||
ea/byY+sMnMZ9XLJWxg12A8l8e2gtcf/HS3HsGG+/VqAXUxR2mvtiqb9qnti0YKw
|
||||
CJNSbhyjWq+T4zKHoLENdFlHipfdmnxC9TMUhZYkGzcjQ/dcjTExpDPnthEVMmR2
|
||||
aQIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
@@ -1,3 +0,0 @@
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MCowBQYDK2VwAyEANttz9RhiE7FXL4A/PX3GfgxhWxSwKy5zhxrNHXifszs=
|
||||
-----END PUBLIC KEY-----
|
||||
@@ -1,24 +1,24 @@
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"crypto/ed25519"
|
||||
"crypto/rsa"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.ostiwe.com/ostiwe-com/status/model"
|
||||
"git.ostiwe.com/ostiwe-com/status/settings"
|
||||
"github.com/go-chi/jwtauth/v5"
|
||||
ginJwt "github.com/appleboy/gin-jwt/v3"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
)
|
||||
|
||||
var (
|
||||
signKey *ed25519.PrivateKey
|
||||
publicSignKey *ed25519.PublicKey
|
||||
signMethod jwt.SigningMethod
|
||||
signKey *rsa.PrivateKey
|
||||
publicSignKey *rsa.PublicKey
|
||||
signMethod jwt.SigningMethod = jwt.SigningMethodRS256
|
||||
|
||||
TokenAuth *jwtauth.JWTAuth
|
||||
AuthMiddleware *ginJwt.GinJWTMiddleware
|
||||
)
|
||||
|
||||
func init() {
|
||||
@@ -32,6 +32,8 @@ func init() {
|
||||
jwtPrivateKeyPath = settings.WorkingDir + "/" + jwtPrivateKeyPath
|
||||
}
|
||||
|
||||
var err error
|
||||
|
||||
publicFile, err := os.ReadFile(jwtPublicKeyPath)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
@@ -42,31 +44,31 @@ func init() {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
privateKey, err := jwt.ParseEdPrivateKeyFromPEM(privateFile)
|
||||
signKey, err = jwt.ParseRSAPrivateKeyFromPEM(privateFile)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
publicKey, err := jwt.ParseEdPublicKeyFromPEM(publicFile)
|
||||
publicSignKey, err = jwt.ParseRSAPublicKeyFromPEM(publicFile)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
pk, ok := privateKey.(ed25519.PrivateKey)
|
||||
if !ok {
|
||||
panic("invalid ed25519 private key")
|
||||
AuthMiddleware = &ginJwt.GinJWTMiddleware{
|
||||
SigningAlgorithm: signMethod.Alg(),
|
||||
PrivKeyBytes: privateFile,
|
||||
PubKeyBytes: publicFile,
|
||||
Timeout: time.Hour * 6,
|
||||
MaxRefresh: time.Hour * 24 * 7,
|
||||
SecureCookie: true,
|
||||
CookieHTTPOnly: true,
|
||||
CookieSameSite: http.SameSiteStrictMode,
|
||||
SendCookie: true,
|
||||
}
|
||||
|
||||
k, ok := publicKey.(ed25519.PublicKey)
|
||||
if !ok {
|
||||
panic("invalid ed25519 public key")
|
||||
if err = AuthMiddleware.MiddlewareInit(); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
signKey = &pk
|
||||
publicSignKey = &k
|
||||
signMethod = jwt.SigningMethodEdDSA
|
||||
|
||||
TokenAuth = jwtauth.New(string(jwa.EdDSA), signKey, publicSignKey)
|
||||
}
|
||||
|
||||
func CreateByUser(user *model.User) (string, error) {
|
||||
|
||||
Reference in New Issue
Block a user