.env

@@ -20,6 +20,6 @@ RABBIT_PASSWORD=user
 RABBIT_HOST=localhost
 RABBIT_PORT=5672
 
-JWT_SIGN_PUBLIC_KEY_PATH=_example/keys/jwt_public_key.pem
-JWT_SIGN_PRIVATE_KEY_PATH=_example/keys/jwt_private_key.pem
+JWT_SIGN_PUBLIC_KEY_PATH=_example/keys/jwt_public.pem
+JWT_SIGN_PRIVATE_KEY_PATH=_example/keys/jwt_private.pem
 JWT_TRUSTED_HOSTS=

_example/keys/jwt_private.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5Pp5QB2glt2gs
+l2A7I9h2ManWeoe/83TOethZGyC9ujZTgA3kO8M3bs7reEYuwEQvMijx3Qvf/ORp
+cMag+VmNPKBWCpdzY3PANdQP546JqUjIVCNyPr2+z6N+ColSqAiuB159F7g6Lfei
+5TR25Eu2tadvBX+oMCLrziIPwOuac4ZybyvEs5uPGN/uyQbN3d2bxa/07YkdMqDh
+alVQZJ95r9vJj6wycxn1cslbGDXYDyXx7aC1x/8dLcewYb79WoBdTFHaa+2Kpv2q
+e2LRgrAIk1JuHKNar5PjMoegsQ10WUeKl92afEL1MxSFliQbNyND91yNMTGkM+e2
+ERUyZHZpAgMBAAECggEAAgUaZ5O/GVsvv/26E0cDqR1HRXMSWB/c3BQHmCglMiBt
+z3kH3b9flHMJP1TRShj3XV7iBqojAyMgL/ymc9KoPPOmaW3F40CYPmYv3OkI2zws
+8p9FQC2KNuKPfTQ69Vtm9dPXfkx0CjFeYAi5CttYLoK6U8n274Pv24ukwDB5uTZI
+wXcAsWeiB7UD4gdIU5JwFr1Awx7oWgxT979XC+X/jIKDHfpRSmF+VDz8Mkoi4gLK
+YIqq3hXeMm9DKHuqxjH193G3oh06/yYZlS2durVWaQsu98WbkhZKIlV9Mgl+aPm/
+NgjG3QmcbTaPTrf+wrepiAr31NSTkOn5G07mFCMeMQKBgQDvxkRmuQ25F+8QfsFg
+C0hIW7UF8V7y5bsIguzD+RymsfO8LaIcXPbZA+XRLvmzAxJuG4TTBd9Hk9VueEQF
+dTXVjpjSSx2zWb1UkGA2TE2aQO+yhJ6gbhZ/OOJb3Kxp5imXRq/EgT6f5APnY31E
+ysnALFSx+9BuAOo4gwvao+/30QKBgQDFx7P1wMuoCrFpr0mplqa4bXuM6H6cUonn
+a9vPrVRwbRSx8xc+iMRoFjOR2BWsMxhAm2t6WleT1DrOXKxjHQmyf6VGknGydxdX
+al4yLjkeD8nzfDR/EhVDMN+4ld990WNAZZWm+rX4Y4mISt8o8Z0Tq8N9R3s4g4aT
+eFYBXHTTGQKBgCyVdz6Khky2cJNmnlpXfrdFpiFWwkr0AJUSkyfVeEheqm2BJrWT
+a6rqmJ8O1ws8NP8YSthaLSxIBtWlszA4nSv6edwQb5NbymKg/eLayUs3a9qL4lr+
+XVyGnUBrhfui+nTQhfpJ9fURFtC9pRtXgbAkDhOSOS1bKjIb2+ZpuUMhAoGBALGZ
+jK4nvDlfsMR4VStmTrvaBFIaDGePbqpTHoW03dg++5B3++15nvTgytoyMfP5xdNu
+POsX6QCkWVIpwdsWnjidiup+Yn6hlmI27/Mbssqd3vk4FWPt9w3o+1yjqJcwyXFw
+Rxw0kedEaqHqqc34eNbLLLZ409uBr/0I2CJMxdMxAoGAYVED4ltIlK8Z9fKaoNuG
+eC6FBEDsN2RnXZg2qyE2yEw9DwWun6e42CO/mDXfRB2jOFxSVXP27w+6G9dsN+QG
+U9Gv+AZY1Kr29qvHHheA6RhyeGMSrsfBj7U2TmUzj2xwvjoENsxBj1rDoCgIK8hB
+o/nsWmEy9tf6xs8KTjztHZw=
+-----END PRIVATE KEY-----

_example/keys/jwt_private_key.pem

@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIErwGenQ53CBtItiMuRBUgrn5/l1uYW6RiAoE+9IFqtj
------END PRIVATE KEY-----

_example/keys/jwt_public.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuT6eUAdoJbdoLJdgOyPY
+djGp1nqHv/N0znrYWRsgvbo2U4AN5DvDN27O63hGLsBELzIo8d0L3/zkaXDGoPlZ
+jTygVgqXc2NzwDXUD+eOialIyFQjcj69vs+jfgqJUqgIrgdefRe4Oi33ouU0duRL
+trWnbwV/qDAi684iD8DrmnOGcm8rxLObjxjf7skGzd3dm8Wv9O2JHTKg4WpVUGSf
+ea/byY+sMnMZ9XLJWxg12A8l8e2gtcf/HS3HsGG+/VqAXUxR2mvtiqb9qnti0YKw
+CJNSbhyjWq+T4zKHoLENdFlHipfdmnxC9TMUhZYkGzcjQ/dcjTExpDPnthEVMmR2
+aQIDAQAB
+-----END PUBLIC KEY-----

_example/keys/jwt_public_key.pem

@@ -1,3 +0,0 @@
------BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEANttz9RhiE7FXL4A/PX3GfgxhWxSwKy5zhxrNHXifszs=
------END PUBLIC KEY-----

modules/jwt/jwt.go

@@ -1,24 +1,24 @@
 package jwt
 
 import (
-	"crypto/ed25519"
+	"crypto/rsa"
+	"net/http"
 	"os"
 	"strings"
 	"time"
 
 	"git.ostiwe.com/ostiwe-com/status/model"
 	"git.ostiwe.com/ostiwe-com/status/settings"
-	"github.com/go-chi/jwtauth/v5"
+	ginJwt "github.com/appleboy/gin-jwt/v3"
 	"github.com/golang-jwt/jwt/v5"
-	"github.com/lestrrat-go/jwx/v2/jwa"
 )
 
 var (
-	signKey       *ed25519.PrivateKey
-	publicSignKey *ed25519.PublicKey
-	signMethod    jwt.SigningMethod
+	signKey       *rsa.PrivateKey
+	publicSignKey *rsa.PublicKey
+	signMethod    jwt.SigningMethod = jwt.SigningMethodRS256
 
-	TokenAuth *jwtauth.JWTAuth
+	AuthMiddleware *ginJwt.GinJWTMiddleware
 )
 
 func init() {
@@ -32,6 +32,8 @@ func init() {
 		jwtPrivateKeyPath = settings.WorkingDir + "/" + jwtPrivateKeyPath
 	}
 
+	var err error
+
 	publicFile, err := os.ReadFile(jwtPublicKeyPath)
 	if err != nil {
 		panic(err)
@@ -42,31 +44,31 @@ func init() {
 		panic(err)
 	}
 
-	privateKey, err := jwt.ParseEdPrivateKeyFromPEM(privateFile)
+	signKey, err = jwt.ParseRSAPrivateKeyFromPEM(privateFile)
 	if err != nil {
 		panic(err)
 	}
 
-	publicKey, err := jwt.ParseEdPublicKeyFromPEM(publicFile)
+	publicSignKey, err = jwt.ParseRSAPublicKeyFromPEM(publicFile)
 	if err != nil {
 		panic(err)
 	}
 
-	pk, ok := privateKey.(ed25519.PrivateKey)
-	if !ok {
-		panic("invalid ed25519 private key")
+	AuthMiddleware = &ginJwt.GinJWTMiddleware{
+		SigningAlgorithm: signMethod.Alg(),
+		PrivKeyBytes:     privateFile,
+		PubKeyBytes:      publicFile,
+		Timeout:          time.Hour * 6,
+		MaxRefresh:       time.Hour * 24 * 7,
+		SecureCookie:     true,
+		CookieHTTPOnly:   true,
+		CookieSameSite:   http.SameSiteStrictMode,
+		SendCookie:       true,
 	}
 
-	k, ok := publicKey.(ed25519.PublicKey)
-	if !ok {
-		panic("invalid ed25519 public key")
+	if err = AuthMiddleware.MiddlewareInit(); err != nil {
+		panic(err)
 	}
-
-	signKey = &pk
-	publicSignKey = &k
-	signMethod = jwt.SigningMethodEdDSA
-
-	TokenAuth = jwtauth.New(string(jwa.EdDSA), signKey, publicSignKey)
 }
 
 func CreateByUser(user *model.User) (string, error) {