Add support for more JWT algo methods

2022-02-12 15:54:23 +05:30
parent 6c2a4c3256
commit 8259fb515c
11 changed files with 151 additions and 120 deletions
--- a/server/token/jwt.go
+++ b/server/token/jwt.go
@@ -0,0 +1,83 @@
+package token
+
+import (
+	"errors"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/golang-jwt/jwt"
+)
+
+// SignJWTToken common util to sing jwt token
+func SignJWTToken(claims jwt.MapClaims) (string, error) {
+	jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
+	signingMethod := jwt.GetSigningMethod(jwtType)
+	t := jwt.New(signingMethod)
+	t.Claims = claims
+
+	switch signingMethod {
+	case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
+		return t.SignedString([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))
+	case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
+		key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)))
+		if err != nil {
+			return "", err
+		}
+		return t.SignedString(key)
+	case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:
+		key, err := jwt.ParseECPrivateKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)))
+		if err != nil {
+			return "", err
+		}
+		return t.SignedString(key)
+	default:
+		return "", errors.New("unsupported signing method")
+	}
+}
+
+// ParseJWTToken common util to parse jwt token
+func ParseJWTToken(token string) (jwt.MapClaims, error) {
+	jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
+	signingMethod := jwt.GetSigningMethod(jwtType)
+
+	var err error
+	var claims jwt.MapClaims
+
+	switch signingMethod {
+	case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
+		_, err = jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
+			return []byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil
+		})
+	case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
+		_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
+			key, err := jwt.ParseRSAPublicKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)))
+			if err != nil {
+				return nil, err
+			}
+			return key, nil
+		})
+	case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:
+		_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
+			key, err := jwt.ParseECPublicKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)))
+			if err != nil {
+				return nil, err
+			}
+			return key, nil
+		})
+	default:
+		err = errors.New("unsupported signing method")
+	}
+	if err != nil {
+		return claims, err
+	}
+
+	// claim parses exp & iat into float 64 with e^10,
+	// but we expect it to be int64
+	// hence we need to assert interface and convert to int64
+	intExp := int64(claims["exp"].(float64))
+	intIat := int64(claims["iat"].(float64))
+	claims["exp"] = intExp
+	claims["iat"] = intIat
+
+	return claims, nil
+}