bit-badger/myPrayerJournal
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases 36 Activity
myPrayerJournal/src/api/routes/router.go
Daniel J. Summers 79ced40470 Most API features now work 
- Switched from Vestigo to ozzo-routing in a misguided attempt to get JSON to parse as a form; not switching back at this point
- Fixed error with request SQL for individual requests
- Parsing JSON body works now

Still need to handle "no rows found" for journal/answered lists; this isn't an error for new users
2018-05-26 22:18:26 -05:00

124 lines
3.4 KiB
Go
Raw Blame History

package routes
import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"log"
"net/http"
"github.com/auth0/go-jwt-middleware"
jwt "github.com/dgrijalva/jwt-go"
"github.com/go-ozzo/ozzo-routing"
"github.com/go-ozzo/ozzo-routing/access"
"github.com/go-ozzo/ozzo-routing/fault"
)
// AuthConfig contains the Auth0 configuration passed from the "auth" JSON object.
type AuthConfig struct {
Domain string `json:"domain"`
ClientID string `json:"id"`
ClientSecret string `json:"secret"`
}
// JWKS is a structure into which the JSON Web Key Set is unmarshaled.
type JWKS struct {
Keys []JWK `json:"keys"`
}
// JWK is a structure into which a single JSON Web Key is unmarshaled.
type JWK struct {
Kty string `json:"kty"`
Kid string `json:"kid"`
Use string `json:"use"`
N string `json:"n"`
E string `json:"e"`
X5c []string `json:"x5c"`
}
// authCfg is the Auth0 configuration provided at application startup.
var authCfg *AuthConfig
// jwksBytes is a cache of the JSON Web Key Set for this domain.
var jwksBytes = make([]byte, 0)
// getPEMCert is a function to get the applicable certificate for a JSON Web Token.
func getPEMCert(token *jwt.Token) (string, error) {
cert := ""
if len(jwksBytes) == 0 {
resp, err := http.Get(fmt.Sprintf("https://%s/.well-known/jwks.json", authCfg.Domain))
if err != nil {
return cert, err
}
defer resp.Body.Close()
if jwksBytes, err = ioutil.ReadAll(resp.Body); err != nil {
return cert, err
}
}
jwks := JWKS{}
if err := json.Unmarshal(jwksBytes, &jwks); err != nil {
return cert, err
}
for k, v := range jwks.Keys[0].X5c {
if token.Header["kid"] == jwks.Keys[k].Kid {
cert = fmt.Sprintf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----", v)
}
}
if cert == "" {
err := errors.New("unable to find appropriate key")
return cert, err
}
return cert, nil
}
// authZero is an instance of Auth0's JWT middlware. Since it doesn't support the http.HandlerFunc sig, it is wrapped
// below; it's defined outside that function, though, so it does not get recreated every time.
var authZero = jwtmiddleware.New(jwtmiddleware.Options{
ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
if checkAud := token.Claims.(jwt.MapClaims).VerifyAudience(authCfg.ClientID, false); !checkAud {
return token, errors.New("invalid audience")
}
iss := fmt.Sprintf("https://%s/", authCfg.Domain)
if checkIss := token.Claims.(jwt.MapClaims).VerifyIssuer(iss, false); !checkIss {
return token, errors.New("invalid issuer")
}
cert, err := getPEMCert(token)
if err != nil {
panic(err.Error())
}
result, _ := jwt.ParseRSAPublicKeyFromPEM([]byte(cert))
return result, nil
},
SigningMethod: jwt.SigningMethodRS256,
})
// authMiddleware is a wrapper for the Auth0 middleware above with a signature ozzo-routing recognizes.
func authMiddleware(c *routing.Context) error {
return authZero.CheckJWT(c.Response, c.Request)
}
// NewRouter returns a configured router to handle all incoming requests.
func NewRouter(cfg *AuthConfig) *routing.Router {
authCfg = cfg
router := routing.New()
router.Use(
access.Logger(log.Printf), // TODO: remove before go-live
fault.Recovery(log.Printf),
)
for _, route := range routes {
if route.IsPublic {
router.To(route.Method, route.Pattern, route.Func)
} else {
router.To(route.Method, route.Pattern, authMiddleware, route.Func)
}
}
return router
}
Reference in New Issue View Git Blame Copy Permalink