authorizer/server/token/jwt.go

package token

import (
	"errors"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/envstore"
	"github.com/golang-jwt/jwt"
)

// SignJWTToken common util to sing jwt token
func SignJWTToken(claims jwt.MapClaims) (string, error) {
	jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
	signingMethod := jwt.GetSigningMethod(jwtType)
	if signingMethod == nil {
		return "", errors.New("unsupported signing method")
	}
	t := jwt.New(signingMethod)
	if t == nil {
		return "", errors.New("unsupported signing method")
	}
	t.Claims = claims

	switch signingMethod {
	case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
		return t.SignedString([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))
	case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
		key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)))
		if err != nil {
			return "", err
		}
		return t.SignedString(key)
	case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:
		key, err := jwt.ParseECPrivateKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)))
		if err != nil {
			return "", err
		}
		return t.SignedString(key)
	default:
		return "", errors.New("unsupported signing method")
	}
}

// ParseJWTToken common util to parse jwt token
func ParseJWTToken(token string) (jwt.MapClaims, error) {
	jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
	signingMethod := jwt.GetSigningMethod(jwtType)

	var err error
	var claims jwt.MapClaims

	switch signingMethod {
	case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
		_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
			return []byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil
		})
	case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
		_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
			key, err := jwt.ParseRSAPublicKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)))
			if err != nil {
				return nil, err
			}
			return key, nil
		})
	case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:
		_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
			key, err := jwt.ParseECPublicKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)))
			if err != nil {
				return nil, err
			}
			return key, nil
		})
	default:
		err = errors.New("unsupported signing method")
	}
	if err != nil {
		return claims, err
	}

	// claim parses exp & iat into float 64 with e^10,
	// but we expect it to be int64
	// hence we need to assert interface and convert to int64
	intExp := int64(claims["exp"].(float64))
	intIat := int64(claims["iat"].(float64))
	claims["exp"] = intExp
	claims["iat"] = intIat

	return claims, nil
}
Add support for more JWT algo methods 2022-02-12 10:24:23 +00:00			`package token`

			`import (`
			`"errors"`

			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/envstore"`
			`"github.com/golang-jwt/jwt"`
			`)`

			`// SignJWTToken common util to sing jwt token`
			`func SignJWTToken(claims jwt.MapClaims) (string, error) {`
			`jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)`
			`signingMethod := jwt.GetSigningMethod(jwtType)`
Add test for jwt tokens 2022-02-12 13:56:37 +00:00			`if signingMethod == nil {`
			`return "", errors.New("unsupported signing method")`
			`}`
Add support for more JWT algo methods 2022-02-12 10:24:23 +00:00			`t := jwt.New(signingMethod)`
Add test for jwt tokens 2022-02-12 13:56:37 +00:00			`if t == nil {`
			`return "", errors.New("unsupported signing method")`
			`}`
Add support for more JWT algo methods 2022-02-12 10:24:23 +00:00			`t.Claims = claims`

			`switch signingMethod {`
			`case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:`
			`return t.SignedString([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))`
			`case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:`
			`key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)))`
			`if err != nil {`
			`return "", err`
			`}`
			`return t.SignedString(key)`
			`case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:`
			`key, err := jwt.ParseECPrivateKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)))`
			`if err != nil {`
			`return "", err`
			`}`
			`return t.SignedString(key)`
			`default:`
			`return "", errors.New("unsupported signing method")`
			`}`
			`}`

			`// ParseJWTToken common util to parse jwt token`
			`func ParseJWTToken(token string) (jwt.MapClaims, error) {`
			`jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)`
			`signingMethod := jwt.GetSigningMethod(jwtType)`

			`var err error`
			`var claims jwt.MapClaims`

			`switch signingMethod {`
			`case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:`
Add test for jwt tokens 2022-02-12 13:56:37 +00:00			`_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {`
Add support for more JWT algo methods 2022-02-12 10:24:23 +00:00			`return []byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil`
			`})`
			`case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:`
			`_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {`
			`key, err := jwt.ParseRSAPublicKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)))`
			`if err != nil {`
			`return nil, err`
			`}`
			`return key, nil`
			`})`
			`case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:`
			`_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {`
			`key, err := jwt.ParseECPublicKeyFromPEM([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)))`
			`if err != nil {`
			`return nil, err`
			`}`
			`return key, nil`
			`})`
			`default:`
			`err = errors.New("unsupported signing method")`
			`}`
			`if err != nil {`
			`return claims, err`
			`}`

			`// claim parses exp & iat into float 64 with e^10,`
			`// but we expect it to be int64`
			`// hence we need to assert interface and convert to int64`
			`intExp := int64(claims["exp"].(float64))`
			`intIat := int64(claims["iat"].(float64))`
			`claims["exp"] = intExp`
			`claims["iat"] = intIat`

			`return claims, nil`
			`}`