package api import ( "crypto/rand" "crypto/rsa" "crypto/x509" "encoding/pem" "github.com/go-chi/jwtauth/v5" "log" "net/http" "os" "time" ) var ( jwtAuth *jwtauth.JWTAuth ) // GetJWTAuth returns the JWT authorizer. func GetJWTAuth() *jwtauth.JWTAuth { return jwtAuth } // InitJWT initializes JWT authentication. func InitJWT() { generateRSAKeys() jwtAuth = jwtauth.New("RS256", loadRSAPrivateKey(), loadRSAPublicKey()) } func Login(w http.ResponseWriter, r *http.Request) { req := struct { Username string `json:"username"` Password string `json:"password"` }{} if err := decodeJSON(w, r, &req); err != nil { return } // TODO t, tokenString, _ := jwtAuth.Encode(map[string]interface{}{"username": req.Username}) encodeJSON(w, struct { AccessToken string `json:"access_token"` ExpiresAt time.Time `json:"expires_at"` }{ tokenString, t.Expiration(), }) } func generateRSAKeys() { err := os.Mkdir("secrets", 0755) if os.IsExist(err) { return } else if err != nil { log.Fatalf("Error creating secrets directory: %v", err) } key, err := rsa.GenerateKey(rand.Reader, 4096) if err != nil { log.Fatalf("Error generating RSA key: %v", err) } pub := key.Public() keyPEM := pem.EncodeToMemory( &pem.Block{ Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key), }, ) pubPEM := pem.EncodeToMemory( &pem.Block{ Type: "RSA PUBLIC KEY", Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)), }, ) if err := os.WriteFile("secrets/jwt.rsa", keyPEM, 0700); err != nil { log.Fatalf("Error writing private RSA key: %v", err) } if err := os.WriteFile("secrets/jwt.rsa.pub", pubPEM, 0755); err != nil { log.Fatalf("Error writing public RSA key: %v", err) } } func loadRSAPublicKey() *rsa.PublicKey { data, err := os.ReadFile("secrets/jwt.rsa.pub") if err != nil { log.Fatalf("Error loading RSA key: %v", err) } block, _ := pem.Decode(data) if block == nil { log.Fatalf("Error decoding RSA key: %v", err) } key, err := x509.ParsePKCS1PublicKey(block.Bytes) if err != nil { log.Fatalf("Error parsing RSA key: %v", err) } return key } func loadRSAPrivateKey() *rsa.PrivateKey { data, err := os.ReadFile("secrets/jwt.rsa") if err != nil { log.Fatalf("Error loading RSA key: %v", err) } block, _ := pem.Decode(data) if block == nil { log.Fatalf("Error decoding RSA key: %v", err) } key, err := x509.ParsePKCS1PrivateKey(block.Bytes) if err != nil { log.Fatalf("Error parsing RSA key: %v", err) } return key }