mirror of
https://github.com/Kugelschieber/migo.git
synced 2026-01-18 14:50:29 +00:00
132 lines
2.5 KiB
Go
132 lines
2.5 KiB
Go
package api
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"github.com/go-chi/jwtauth/v5"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"time"
|
|
)
|
|
|
|
var (
|
|
jwtAuth *jwtauth.JWTAuth
|
|
)
|
|
|
|
// GetJWTAuth returns the JWT authorizer.
|
|
func GetJWTAuth() *jwtauth.JWTAuth {
|
|
return jwtAuth
|
|
}
|
|
|
|
// InitJWT initializes JWT authentication.
|
|
func InitJWT() {
|
|
generateRSAKeys()
|
|
jwtAuth = jwtauth.New("RS256", loadRSAPrivateKey(), loadRSAPublicKey())
|
|
}
|
|
|
|
func Login(w http.ResponseWriter, r *http.Request) {
|
|
req := struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
}{}
|
|
|
|
if err := decodeJSON(w, r, &req); err != nil {
|
|
return
|
|
}
|
|
|
|
// TODO
|
|
t, tokenString, _ := jwtAuth.Encode(map[string]interface{}{"username": req.Username})
|
|
encodeJSON(w, struct {
|
|
AccessToken string `json:"access_token"`
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
}{
|
|
tokenString,
|
|
t.Expiration(),
|
|
})
|
|
}
|
|
|
|
func generateRSAKeys() {
|
|
err := os.Mkdir("secrets", 0755)
|
|
|
|
if os.IsExist(err) {
|
|
return
|
|
} else if err != nil {
|
|
log.Fatalf("Error creating secrets directory: %v", err)
|
|
}
|
|
|
|
key, err := rsa.GenerateKey(rand.Reader, 4096)
|
|
|
|
if err != nil {
|
|
log.Fatalf("Error generating RSA key: %v", err)
|
|
}
|
|
|
|
pub := key.Public()
|
|
keyPEM := pem.EncodeToMemory(
|
|
&pem.Block{
|
|
Type: "RSA PRIVATE KEY",
|
|
Bytes: x509.MarshalPKCS1PrivateKey(key),
|
|
},
|
|
)
|
|
pubPEM := pem.EncodeToMemory(
|
|
&pem.Block{
|
|
Type: "RSA PUBLIC KEY",
|
|
Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)),
|
|
},
|
|
)
|
|
|
|
if err := os.WriteFile("secrets/jwt.rsa", keyPEM, 0700); err != nil {
|
|
log.Fatalf("Error writing private RSA key: %v", err)
|
|
}
|
|
|
|
if err := os.WriteFile("secrets/jwt.rsa.pub", pubPEM, 0755); err != nil {
|
|
log.Fatalf("Error writing public RSA key: %v", err)
|
|
}
|
|
}
|
|
|
|
func loadRSAPublicKey() *rsa.PublicKey {
|
|
data, err := os.ReadFile("secrets/jwt.rsa.pub")
|
|
|
|
if err != nil {
|
|
log.Fatalf("Error loading RSA key: %v", err)
|
|
}
|
|
|
|
block, _ := pem.Decode(data)
|
|
|
|
if block == nil {
|
|
log.Fatalf("Error decoding RSA key: %v", err)
|
|
}
|
|
|
|
key, err := x509.ParsePKCS1PublicKey(block.Bytes)
|
|
|
|
if err != nil {
|
|
log.Fatalf("Error parsing RSA key: %v", err)
|
|
}
|
|
|
|
return key
|
|
}
|
|
|
|
func loadRSAPrivateKey() *rsa.PrivateKey {
|
|
data, err := os.ReadFile("secrets/jwt.rsa")
|
|
|
|
if err != nil {
|
|
log.Fatalf("Error loading RSA key: %v", err)
|
|
}
|
|
|
|
block, _ := pem.Decode(data)
|
|
|
|
if block == nil {
|
|
log.Fatalf("Error decoding RSA key: %v", err)
|
|
}
|
|
|
|
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
|
|
|
if err != nil {
|
|
log.Fatalf("Error parsing RSA key: %v", err)
|
|
}
|
|
|
|
return key
|
|
}
|