Migrated code to Ed25519 certs instead of secret key
This commit is contained in:
parent
d3829aa9ec
commit
5856e9af69
1 changed files with 17 additions and 9 deletions
26
pkg.go
26
pkg.go
|
|
@ -17,19 +17,28 @@ import (
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
|
|
||||||
// Standard
|
// Standard
|
||||||
"encoding/hex"
|
"crypto"
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Manager struct {
|
type Manager struct {
|
||||||
secret []byte
|
privKey crypto.PrivateKey
|
||||||
|
PubKey crypto.PublicKey
|
||||||
ExpireDays int
|
ExpireDays int
|
||||||
Initialized bool
|
Initialized bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewManager(secret string, expireDays int) (mngr Manager, err error) { // {{{
|
func NewManager(private, public string, expireDays int) (mngr Manager, err error) { // {{{
|
||||||
mngr.secret, err = hex.DecodeString(secret)
|
mngr.privKey, err = jwt.ParseEdPrivateKeyFromPEM([]byte(private))
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
mngr.PubKey, err = jwt.ParseEdPublicKeyFromPEM([]byte(public))
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
mngr.ExpireDays = expireDays
|
mngr.ExpireDays = expireDays
|
||||||
mngr.Initialized = true
|
mngr.Initialized = true
|
||||||
return
|
return
|
||||||
|
|
@ -53,10 +62,10 @@ func (mngr *Manager) GenerateToken(data map[string]any) (signedString string) {
|
||||||
data["iat"] = now.Unix()
|
data["iat"] = now.Unix()
|
||||||
data["exp"] = now.Add(time.Hour * 24 * time.Duration(mngr.ExpireDays)).Unix()
|
data["exp"] = now.Add(time.Hour * 24 * time.Duration(mngr.ExpireDays)).Unix()
|
||||||
|
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(data))
|
token := jwt.NewWithClaims(&jwt.SigningMethodEd25519{}, jwt.MapClaims(data))
|
||||||
|
|
||||||
// Sign and get the complete encoded token as a string using the secret.
|
// Sign and get the complete encoded token as a string using the secret.
|
||||||
signedString, _ = token.SignedString(mngr.secret)
|
signedString, _ = token.SignedString(mngr.privKey)
|
||||||
return
|
return
|
||||||
} // }}}
|
} // }}}
|
||||||
func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { // {{{
|
func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { // {{{
|
||||||
|
|
@ -66,12 +75,11 @@ func (mngr *Manager) ParseToken(tokenString string) (jwt.MapClaims, error) { //
|
||||||
// to the callback, providing flexibility.
|
// to the callback, providing flexibility.
|
||||||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (any, error) {
|
||||||
// Don't forget to validate the alg is what you expect:
|
// Don't forget to validate the alg is what you expect:
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodEd25519); !ok {
|
||||||
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
||||||
}
|
}
|
||||||
|
|
||||||
// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
|
return mngr.PubKey, nil
|
||||||
return mngr.secret, nil
|
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue