filebrowser/auth.go

package filemanager

import (
	"net/http"
	"time"

	jwt "github.com/dgrijalva/jwt-go"
	"github.com/dgrijalva/jwt-go/request"
)

/* Set up a global string for our secret */
var key = []byte("secret")

type claims struct {
	*User
	jwt.StandardClaims
}

func getTokenHandler(c *requestContext, w http.ResponseWriter, r *http.Request) (int, error) {
	// TODO: get user and password info from the request
	// check if the password is correct for that user using a DB or JSOn
	// or something.

	claims := claims{
		c.fm.User,
		jwt.StandardClaims{
			ExpiresAt: time.Now().Add(time.Minute * 5).Unix(),
			Issuer:    "test",
		},
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	string, err := token.SignedString(key)

	if err != nil {
		return http.StatusInternalServerError, err
	}

	w.Write([]byte(string))
	return 0, nil
}

func validAuth(c *requestContext, r *http.Request) (bool, *User) {
	token, err := request.ParseFromRequestWithClaims(r, request.AuthorizationHeaderExtractor, &claims{},
		func(token *jwt.Token) (interface{}, error) {
			return key, nil
		})

	if err == nil && token.Valid {
		return true, c.fm.User
	}

	return false, nil
}
Major changes on API 2017-07-02 16:40:52 +00:00			`package filemanager`

			`import (`
			`"net/http"`
			`"time"`

			`jwt "github.com/dgrijalva/jwt-go"`
			`"github.com/dgrijalva/jwt-go/request"`
			`)`

			`/* Set up a global string for our secret */`
			`var key = []byte("secret")`

			`type claims struct {`
			`*User`
			`jwt.StandardClaims`
			`}`

			`func getTokenHandler(c requestContext, w http.ResponseWriter, r http.Request) (int, error) {`
			`// TODO: get user and password info from the request`
			`// check if the password is correct for that user using a DB or JSOn`
			`// or something.`

			`claims := claims{`
			`c.fm.User,`
			`jwt.StandardClaims{`
			`ExpiresAt: time.Now().Add(time.Minute * 5).Unix(),`
			`Issuer: "test",`
			`},`
			`}`

			`token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)`
			`string, err := token.SignedString(key)`

			`if err != nil {`
			`return http.StatusInternalServerError, err`
			`}`

			`w.Write([]byte(string))`
			`return 0, nil`
			`}`

			`func validAuth(c requestContext, r http.Request) (bool, *User) {`
			`token, err := request.ParseFromRequestWithClaims(r, request.AuthorizationHeaderExtractor, &claims{},`
			`func(token *jwt.Token) (interface{}, error) {`
			`return key, nil`
			`})`

			`if err == nil && token.Valid {`
			`return true, c.fm.User`
			`}`

			`return false, nil`
			`}`