mirror of
https://github.com/minio/minio.git
synced 2025-12-03 00:11:22 +01:00
105 lines
2.9 KiB
Go
105 lines
2.9 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
)
|
|
|
|
func srvLogin(requestUser *User) (int, []byte) {
|
|
authBackend := InitJWT()
|
|
if authBackend.Authenticate(requestUser) {
|
|
token, err := authBackend.GenerateToken(requestUser.Username)
|
|
if err != nil {
|
|
return http.StatusInternalServerError, nil
|
|
}
|
|
response, err := json.Marshal(AuthToken{token})
|
|
if err != nil {
|
|
return http.StatusInternalServerError, nil
|
|
}
|
|
return http.StatusOK, response
|
|
}
|
|
return http.StatusUnauthorized, nil
|
|
}
|
|
|
|
func srvRefreshToken(req *http.Request) (int, []byte) {
|
|
authBackend := InitJWT()
|
|
tokenRequest, err := jwt.ParseFromRequest(req, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
|
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
return authBackend.PublicKey, nil
|
|
})
|
|
if err != nil {
|
|
return http.StatusInternalServerError, nil
|
|
}
|
|
if tokenRequest.Valid {
|
|
userName, ok := tokenRequest.Claims["sub"].(string)
|
|
if !ok {
|
|
return http.StatusUnauthorized, nil
|
|
}
|
|
token, err := authBackend.GenerateToken(userName)
|
|
if err != nil {
|
|
return http.StatusInternalServerError, nil
|
|
}
|
|
response, err := json.Marshal(AuthToken{token})
|
|
if err != nil {
|
|
return http.StatusInternalServerError, nil
|
|
}
|
|
return http.StatusOK, response
|
|
}
|
|
return http.StatusUnauthorized, nil
|
|
}
|
|
|
|
func srvLogout(req *http.Request) int {
|
|
authBackend := InitJWT()
|
|
tokenRequest, err := jwt.ParseFromRequest(req, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
|
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
return authBackend.PublicKey, nil
|
|
})
|
|
if err != nil {
|
|
return http.StatusInternalServerError
|
|
}
|
|
if tokenRequest.Valid {
|
|
tokenString := req.Header.Get("Authorization")
|
|
if err = authBackend.Logout(tokenString, tokenRequest); err != nil {
|
|
return http.StatusInternalServerError
|
|
}
|
|
return http.StatusOK
|
|
}
|
|
return http.StatusUnauthorized
|
|
}
|
|
|
|
// LoginHandler - user login handler.
|
|
func (web WebAPI) LoginHandler(w http.ResponseWriter, r *http.Request) {
|
|
requestUser := new(User)
|
|
decoder := json.NewDecoder(r.Body)
|
|
if err := decoder.Decode(&requestUser); err != nil {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
responseStatus, token := srvLogin(requestUser)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(responseStatus)
|
|
w.Write(token)
|
|
}
|
|
|
|
// RefreshTokenHandler - refresh token handler.
|
|
func (web WebAPI) RefreshTokenHandler(w http.ResponseWriter, r *http.Request) {
|
|
responseStatus, token := srvRefreshToken(r)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(responseStatus)
|
|
w.Write(token)
|
|
}
|
|
|
|
// LogoutHandler - user logout handler.
|
|
func (web WebAPI) LogoutHandler(w http.ResponseWriter, r *http.Request) {
|
|
responseStatus := srvLogout(r)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(responseStatus)
|
|
}
|