diff --git a/glide.yaml b/glide.yaml index c7b8e74..c0db753 100644 --- a/glide.yaml +++ b/glide.yaml @@ -9,3 +9,5 @@ import: - package: git.loafle.net/overflow/gateway - package: git.loafle.net/commons/di-go - package: git.loafle.net/overflow/commons-go +- package: github.com/dgrijalva/jwt-go + version: ^3.2.0 diff --git a/service/member-service.go b/service/member-service.go index a3320ba..49cffa1 100644 --- a/service/member-service.go +++ b/service/member-service.go @@ -2,38 +2,142 @@ package service import ( "context" + "crypto/rsa" + "encoding/json" + "fmt" + "io/ioutil" "reflect" + "time" cda "git.loafle.net/commons/di-go/annotation" cdr "git.loafle.net/commons/di-go/registry" + logging "git.loafle.net/commons/logging-go" "git.loafle.net/commons/server-go" _ "git.loafle.net/overflow/commons-go/annotation" "git.loafle.net/overflow/gateway/external/grpc" "github.com/valyala/fasthttp" + + jwt "github.com/dgrijalva/jwt-go" +) + +var ( + verifyKey *rsa.PublicKey + signKey *rsa.PrivateKey ) var MemberServiceType = reflect.TypeOf((*MemberService)(nil)) func init() { cdr.RegisterType(MemberServiceType) + + signBytes, err := ioutil.ReadFile("overFlow-private.key") + if nil != err { + panic(err) + } + + signKey, err = jwt.ParseRSAPrivateKeyFromPEM(signBytes) + if nil != err { + panic(err) + } + + verifyBytes, err := ioutil.ReadFile("overFlow-public.pem") + if nil != err { + panic(err) + } + + verifyKey, err = jwt.ParseRSAPublicKeyFromPEM(verifyBytes) + if nil != err { + panic(err) + } } type MemberService struct { cda.TypeAnnotation `annotation:"@overflow:Service()"` } -func (ms *MemberService) Signin(servletCtx server.ServletCtx, ctx *fasthttp.RequestCtx, id string, pw string) (string, error) { +func (ms *MemberService) Signin(servletCtx server.ServletCtx, ctx *fasthttp.RequestCtx, signinID string, signinPW string) (string, error) { gRPCCtx := context.Background() - r, err := grpc.Exec(gRPCCtx, "MemberService.signin", id, pw) + r, err := grpc.Exec(gRPCCtx, "MemberService.signin", signinID, signinPW) if nil != err { return "", err } - return r, nil + token := jwt.New(jwt.SigningMethodRS512) + + /* Create a map to store our claims */ + claims := token.Claims.(jwt.MapClaims) + + // expireTime := time.Now().Add(time.Hour * 24) + + /* Set token claims */ + claims["iss"] = "overFlow" + claims["iat"] = time.Now().Unix() + claims["exp"] = time.Now().Add(time.Hour * 24).Unix() + claims["aud"] = "www.overflow.cloud" + claims["sub"] = signinID + + /* Sign the token with our secret */ + tokenString, err := token.SignedString(signKey) + if nil != err { + return "", err + } + + var domainMember interface{} + err = json.Unmarshal([]byte(r), &domainMember) + if nil != err { + return "", err + } + + signInResult := &SignInResult{ + AuthToken: tokenString, + DomainMember: domainMember, + } + + buf, err := json.Marshal(signInResult) + if nil != err { + return "", err + } + + return string(buf), nil +} + +func (ms *MemberService) SigninByCookie(servletCtx server.ServletCtx, ctx *fasthttp.RequestCtx, authToken string) (string, error) { + + token, err := jwt.Parse(authToken, func(token *jwt.Token) (interface{}, error) { + // Don't forget to validate the alg is what you expect: + if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok { + return nil, fmt.Errorf("Webapp: Unexpected signing method: %v", token.Header["alg"]) + } + + // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key") + return verifyKey, nil + }) + if nil != err { + return "", err + } + + var ok bool + var claims jwt.MapClaims + if claims, ok = token.Claims.(jwt.MapClaims); !ok || !token.Valid { + logging.Logger().Warnf("Token is not valid %v", token) + return "", fmt.Errorf("authToken is not valid") + } + + params := []string{claims["sub"].(string)} + + gRPCCtx := context.Background() + r, err := grpc.Exec(gRPCCtx, "DomainMemberService.readByMemberEmail", params...) + + return r, err } func (ms *MemberService) Register(servletCtx server.ServletCtx, ctx *fasthttp.RequestCtx, id string, pw string) (string, error) { return "dkfksddfk", nil } + +type SignInResult struct { + AuthToken string `json:"authToken"` + DomainMember interface{} `json:"domainMember"` +}