From 93dfe2be64e8658839bcfe5356adf35f8cde7075 Mon Sep 17 00:00:00 2001
From: Nicolas James <Eele1Ephe7uZahRie@tutanota.com>
Date: Thu, 13 Feb 2025 18:04:18 +1100
Subject: initial commit

---
 src/server/helper/jwt.go | 66 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 src/server/helper/jwt.go

(limited to 'src/server/helper/jwt.go')

diff --git a/src/server/helper/jwt.go b/src/server/helper/jwt.go
new file mode 100644
index 0000000..ae127bd
--- /dev/null
+++ b/src/server/helper/jwt.go
@@ -0,0 +1,66 @@
+package helper
+
+import (
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/golang-jwt/jwt/v4"
+)
+
+// WARNING this key should be secret and constant between deployments.
+// If you use this software in the wild, at the very least change this value!
+// https://www.sohamkamani.com/golang/jwt-authentication/
+var jwt_key = []byte("iph7noo1ohQuam5sou5wa2aeChixo7")
+
+func IssueToken(uid int, writer http.ResponseWriter) error {
+	expiration := time.Now().Add(60 * time.Minute)
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
+		Subject:   strconv.Itoa(uid),
+		ExpiresAt: jwt.NewNumericDate(expiration),
+		Issuer:    "react-go-forum",
+	})
+	token_string, err := token.SignedString(jwt_key)
+	if err != nil {
+		return err
+	}
+
+	http.SetCookie(writer, &http.Cookie{
+		Name:     "token",
+		Value:    token_string,
+		Expires:  expiration,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
+	})
+	return nil
+}
+
+// Returns a non-nil RegisteredClaims if valid, nil otherwise. Handles responding to bad tokens.
+func GetValidClaims(writer http.ResponseWriter, request *http.Request) *jwt.RegisteredClaims {
+	cookie, err := request.Cookie("token")
+	if err != nil {
+		if err == http.ErrNoCookie {
+			WriteErrorJson("access denied", writer, http.StatusUnauthorized)
+			return nil
+		}
+
+		WriteInternalErrorJson(err, writer)
+		return nil
+	}
+
+	claims := &jwt.RegisteredClaims{}
+	token, err := jwt.ParseWithClaims(cookie.Value, claims, func(token *jwt.Token) (interface{}, error) {
+		return jwt_key, nil
+	})
+	if err != nil {
+		WriteInternalErrorJson(err, writer)
+		return nil
+	}
+
+	if !token.Valid {
+		WriteErrorJson("access denied", writer, http.StatusUnauthorized)
+		return nil
+	}
+
+	return claims
+}
-- 
cgit v1.2.3