validating jwt

murillolamego · murillolamego · commit 83d0d98510c7 · 2024-06-24T21:43:09.000-03:00
diff --git a/.http b/.http
@@ -1,44 +1,46 @@
 ### Variables 
 @apiurl = http://localhost:8080
+@accesstoken = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhZ2UiOjY2LCJlbWFpbCI6InRlc3Q2NjZAdGVzdC5jb20iLCJleHAiOjE3MTkzNjExOTcsImlkIjoiNjY3OWY3YzExZmIwMzIyOTEzNGU4ZWIyIiwibmFtZSI6InRlc3Q2NjYifQ.u9vyc2TceclEPQWjZC55PdRojse9hbooq1WWN5bUPLg
 
 ### GET users
 GET {{apiurl}}/users HTTP/1.1
 
 ### GET user by ID
-GET {{apiurl}}/getUserById/6679d7f7b2743187285959d0 HTTP/1.1
+GET {{apiurl}}/getUserById/667a12494c2b72ef58316a20 HTTP/1.1
+Authorization: Bearer {{accesstoken}}
 
 ### GET user by EMAIL
 GET {{apiurl}}/getUserByEmail/test3@test.com HTTP/1.1
 
 ### UPDATE user by ID
-PATCH {{apiurl}}/updateUser/6679d7f7b2743187285959d0 HTTP/1.1
+PATCH {{apiurl}}/updateUser/667a12494c2b72ef58316a20 HTTP/1.1
 Content-Type: application/json
-Authorization: Bearer ACCESS-TOKEN
+Authorization: Bearer {{accesstoken}}
 
 {
    "name":"test000000",
    "age":111
 }
 
 ### DELETE user by ID
-DELETE  {{apiurl}}/deleteUser/6679d7f7b2743187285959d0 HTTP/1.1
+DELETE  {{apiurl}}/deleteUser/667a12494c2b72ef58316a20 HTTP/1.1
 
 ### POST users
 POST {{apiurl}}/createUser HTTP/1.1
 Content-Type: application/json
-Authorization: Bearer ACCESS-TOKEN
+Authorization: Bearer {{accesstoken}}
 
 {
-   "email":"test666@test.com",
+   "email":"test77@test.com",
    "password":"test@123",
-   "name":"test666",
-   "age":66
+   "name":"test77",
+   "age":77
 }
 
 ### LOGIN user
 POST {{apiurl}}/login HTTP/1.1
 Content-Type: application/json
-Authorization: Bearer ACCESS-TOKEN
+Authorization: Bearer {{accesstoken}}
 
 {
    "email":"test666@test.com",
diff --git a/src/config/rest_err/rest_err.go b/src/config/rest_err/rest_err.go
@@ -67,3 +67,11 @@ func NewForbiddenErrorfunc(message string) *RestErr {
 		Code:    http.StatusBadRequest,
 	}
 }
+
+func NewUnauthorizedErrorfunc(message string) *RestErr {
+	return &RestErr{
+		Message: message,
+		Err:     "unauthorized",
+		Code:    http.StatusUnauthorized,
+	}
+}
diff --git a/src/controller/find_user.go b/src/controller/find_user.go
@@ -1,16 +1,28 @@
 package controller
 
 import (
+	"fmt"
 	"net/http"
 	"net/mail"
 
 	"github.com/gin-gonic/gin"
+	"github.com/murillolamego/golang-basic/src/config/logger"
 	"github.com/murillolamego/golang-basic/src/config/rest_err"
+	"github.com/murillolamego/golang-basic/src/model"
 	"github.com/murillolamego/golang-basic/src/view"
 	"go.mongodb.org/mongo-driver/bson/primitive"
 )
 
 func (uc *userControllerInterface) FindUserByID(c *gin.Context) {
+
+	user, err := model.VerifyToken(c.Request.Header.Get("Authorization"))
+	if err != nil {
+		c.JSON(err.Code, err.Message)
+		return
+	}
+
+	logger.Info(fmt.Sprintf("User authenticated: %v", user))
+
 	userId := c.Param("userId")
 
 	if _, err := primitive.ObjectIDFromHex(userId); err != nil {
diff --git a/src/model/user_token_domain.go b/src/model/user_token_domain.go
@@ -2,6 +2,7 @@ package model
 
 import (
 	"os"
+	"strings"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -32,3 +33,35 @@ func (ud *userDomain) GenerateToken() (string, *rest_err.RestErr) {
 
 	return tokenString, nil
 }
+
+func RemoveBearerPrefix(token string) string {
+	return strings.TrimPrefix(token, "Bearer ")
+}
+
+func VerifyToken(tokenValue string) (UserDomainInterface, *rest_err.RestErr) {
+	secret := os.Getenv(JWT_SECRET_KEY)
+
+	token, err := jwt.Parse(RemoveBearerPrefix(tokenValue), func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); ok {
+			return []byte(secret), nil
+		}
+
+		return nil, rest_err.NewBadRequestError("invalid token 1")
+	})
+
+	if err != nil {
+		return nil, rest_err.NewUnauthorizedErrorfunc("invalid token 2")
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok || !token.Valid {
+		return nil, rest_err.NewUnauthorizedErrorfunc("invalid token 3")
+	}
+
+	return &userDomain{
+		id:    claims["id"].(string),
+		email: claims["email"].(string),
+		name:  claims["name"].(string),
+		age:   int8(claims["age"].(float64)),
+	}, nil
+}

Original file line number	Diff line number	Diff line change
`@@ -67,3 +67,11 @@ func NewForbiddenErrorfunc(message string) *RestErr {`
`67`	`67`	`Code: http.StatusBadRequest,`
`68`	`68`	`}`
`69`	`69`	`}`
	`70`	`+`
	`71`	`+func NewUnauthorizedErrorfunc(message string) *RestErr {`
	`72`	`+ return &RestErr{`
	`73`	`+ Message: message,`
	`74`	`+ Err: "unauthorized",`
	`75`	`+ Code: http.StatusUnauthorized,`
	`76`	`+ }`
	`77`	`+}`