mukimovd/tercul-backend
1
0
Fork 0
mirror of https://github.com/SamyRai/tercul-backend.git synced 2025-12-27 05:11:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d50722dad5
tercul-backend/internal/platform/auth/jwt.go
Damir Mukimov d50722dad5
Some checks failed
Test / Integration Tests (push) Successful in 4s
Details
Build / Build Binary (push) Failing after 2m9s
Details
Docker Build / Build Docker Image (push) Failing after 2m32s
Details
Test / Unit Tests (push) Failing after 3m12s
Details
Lint / Go Lint (push) Failing after 1m0s
Details
Refactor ID handling to use UUIDs across the application 
- Updated database models and repositories to replace uint IDs with UUIDs.
- Modified test fixtures to generate and use UUIDs for authors, translations, users, and works.
- Adjusted mock implementations to align with the new UUID structure.
- Ensured all relevant functions and methods are updated to handle UUIDs correctly.
- Added necessary imports for UUID handling in various files.
2025-12-27 00:33:34 +01:00

150 lines
3.6 KiB
Go
Raw Blame History

package auth
import (
"errors"
"fmt"
"strings"
"tercul/internal/domain"
"time"
"tercul/internal/platform/config"
"github.com/golang-jwt/jwt/v5"
"github.com/google/uuid"
)
var (
ErrInvalidToken = errors.New("invalid token")
ErrExpiredToken = errors.New("token expired")
ErrInvalidSignature = errors.New("invalid token signature")
ErrMissingToken = errors.New("missing token")
ErrInsufficientRole = errors.New("insufficient role")
)
// Claims represents the JWT claims
type Claims struct {
UserID uuid.UUID `json:"user_id"`
Username string `json:"username"`
Email string `json:"email"`
Role string `json:"role"`
jwt.RegisteredClaims
}
// JWTManager handles JWT token operations
type JWTManagement interface {
GenerateToken(user *domain.User) (string, error)
ValidateToken(tokenString string) (*Claims, error)
}
type JWTManager struct {
secretKey []byte
issuer string
duration time.Duration
}
// NewJWTManager creates a new JWT manager
func NewJWTManager(cfg *config.Config) *JWTManager {
secretKey := cfg.JWTSecret
if secretKey == "" {
secretKey = "default-secret-key-change-in-production"
}
durationInHours := cfg.JWTExpiration
if durationInHours <= 0 {
durationInHours = 24 // Default to 24 hours
}
duration := time.Duration(durationInHours) * time.Hour
return &JWTManager{
secretKey: []byte(secretKey),
issuer: "tercul-api",
duration: duration,
}
}
// GenerateToken generates a new JWT token for a user
func (j *JWTManager) GenerateToken(user *domain.User) (string, error) {
now := time.Now()
claims := &Claims{
UserID: user.ID,
Username: user.Username,
Email: user.Email,
Role: string(user.Role),
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(now.Add(j.duration)),
IssuedAt: jwt.NewNumericDate(now),
NotBefore: jwt.NewNumericDate(now),
Issuer: j.issuer,
Subject: user.ID.String(),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(j.secretKey)
}
// ValidateToken validates and parses a JWT token
func (j *JWTManager) ValidateToken(tokenString string) (*Claims, error) {
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return j.secretKey, nil
})
if err != nil {
if errors.Is(err, jwt.ErrTokenExpired) {
return nil, ErrExpiredToken
}
return nil, ErrInvalidToken
}
claims, ok := token.Claims.(*Claims)
if !ok || !token.Valid {
return nil, ErrInvalidToken
}
return claims, nil
}
// ExtractTokenFromHeader extracts token from Authorization header
func (j *JWTManager) ExtractTokenFromHeader(authHeader string) (string, error) {
if authHeader == "" {
return "", ErrMissingToken
}
parts := strings.Split(authHeader, " ")
if len(parts) != 2 || parts[0] != "Bearer" {
return "", ErrInvalidToken
}
return parts[1], nil
}
// HasRole checks if the user has the required role
func (j *JWTManager) HasRole(userRole, requiredRole string) bool {
roleHierarchy := map[string]int{
"reader": 1,
"contributor": 2,
"moderator": 3,
"admin": 4,
}
userLevel, userExists := roleHierarchy[userRole]
requiredLevel, requiredExists := roleHierarchy[requiredRole]
if !userExists || !requiredExists {
return false
}
return userLevel >= requiredLevel
}
// RequireRole validates that the user has the required role
func (j *JWTManager) RequireRole(userRole, requiredRole string) error {
if !j.HasRole(userRole, requiredRole) {
return ErrInsufficientRole
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink