mukimovd/tercul-backend
1
0
Fork 0
mirror of https://github.com/SamyRai/tercul-backend.git synced 2025-12-27 05:11:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d536c3acb5
tercul-backend/internal/platform/auth/jwt.go
google-labs-jules[bot] 8797cec718 Refactor: In-progress refactoring to fix build. 
This commit includes the following changes:
- Refactored all data repositories in `internal/data/sql/` to use a consistent `sql` package and to align with the new `domain` models.
- Fixed the GraphQL structure by moving the server creation logic from `internal/app` to `cmd/api`, which resolved an import cycle.
- Corrected numerous incorrect import paths for packages like `graph`, `linguistics`, `syncjob`, and the legacy `models` package.
- Resolved several package and function redeclaration errors.
- Removed legacy migration code.
2025-09-05 15:11:30 +00:00

142 lines
3.4 KiB
Go
Raw Blame History

package auth
import (
"errors"
"fmt"
"strings"
"tercul/internal/domain"
"time"
"github.com/golang-jwt/jwt/v5"
"tercul/internal/platform/config"
)
var (
ErrInvalidToken = errors.New("invalid token")
ErrExpiredToken = errors.New("token expired")
ErrInvalidSignature = errors.New("invalid token signature")
ErrMissingToken = errors.New("missing token")
ErrInsufficientRole = errors.New("insufficient role")
)
// Claims represents the JWT claims
type Claims struct {
UserID uint `json:"user_id"`
Username string `json:"username"`
Email string `json:"email"`
Role string `json:"role"`
jwt.RegisteredClaims
}
// JWTManager handles JWT token operations
type JWTManager struct {
secretKey []byte
issuer string
duration time.Duration
}
// NewJWTManager creates a new JWT manager
func NewJWTManager() *JWTManager {
secretKey := config.Cfg.JWTSecret
if secretKey == "" {
secretKey = "default-secret-key-change-in-production"
}
duration := config.Cfg.JWTExpiration
if duration == 0 {
duration = 24 * time.Hour // Default to 24 hours
}
return &JWTManager{
secretKey: []byte(secretKey),
issuer: "tercul-api",
duration: duration,
}
}
// GenerateToken generates a new JWT token for a user
func (j *JWTManager) GenerateToken(user *domain.User) (string, error) {
now := time.Now()
claims := &Claims{
UserID: user.ID,
Username: user.Username,
Email: user.Email,
Role: string(user.Role),
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(now.Add(j.duration)),
IssuedAt: jwt.NewNumericDate(now),
NotBefore: jwt.NewNumericDate(now),
Issuer: j.issuer,
Subject: fmt.Sprintf("%d", user.ID),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(j.secretKey)
}
// ValidateToken validates and parses a JWT token
func (j *JWTManager) ValidateToken(tokenString string) (*Claims, error) {
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return j.secretKey, nil
})
if err != nil {
if errors.Is(err, jwt.ErrTokenExpired) {
return nil, ErrExpiredToken
}
return nil, ErrInvalidToken
}
claims, ok := token.Claims.(*Claims)
if !ok || !token.Valid {
return nil, ErrInvalidToken
}
return claims, nil
}
// ExtractTokenFromHeader extracts token from Authorization header
func (j *JWTManager) ExtractTokenFromHeader(authHeader string) (string, error) {
if authHeader == "" {
return "", ErrMissingToken
}
parts := strings.Split(authHeader, " ")
if len(parts) != 2 || parts[0] != "Bearer" {
return "", ErrInvalidToken
}
return parts[1], nil
}
// HasRole checks if the user has the required role
func (j *JWTManager) HasRole(userRole, requiredRole string) bool {
roleHierarchy := map[string]int{
"reader": 1,
"contributor": 2,
"moderator": 3,
"admin": 4,
}
userLevel, userExists := roleHierarchy[userRole]
requiredLevel, requiredExists := roleHierarchy[requiredRole]
if !userExists || !requiredExists {
return false
}
return userLevel >= requiredLevel
}
// RequireRole validates that the user has the required role
func (j *JWTManager) RequireRole(userRole, requiredRole string) error {
if !j.HasRole(userRole, requiredRole) {
return ErrInsufficientRole
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink