initial commit
This commit is contained in:
111
get-role-token.go
Normal file
111
get-role-token.go
Normal file
@@ -0,0 +1,111 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
type getRoleTokenRequest struct {
|
||||
RoleName string `json:"rolename"`
|
||||
}
|
||||
|
||||
func getRoleToken(w http.ResponseWriter, r *http.Request) {
|
||||
log.Println("getRoleToken called")
|
||||
|
||||
// Only allow POST
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
||||
return
|
||||
}
|
||||
|
||||
// Get JWT from Authorization header
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
if authHeader == "" {
|
||||
http.Error(w, "Missing Authorization header", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
parts := strings.SplitN(authHeader, " ", 2)
|
||||
if len(parts) != 2 || parts[0] != "Bearer" {
|
||||
http.Error(w, "Invalid Authorization format", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
tokenString := parts[1]
|
||||
|
||||
// Replace with your actual secret or keyfunc
|
||||
secret := []byte("super-secret-key")
|
||||
|
||||
claims := &MyClaims{}
|
||||
|
||||
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
|
||||
// Validate signing method if needed
|
||||
return secret, nil
|
||||
})
|
||||
|
||||
if err != nil || !token.Valid {
|
||||
http.Error(w, "Invalid token", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// Access parsed values
|
||||
log.Println("sub:", claims.Sub)
|
||||
log.Println("purpose:", claims.Purpose)
|
||||
log.Println("account:", claims.Account)
|
||||
// exp and iat come from RegisteredClaims
|
||||
log.Println("exp:", claims.ExpiresAt)
|
||||
log.Println("iat:", claims.IssuedAt)
|
||||
|
||||
if claims.ExpiresAt == nil || time.Now().After(claims.ExpiresAt.Time) {
|
||||
http.Error(w, "Token expired", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
log.Println("Add in validation that the user is allowed to get this token")
|
||||
|
||||
// Read the raw request body
|
||||
body, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to read body", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
defer r.Body.Close()
|
||||
|
||||
// Parse JSON into Role struct
|
||||
var role getRoleTokenRequest
|
||||
if err := json.Unmarshal(body, &role); err != nil {
|
||||
http.Error(w, "Invalid JSON", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
log.Println("Received request for role:", role.RoleName)
|
||||
|
||||
log.Println("Authentication would taken place here")
|
||||
|
||||
// Check if policy with the same name already exists for the account
|
||||
checkExisting := pool.QueryRow(context.Background(),
|
||||
"SELECT FROM roles WHERE accountid = $1 AND rolename = $2",
|
||||
claims.Account, role.RoleName)
|
||||
log.Println("checkExisting:", role.RoleName)
|
||||
err = checkExisting.Scan()
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusConflict)
|
||||
return
|
||||
}
|
||||
|
||||
usertoken, err := createJWT(secret, claims.Account, role.RoleName)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
log.Println(usertoken)
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user