Working through assume role

This commit is contained in:
2026-04-03 22:38:09 -04:00
parent 22a23c0062
commit 7143b9272f

View File

@@ -4,6 +4,7 @@ import (
"context" "context"
"crypto/rsa" "crypto/rsa"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io" "io"
"libshared" "libshared"
@@ -28,6 +29,7 @@ type AssumeRoleResponse struct {
} }
var privateKey *rsa.PrivateKey var privateKey *rsa.PrivateKey
var publicKey *rsa.PublicKey
func assumeRole(w http.ResponseWriter, r *http.Request) { func assumeRole(w http.ResponseWriter, r *http.Request) {
@@ -74,36 +76,39 @@ func assumeRole(w http.ResponseWriter, r *http.Request) {
tokenString := parts[1] tokenString := parts[1]
// Replace with your actual secret or keyfunc claims, err := libshared.ValidateJWT(publicKey, tokenString)
secret := []byte("super-secret-key")
claims := &MyClaims{} if err != nil {
log.Println("Invalid token:", err)
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) { msg := "Invalid token"
// Validate signing method if needed
return secret, nil
})
if err != nil || !token.Valid { if errors.Is(err, jwt.ErrTokenExpired) {
fmt.Println("Invalid token:", err) msg = "Token expired"
http.Error(w, "Invalid token", http.StatusUnauthorized) }
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)
apiresponse := libshared.NewAPIResponse[AssumeRoleResponse]("fail", msg, AssumeRoleResponse{})
json.NewEncoder(w).Encode(apiresponse)
return return
} }
// Access parsed values claimaccount, ok := claims["account"].(string)
log.Println("sub:", claims.Sub) if !ok {
log.Println("purpose:", claims.Purpose) log.Println("account claim is not a string")
log.Println("account:", claims.Account) // handle error
// exp and iat come from RegisteredClaims
log.Println("exp:", claims.ExpiresAt)
log.Println("iat:", claims.IssuedAt)
if claims.ExpiresAt == nil || time.Now().After(claims.ExpiresAt.Time) {
log.Println("Token expired")
http.Error(w, "Token expired", http.StatusUnauthorized)
return return
} }
log.Println("sub:", claims["sub"])
log.Println("purpose:", claims["purpose"])
log.Println("account:", claimaccount)
log.Println("exp:", claims["exp"])
log.Println("iat:", claims["iat"])
// Read the raw request body // Read the raw request body
body, err := io.ReadAll(r.Body) body, err := io.ReadAll(r.Body)
@@ -136,7 +141,7 @@ func assumeRole(w http.ResponseWriter, r *http.Request) {
checkExisting := libshared.Pool.QueryRow(context.Background(), checkExisting := libshared.Pool.QueryRow(context.Background(),
"SELECT id FROM roles WHERE accountid = $1 AND rolename = $2", "SELECT id FROM roles WHERE accountid = $1 AND rolename = $2",
claims.Account, role.Rolename) claimaccount, role.Rolename)
var existingRoleID int64 var existingRoleID int64
err = checkExisting.Scan(&existingRoleID) err = checkExisting.Scan(&existingRoleID)
@@ -149,7 +154,7 @@ func assumeRole(w http.ResponseWriter, r *http.Request) {
fmt.Println("Role ID", existingRoleID) fmt.Println("Role ID", existingRoleID)
roleToken, err := libshared.CreateJWT(privateKey, claims.Account, role.Rolename, "role") roleToken, err := libshared.CreateJWT(privateKey, claimaccount, role.Rolename, "role")
if err != nil { if err != nil {
log.Println("Error creating JWT:", err) log.Println("Error creating JWT:", err)
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)