Working through assume role
This commit is contained in:
@@ -4,6 +4,7 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"libshared"
|
"libshared"
|
||||||
@@ -28,6 +29,7 @@ type AssumeRoleResponse struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var privateKey *rsa.PrivateKey
|
var privateKey *rsa.PrivateKey
|
||||||
|
var publicKey *rsa.PublicKey
|
||||||
|
|
||||||
func assumeRole(w http.ResponseWriter, r *http.Request) {
|
func assumeRole(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
@@ -74,36 +76,39 @@ func assumeRole(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
tokenString := parts[1]
|
tokenString := parts[1]
|
||||||
|
|
||||||
// Replace with your actual secret or keyfunc
|
claims, err := libshared.ValidateJWT(publicKey, tokenString)
|
||||||
secret := []byte("super-secret-key")
|
|
||||||
|
|
||||||
claims := &MyClaims{}
|
if err != nil {
|
||||||
|
log.Println("Invalid token:", err)
|
||||||
|
|
||||||
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
|
msg := "Invalid token"
|
||||||
// Validate signing method if needed
|
|
||||||
return secret, nil
|
|
||||||
})
|
|
||||||
|
|
||||||
if err != nil || !token.Valid {
|
if errors.Is(err, jwt.ErrTokenExpired) {
|
||||||
fmt.Println("Invalid token:", err)
|
msg = "Token expired"
|
||||||
http.Error(w, "Invalid token", http.StatusUnauthorized)
|
}
|
||||||
|
|
||||||
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
|
|
||||||
|
apiresponse := libshared.NewAPIResponse[AssumeRoleResponse]("fail", msg, AssumeRoleResponse{})
|
||||||
|
|
||||||
|
json.NewEncoder(w).Encode(apiresponse)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Access parsed values
|
claimaccount, ok := claims["account"].(string)
|
||||||
log.Println("sub:", claims.Sub)
|
if !ok {
|
||||||
log.Println("purpose:", claims.Purpose)
|
log.Println("account claim is not a string")
|
||||||
log.Println("account:", claims.Account)
|
// handle error
|
||||||
// exp and iat come from RegisteredClaims
|
|
||||||
log.Println("exp:", claims.ExpiresAt)
|
|
||||||
log.Println("iat:", claims.IssuedAt)
|
|
||||||
|
|
||||||
if claims.ExpiresAt == nil || time.Now().After(claims.ExpiresAt.Time) {
|
|
||||||
log.Println("Token expired")
|
|
||||||
http.Error(w, "Token expired", http.StatusUnauthorized)
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Println("sub:", claims["sub"])
|
||||||
|
log.Println("purpose:", claims["purpose"])
|
||||||
|
log.Println("account:", claimaccount)
|
||||||
|
log.Println("exp:", claims["exp"])
|
||||||
|
log.Println("iat:", claims["iat"])
|
||||||
|
|
||||||
// Read the raw request body
|
// Read the raw request body
|
||||||
body, err := io.ReadAll(r.Body)
|
body, err := io.ReadAll(r.Body)
|
||||||
|
|
||||||
@@ -136,7 +141,7 @@ func assumeRole(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
checkExisting := libshared.Pool.QueryRow(context.Background(),
|
checkExisting := libshared.Pool.QueryRow(context.Background(),
|
||||||
"SELECT id FROM roles WHERE accountid = $1 AND rolename = $2",
|
"SELECT id FROM roles WHERE accountid = $1 AND rolename = $2",
|
||||||
claims.Account, role.Rolename)
|
claimaccount, role.Rolename)
|
||||||
|
|
||||||
var existingRoleID int64
|
var existingRoleID int64
|
||||||
err = checkExisting.Scan(&existingRoleID)
|
err = checkExisting.Scan(&existingRoleID)
|
||||||
@@ -149,7 +154,7 @@ func assumeRole(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
fmt.Println("Role ID", existingRoleID)
|
fmt.Println("Role ID", existingRoleID)
|
||||||
|
|
||||||
roleToken, err := libshared.CreateJWT(privateKey, claims.Account, role.Rolename, "role")
|
roleToken, err := libshared.CreateJWT(privateKey, claimaccount, role.Rolename, "role")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error creating JWT:", err)
|
log.Println("Error creating JWT:", err)
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
|||||||
Reference in New Issue
Block a user