-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
103 lines (85 loc) · 2.3 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package main
import (
"crypto/rsa"
"errors"
"fmt"
"log"
"net/http"
"os"
"regexp"
"github.com/golang-jwt/jwt/v5"
)
var (
ErrInvalidAuthorization = errors.New("invalid authorization Bearer token header")
ErrInvalidToken = errors.New("invalid bearer JWT token")
publicKey *rsa.PublicKey
)
type Claims struct {
jwt.RegisteredClaims
EmailVerified bool `json:"email_verified"`
Name string `json:"name"`
PreferredUsername string `json:"preferred_username"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
Email string `json:"email"`
}
var re = regexp.MustCompile("(?i:bearer) (.+)$")
func parseBearerToken(authorization string) (string, error) {
matches := re.FindStringSubmatch(authorization)
if len(matches) != 2 {
return "", ErrInvalidAuthorization
}
return matches[1], nil
}
func parseJWTToken(tokenString string) (*Claims, error) {
c := Claims{}
token, err := jwt.ParseWithClaims(tokenString, &c, func(token *jwt.Token) (interface{}, error) {
if token.Header["alg"] != "RS256" {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return publicKey, nil
})
if err != nil {
return nil, err
}
if !token.Valid {
return nil, ErrInvalidToken
}
return &c, nil
}
func init() {
spublicKey := os.Getenv("PUBLIC_KEY")
if spublicKey == "" {
panic("PUBLIC_KEY environment variable not set")
}
var err error
publicKey, err = jwt.ParseRSAPublicKeyFromPEM([]byte("-----BEGIN CERTIFICATE-----\n" + spublicKey + "\n-----END CERTIFICATE-----"))
if err != nil {
panic(err)
}
log.Println("Public key loaded")
}
func main() {
// no matter what the Method or URL is, we always check the Authorization header
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
authorization := r.Header.Get("Authorization")
token, err := parseBearerToken(authorization)
if err != nil {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
// Parse the JWT token
claims, err := parseJWTToken(token)
if err != nil {
http.Error(w, err.Error(), http.StatusUnauthorized)
return
}
log.Println(claims)
w.WriteHeader(http.StatusNoContent)
})
log.Println("Server started")
err := http.ListenAndServe(":8080", nil)
if err != nil {
panic(err)
}
}