Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

Commit

Permalink
Merge pull request #129 from MicahParks/master
Browse files Browse the repository at this point in the history 
Upgrade to github.com/golang-jwt/jwt/v5 and use github.com/MicahParks/keyfunc/v2 for JWK Set client
  • Loading branch information
@ReneWerner87
ReneWerner87 authored May 19, 2023
2 parents 3df1478 + d355447 commit 2cb352e
Show file tree
Hide file tree
Showing 12 changed files with 197 additions and 661 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/gotidy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.17
go-version: 1.18
-
name: Tidy
run: |
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ jobs:
strategy:
matrix:
go-version:
- 1.17.x
- 1.18.x
- 1.20.x
platform:
Expand Down
64 changes: 29 additions & 35 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ This middleware supports Fiber v1 & v2, install accordingly.

```
go get -u github.com/gofiber/fiber/v2
go get -u github.com/gofiber/jwt/v3
go get -u github.com/golang-jwt/jwt/v4
go get -u github.com/gofiber/jwt/v4
go get -u github.com/golang-jwt/jwt/v5
```

### Signature
Expand All @@ -29,27 +29,19 @@ jwtware.New(config ...jwtware.Config) func(*fiber.Ctx) error
```

### Config
| Property | Type | Description | Default |
|:-------------------------| :--- |:-----------------------------------------------------------------------------------------------------------------------------------------------------| :--- |
| Filter | `func(*fiber.Ctx) bool` | Defines a function to skip middleware | `nil` |
| SuccessHandler | `func(*fiber.Ctx) error` | SuccessHandler defines a function which is executed for a valid token. | `nil` |
| ErrorHandler | `func(*fiber.Ctx, error) error` | ErrorHandler defines a function which is executed for an invalid token. | `401 Invalid or expired JWT` |
| SigningKey | `interface{}` | Signing key to validate token. Used as fallback if SigningKeys has length 0. | `nil` |
| SigningKeys | `map[string]interface{}` | Map of signing keys to validate token with kid field usage. | `nil` |
| SigningMethod | `string` | Signing method, used to check token signing method. Possible values: `HS256`, `HS384`, `HS512`, `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512` | `"HS256"` |
| ContextKey | `string` | Context key to store user information from the token into context. | `"user"` |
| Claims | `jwt.Claim` | Claims are extendable claims data defining token content. | `jwt.MapClaims{}` |
| TokenLookup | `string` | TokenLookup is a string in the form of `<source>:<name>` that is used | `"header:Authorization"` |
| AuthScheme | `string` | AuthScheme to be used in the Authorization header. The default value (`"Bearer"`) will only be used in conjuction with the default `TokenLookup` value. | `"Bearer"` |
| KeySetURL(deprecated) | `string` | KeySetURL location of JSON file with signing keys. | `""` |
| KeySetURLs | `string` | KeySetURL locations of JSON file with signing keys. | `""` |
| KeyRefreshSuccessHandler | `func(j *KeySet)` | KeyRefreshSuccessHandler defines a function which is executed for a valid refresh of signing keys. | `nil` |
| KeyRefreshErrorHandler | `func(j *KeySet, err error)` | KeyRefreshErrorHandler defines a function which is executed for an invalid refresh of signing keys. | `nil` |
| KeyRefreshInterval | `*time.Duration` | KeyRefreshInterval is the duration to refresh the JWKs in the background via a new HTTP request. | `nil` |
| KeyRefreshRateLimit | `*time.Duration` | KeyRefreshRateLimit limits the rate at which refresh requests are granted. | `nil` |
| KeyRefreshTimeout | `*time.Duration` | KeyRefreshTimeout is the duration for the context used to create the HTTP request for a refresh of the JWKs. | `1min` |
| KeyRefreshUnknownKID | `bool` | KeyRefreshUnknownKID indicates that the JWKs refresh request will occur every time a kid that isn't cached is seen. | `false` |
| KeyFunc | `func() jwt.Keyfunc` | KeyFunc defines a user-defined function that supplies the public key for a token validation. | `jwtKeyFunc` |
| Property | Type | Description | Default |
|:---------------|:--------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------|
| Filter | `func(*fiber.Ctx) bool` | Defines a function to skip middleware | `nil` |
| SuccessHandler | `func(*fiber.Ctx) error` | SuccessHandler defines a function which is executed for a valid token. | `nil` |
| ErrorHandler | `func(*fiber.Ctx, error) error` | ErrorHandler defines a function which is executed for an invalid token. | `401 Invalid or expired JWT` |
| SigningKey | `interface{}` | Signing key to validate token. Used as fallback if SigningKeys has length 0. | `nil` |
| SigningKeys | `map[string]interface{}` | Map of signing keys to validate token with kid field usage. | `nil` |
| ContextKey | `string` | Context key to store user information from the token into context. | `"user"` |
| Claims | `jwt.Claim` | Claims are extendable claims data defining token content. | `jwt.MapClaims{}` |
| TokenLookup | `string` | TokenLookup is a string in the form of `<source>:<name>` that is used | `"header:Authorization"` |
| AuthScheme | `string` | AuthScheme to be used in the Authorization header. The default value (`"Bearer"`) will only be used in conjuction with the default `TokenLookup` value. | `"Bearer"` |
| KeyFunc | `func() jwt.Keyfunc` | KeyFunc defines a user-defined function that supplies the public key for a token validation. | `jwtKeyFunc` |
| JWKSetURLs | `[]string` | A slice of unique JSON Web Key (JWK) Set URLs to used to parse JWTs. | `nil` |


### HS256 Example
Expand All @@ -61,8 +53,8 @@ import (

"github.com/gofiber/fiber/v2"

jwtware "github.com/gofiber/jwt/v3"
"github.com/golang-jwt/jwt/v4"
jwtware "github.com/gofiber/jwt/v4"
"github.com/golang-jwt/jwt/v5"
)

func main() {
Expand All @@ -76,7 +68,7 @@ func main() {

// JWT Middleware
app.Use(jwtware.New(jwtware.Config{
SigningKey: []byte("secret"),
SigningKey: SigningKey{Key: []byte("secret")},
}))

// Restricted Routes
Expand Down Expand Up @@ -160,8 +152,9 @@ import (

"github.com/gofiber/fiber/v2"

jwtware "github.com/gofiber/jwt/v3"
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"

jwtware "github.com/gofiber/jwt/v4"
)

var (
Expand Down Expand Up @@ -190,8 +183,10 @@ func main() {

// JWT Middleware
app.Use(jwtware.New(jwtware.Config{
SigningMethod: "RS256",
SigningKey: privateKey.Public(),
SigningKey: jwtware.SigningKey{
JWTAlg: jwtware.RS256,
Key: privateKey.Public(),
},
}))

// Restricted Routes
Expand Down Expand Up @@ -239,14 +234,13 @@ func restricted(c *fiber.Ctx) error {
name := claims["name"].(string)
return c.SendString("Welcome " + name)
}

```

### RS256 Test
The RS256 is actually identical to the HS256 test above.

### JWKs Test
The tests are identical to basic `JWT` tests above, with exception that `KeySetURL`(deprecated) or `KeySetUrls` to valid public keys collection in JSON format should be supplied.
### JWK Set Test
The tests are identical to basic `JWT` tests above, with exception that `JWKSetURLs` to valid public keys collection in JSON Web Key (JWK) Set format should be supplied. See [RFC 7517](https://www.rfc-editor.org/rfc/rfc7517).

### Custom KeyFunc example

Expand All @@ -267,8 +261,8 @@ import (
"fmt"
"github.com/gofiber/fiber/v2"

jwtware "github.com/gofiber/jwt/v3"
"github.com/golang-jwt/jwt/v4"
jwtware "github.com/gofiber/jwt/v4"
"github.com/golang-jwt/jwt/v5"
)

func main() {
Expand Down
Loading

0 comments on commit 2cb352e

Please sign in to comment.