fixed
This commit is contained in:
@@ -2,6 +2,7 @@ package helper
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"authentication/models"
|
"authentication/models"
|
||||||
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
@@ -20,14 +21,22 @@ func ExtractEmailFromToken(tokenString string) (string, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
token, err := jwt.ParseWithClaims(tokenString, &models.AccessToken{}, func(token *jwt.Token) (interface{}, error) {
|
token, err := jwt.ParseWithClaims(tokenString, &models.AccessToken{}, func(token *jwt.Token) (interface{}, error) {
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
|
||||||
return nil, errors.New("unexpected signing method")
|
return nil, errors.New("unexpected signing method: expected RSA")
|
||||||
}
|
}
|
||||||
secretKey := os.Getenv("JWT_SECRET_KEY")
|
publicKeyPEM := os.Getenv("JWT_PUBLIC_KEY")
|
||||||
if secretKey == "" {
|
if publicKeyPEM == "" {
|
||||||
return nil, errors.New("JWT secret key not set")
|
return nil, errors.New("JWT public key not set")
|
||||||
}
|
}
|
||||||
return []byte(secretKey), nil
|
block, _ := pem.Decode([]byte(publicKeyPEM))
|
||||||
|
if block == nil {
|
||||||
|
return nil, errors.New("failed to decode PEM block")
|
||||||
|
}
|
||||||
|
pubKey, err := jwt.ParseRSAPublicKeyFromPEM([]byte(publicKeyPEM))
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.New("failed to parse RSA public key")
|
||||||
|
}
|
||||||
|
return pubKey, nil
|
||||||
})
|
})
|
||||||
|
|
||||||
if err == nil && token.Valid {
|
if err == nil && token.Valid {
|
||||||
@@ -42,14 +51,22 @@ func ExtractEmailFromToken(tokenString string) (string, error) {
|
|||||||
// If AccessToken parsing failed, try MapClaims for backward compatibility
|
// If AccessToken parsing failed, try MapClaims for backward compatibility
|
||||||
log.Printf("AccessToken parsing failed: %v, trying MapClaims fallback", err)
|
log.Printf("AccessToken parsing failed: %v, trying MapClaims fallback", err)
|
||||||
token, err = jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
token, err = jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
|
||||||
return nil, errors.New("unexpected signing method")
|
return nil, errors.New("unexpected signing method: expected RSA")
|
||||||
}
|
}
|
||||||
secretKey := os.Getenv("JWT_SECRET_KEY")
|
publicKeyPEM := os.Getenv("JWT_PUBLIC_KEY")
|
||||||
if secretKey == "" {
|
if publicKeyPEM == "" {
|
||||||
return nil, errors.New("JWT secret key not set")
|
return nil, errors.New("JWT public key not set")
|
||||||
}
|
}
|
||||||
return []byte(secretKey), nil
|
block, _ := pem.Decode([]byte(publicKeyPEM))
|
||||||
|
if block == nil {
|
||||||
|
return nil, errors.New("failed to decode PEM block")
|
||||||
|
}
|
||||||
|
pubKey, err := jwt.ParseRSAPublicKeyFromPEM([]byte(publicKeyPEM))
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.New("failed to parse RSA public key")
|
||||||
|
}
|
||||||
|
return pubKey, nil
|
||||||
})
|
})
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
+15
-2
@@ -4,6 +4,7 @@ package middleware
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
@@ -155,10 +156,22 @@ func isSessionBlacklisted(sessionID string) bool {
|
|||||||
|
|
||||||
func parseToken(tokenString, secretKey string) (*jwt.Token, error) {
|
func parseToken(tokenString, secretKey string) (*jwt.Token, error) {
|
||||||
return jwt.ParseWithClaims(tokenString, jwt.MapClaims{}, func(token *jwt.Token) (interface{}, error) {
|
return jwt.ParseWithClaims(tokenString, jwt.MapClaims{}, func(token *jwt.Token) (interface{}, error) {
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if token.Method != jwt.SigningMethodRS256 {
|
||||||
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||||||
}
|
}
|
||||||
return []byte(secretKey), nil
|
publicKeyPEM := os.Getenv("JWT_PUBLIC_KEY")
|
||||||
|
if publicKeyPEM == "" {
|
||||||
|
return nil, fmt.Errorf("JWT public key not set")
|
||||||
|
}
|
||||||
|
block, _ := pem.Decode([]byte(publicKeyPEM))
|
||||||
|
if block == nil {
|
||||||
|
return nil, fmt.Errorf("failed to decode PEM block")
|
||||||
|
}
|
||||||
|
pubKey, err := jwt.ParseRSAPublicKeyFromPEM([]byte(publicKeyPEM))
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to parse RSA public key")
|
||||||
|
}
|
||||||
|
return pubKey, nil
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user