-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjwt.go
76 lines (71 loc) · 1.98 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package gojwt
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"encoding/json"
"fmt"
"strings"
)
type Header struct {
Type string `json:"typ"`
Algorithm string `json:"alg"`
}
type Payload struct {
Subject string `json:"sub"`
Platform string `json:"plt"`
}
func Create(subject string, platform string, secret string) (string, error) {
inputString := Header{
Type: "jwt",
Algorithm: "HS256",
}
headerJson, err := json.Marshal(inputString)
if err != nil {
return "", err
}
inputBytes := []byte(headerJson)
encodedString := base64.RawStdEncoding.EncodeToString(inputBytes)
payload := Payload{
Subject: subject,
Platform: platform,
}
payloadJson, err := json.Marshal(payload)
if err != nil {
return "", err
}
payloadBytes := []byte(payloadJson)
payloadEncodedString := base64.RawStdEncoding.EncodeToString(payloadBytes)
data := fmt.Sprintf("%s.%s", encodedString, payloadEncodedString)
secretBytes := []byte(secret)
hasher := hmac.New(sha256.New, secretBytes)
hasher.Write([]byte(data))
signature := hasher.Sum(nil)
signatureHex := hex.EncodeToString(signature)
jwt := fmt.Sprintf("%s.%s.%s", encodedString, payloadEncodedString, signatureHex)
return jwt, nil
}
// VerifySignature verifies that jwt is not-tempered and returns Payload
func VerifySignature(jwt string, secret string) (*Payload, error) {
if len(jwt) == 0 {
return nil, fmt.Errorf("malformed jwt")
}
explodedJwt := strings.Split(jwt, ".")
if len(explodedJwt) < 3 {
return nil, fmt.Errorf("malformed jwt")
}
data := fmt.Sprintf("%s.%s", explodedJwt[0], explodedJwt[1])
secretBytes := []byte(secret)
hasher := hmac.New(sha256.New, secretBytes)
hasher.Write([]byte(data))
signature := hasher.Sum(nil)
signatureHex := hex.EncodeToString(signature)
if signatureHex == explodedJwt[2] {
var p Payload
payload, err := base64.RawStdEncoding.DecodeString(explodedJwt[1])
err = json.Unmarshal(payload, &p)
return &p, err
}
return nil, fmt.Errorf("signature failed")
}