|
@@ -95,11 +95,11 @@ func (h *handler) login(c echo.Context) error {
|
|
|
res, err := client.Do(req)
|
|
|
cockie := res.Cookies()
|
|
|
defer res.Body.Close()
|
|
|
- fmt.Println(res.StatusCode)
|
|
|
+ //fmt.Println(res.StatusCode)
|
|
|
if res.StatusCode == 200 {
|
|
|
user := getUserInfo(cockie, username)
|
|
|
- fmt.Println(user.Result.Value)
|
|
|
- tokens, err := generateTokenPair()
|
|
|
+ //fmt.Println(user.Result.Value)
|
|
|
+ tokens, err := generateTokenPair(user)
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
@@ -145,52 +145,53 @@ func getUserInfo(cockie []*http.Cookie, username string) userInfo {
|
|
|
user := userInfo{}
|
|
|
json.Unmarshal(body, &user)
|
|
|
//fmt.Println(user.Result.Value)
|
|
|
+ //fmt.Println(user.Result.Result.MemberofGroup)
|
|
|
return user
|
|
|
}
|
|
|
|
|
|
// This is the api to refresh tokens
|
|
|
// Most of the code is taken from the jwt-go package's sample codes
|
|
|
// https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac
|
|
|
-func (h *handler) token(c echo.Context) error {
|
|
|
- type tokenReqBody struct {
|
|
|
- RefreshToken string `json:"refresh_token"`
|
|
|
- }
|
|
|
- tokenReq := tokenReqBody{}
|
|
|
- c.Bind(&tokenReq)
|
|
|
-
|
|
|
- // Parse takes the token string and a function for looking up the key.
|
|
|
- // The latter is especially useful if you use multiple keys for your application.
|
|
|
- // The standard is to use 'kid' in the head of the token to identify
|
|
|
- // which key to use, but the parsed token (head and claims) is provided
|
|
|
- // to the callback, providing flexibility.
|
|
|
- token, err := jwt.Parse(tokenReq.RefreshToken, func(token *jwt.Token) (interface{}, error) {
|
|
|
- // Don't forget to validate the alg is what you expect:
|
|
|
- if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
|
- return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
|
|
- }
|
|
|
-
|
|
|
- // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
|
|
|
- return []byte("secret"), nil
|
|
|
- })
|
|
|
-
|
|
|
- if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
|
|
- // Get the user record from database or
|
|
|
- // run through your business logic to verify if the user can log in
|
|
|
- if int(claims["sub"].(float64)) == 1 {
|
|
|
-
|
|
|
- newTokenPair, err := generateTokenPair()
|
|
|
- if err != nil {
|
|
|
- return err
|
|
|
- }
|
|
|
-
|
|
|
- return c.JSON(http.StatusOK, newTokenPair)
|
|
|
- }
|
|
|
-
|
|
|
- return echo.ErrUnauthorized
|
|
|
- }
|
|
|
-
|
|
|
- return err
|
|
|
-}
|
|
|
+//func (h *handler) token(c echo.Context) error {
|
|
|
+// type tokenReqBody struct {
|
|
|
+// RefreshToken string `json:"refresh_token"`
|
|
|
+// }
|
|
|
+// tokenReq := tokenReqBody{}
|
|
|
+// c.Bind(&tokenReq)
|
|
|
+//
|
|
|
+// // Parse takes the token string and a function for looking up the key.
|
|
|
+// // The latter is especially useful if you use multiple keys for your application.
|
|
|
+// // The standard is to use 'kid' in the head of the token to identify
|
|
|
+// // which key to use, but the parsed token (head and claims) is provided
|
|
|
+// // to the callback, providing flexibility.
|
|
|
+// token, err := jwt.Parse(tokenReq.RefreshToken, func(token *jwt.Token) (interface{}, error) {
|
|
|
+// // Don't forget to validate the alg is what you expect:
|
|
|
+// if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
|
+// return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
|
|
+// }
|
|
|
+//
|
|
|
+// // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
|
|
|
+// return []byte("secret"), nil
|
|
|
+// })
|
|
|
+//
|
|
|
+// if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
|
|
+// // Get the user record from database or
|
|
|
+// // run through your business logic to verify if the user can log in
|
|
|
+// if int(claims["sub"].(float64)) == 1 {
|
|
|
+//
|
|
|
+// newTokenPair, err := generateTokenPair()
|
|
|
+// if err != nil {
|
|
|
+// return err
|
|
|
+// }
|
|
|
+//
|
|
|
+// return c.JSON(http.StatusOK, newTokenPair)
|
|
|
+// }
|
|
|
+//
|
|
|
+// return echo.ErrUnauthorized
|
|
|
+// }
|
|
|
+//
|
|
|
+// return err
|
|
|
+//}
|
|
|
|
|
|
// Most of the code is taken from the echo guide
|
|
|
// https://echo.labstack.com/cookbook/jwt
|