add context partial user helper and accept a generic interface on SetUser - the same method now returns an error if the given value does not complete at least one method of the User interface

2025-12-18 02:17:05 +00:00 · 2020-10-31 15:47:28 +02:00
parent 8eea0296a7
commit 3d59d19de6
8 changed files with 356 additions and 191 deletions
--- a/middleware/basicauth/basicauth_test.go
+++ b/middleware/basicauth/basicauth_test.go
@@ -26,7 +26,11 @@ func TestBasicAuthUseRouter(t *testing.T) {

 	app.Get("/user_string", func(ctx iris.Context) {
 		user := ctx.User()
-		ctx.Writef("%s\n%s\n%s", user.GetAuthorization(), user.GetUsername(), user.GetPassword())
+
+		authorization, _ := user.GetAuthorization()
+		username, _ := user.GetUsername()
+		password, _ := user.GetPassword()
+		ctx.Writef("%s\n%s\n%s", authorization, username, password)
 	})

 	app.Get("/", func(ctx iris.Context) {
--- a/middleware/jwt/signer.go
+++ b/middleware/jwt/signer.go
@@ -24,8 +24,8 @@ func NewSigner(signatureAlg Alg, signatureKey interface{}, maxAge time.Duration)
 	}
 }

-// WithGCM enables AES-GCM payload decryption.
-func (s *Signer) WithGCM(key, additionalData []byte) *Signer {
+// WithEncryption enables AES-GCM payload decryption.
+func (s *Signer) WithEncryption(key, additionalData []byte) *Signer {
 	encrypt, _, err := jwt.GCM(key, additionalData)
 	if err != nil {
 		panic(err) // important error before serve, stop everything.
@@ -35,10 +35,14 @@ func (s *Signer) WithGCM(key, additionalData []byte) *Signer {
 	return s
 }

+// Sign generates a new token based on the given "claims" which is valid up to "s.MaxAge".
 func (s *Signer) Sign(claims interface{}, opts ...SignOption) ([]byte, error) {
 	return SignEncrypted(s.Alg, s.Key, s.Encrypt, claims, append([]SignOption{MaxAge(s.MaxAge)}, opts...)...)
 }

+// NewTokenPair accepts the access and refresh claims plus the life time duration for the refresh token
+// and generates a new token pair which can be sent to the client.
+// The same token pair can be json-decoded.
 func (s *Signer) NewTokenPair(accessClaims interface{}, refreshClaims interface{}, refreshMaxAge time.Duration, accessOpts ...SignOption) (TokenPair, error) {
 	if refreshMaxAge <= s.MaxAge {
 		return TokenPair{}, fmt.Errorf("refresh max age should be bigger than access token's one[%d - %d]", refreshMaxAge, s.MaxAge)
--- a/middleware/jwt/verifier.go
+++ b/middleware/jwt/verifier.go
@@ -49,6 +49,8 @@ type Verifier struct {
 	Validators []TokenValidator

 	ErrorHandler func(ctx *context.Context, err error)
+	// DisableContextUser disables the registration of the claims as context User.
+	DisableContextUser bool
 }

 // NewVerifier accepts the algorithm for the token's signature among with its (private) key
@@ -67,8 +69,8 @@ func NewVerifier(signatureAlg Alg, signatureKey interface{}, validators ...Token
 	}
 }

-// WithGCM enables AES-GCM payload encryption.
-func (v *Verifier) WithGCM(key, additionalData []byte) *Verifier {
+// WithDecryption enables AES-GCM payload encryption.
+func (v *Verifier) WithDecryption(key, additionalData []byte) *Verifier {
 	_, decrypt, err := jwt.GCM(key, additionalData)
 	if err != nil {
 		panic(err) // important error before serve, stop everything.
@@ -176,8 +178,8 @@ func (v *Verifier) Verify(claimsType func() interface{}, validators ...TokenVali
 				}
 			}

-			if u, ok := dest.(context.User); ok {
-				ctx.SetUser(u)
+			if !v.DisableContextUser {
+				ctx.SetUser(dest)
 			}

 			ctx.Values().Set(claimsContextKey, dest)