As noticed in my previous commit, the existing jwt libraries added a lot of performance cost between jwt-featured requests and simple requests. That's why a new custom JWT parser was created. This commit adds our custom jwt parser as the underline token signer and verifier

2025-12-19 02:47:04 +00:00 · 2020-10-30 22:12:16 +02:00
parent d517f36a29
commit 8eea0296a7
21 changed files with 750 additions and 2431 deletions
--- a/_examples/auth/jwt/middleware/main.go
+++ b/_examples/auth/jwt/middleware/main.go
@@ -0,0 +1,91 @@
+package main
+
+import (
+	"time"
+
+	"github.com/kataras/iris/v12"
+	"github.com/kataras/iris/v12/middleware/jwt"
+)
+
+var (
+	sigKey = []byte("signature_hmac_secret_shared_key")
+	encKey = []byte("GCM_AES_256_secret_shared_key_32")
+)
+
+type fooClaims struct {
+	Foo string `json:"foo"`
+}
+
+/*
+In this example you will learn the essentials
+of the Iris builtin JWT middleware based on the github.com/kataras/jwt package.
+*/
+
+func main() {
+	app := iris.New()
+
+	signer := jwt.NewSigner(jwt.HS256, sigKey, 10*time.Minute)
+	// Enable payload encryption with:
+	// signer.WithGCM(encKey, nil)
+	app.Get("/", generateToken(signer))
+
+	verifier := jwt.NewVerifier(jwt.HS256, sigKey)
+	// Enable server-side token block feature (even before its expiration time):
+	verifier.WithDefaultBlocklist()
+	// Enable payload decryption with:
+	// verifier.WithGCM(encKey, nil)
+	verifyMiddleware := verifier.Verify(func() interface{} {
+		return new(fooClaims)
+	})
+
+	protectedAPI := app.Party("/protected")
+	// Register the verify middleware to allow access only to authorized clients.
+	protectedAPI.Use(verifyMiddleware)
+	// ^ or UseRouter(verifyMiddleware) to disallow unauthorized http error handlers too.
+
+	protectedAPI.Get("/", protected)
+	// Invalidate the token through server-side, even if it's not expired yet.
+	protectedAPI.Get("/logout", logout)
+
+	// http://localhost:8080
+	// http://localhost:8080/protected?token=$token (or Authorization: Bearer $token)
+	// http://localhost:8080/protected/logout?token=$token
+	// http://localhost:8080/protected?token=$token (401)
+	app.Listen(":8080")
+}
+
+func generateToken(signer *jwt.Signer) iris.Handler {
+	return func(ctx iris.Context) {
+		claims := fooClaims{Foo: "bar"}
+
+		token, err := signer.Sign(claims)
+		if err != nil {
+			ctx.StopWithStatus(iris.StatusInternalServerError)
+			return
+		}
+
+		ctx.Write(token)
+	}
+}
+
+func protected(ctx iris.Context) {
+	// Get the verified and decoded claims.
+	claims := jwt.Get(ctx).(*fooClaims)
+
+	// Optionally, get token information if you want to work with them.
+	// Just an example on how you can retrieve all the standard claims (set by signer's max age, "exp").
+	standardClaims := jwt.GetVerifiedToken(ctx).StandardClaims
+	expiresAtString := standardClaims.ExpiresAt().Format(ctx.Application().ConfigurationReadOnly().GetTimeFormat())
+	timeLeft := standardClaims.Timeleft()
+
+	ctx.Writef("foo=%s\nexpires at: %s\ntime left: %s\n", claims.Foo, expiresAtString, timeLeft)
+}
+
+func logout(ctx iris.Context) {
+	err := ctx.Logout()
+	if err != nil {
+		ctx.WriteString(err.Error())
+	} else {
+		ctx.Writef("token invalidated, a new token is required to access the protected API")
+	}
+}