New builtin JWT middleware - this one supports encryption and ed25519

Former-commit-id: ca20d256b766e3e8717e91de7a3f3b5f213af0bc

_examples/README.md

@@ -133,8 +133,9 @@
     * [Sitemap](sitemap/main.go)
 * Authentication
     * [Basic Authentication](authentication/basicauth/main.go)
+    * [JWT](miscellaneous/jwt/main.go)
+    * [JWT (community edition)](experimental-handlers/jwt/main.go)
     * [OAUth2](authentication/oauth2/main.go)
-    * [Request Auth(JWT)](experimental-handlers/jwt/main.go)
     * [Manage Permissions](permissions/main.go)
 * Cookies
     * [Basic](cookies/basic/main.go)
@@ -190,6 +191,7 @@
     * [The lorca package](desktop-app/lorca)
     * [The webview package](desktop-app/webview)
 * Middlewares (Builtin)
+    * [JWT](miscellaneous/jwt/main.go)
     * [Rate Limit](miscellaneous/ratelimit/main.go)
     * [HTTP Method Override](https://github.com/kataras/iris/blob/master/middleware/methodoverride/methodoverride_test.go)
     * [Request Logger](http_request/request-logger/main.go)

_examples/authentication/README.md

@@ -2,5 +2,6 @@
 
 - [Basic Authentication](basicauth/main.go)
 - [OAUth2](oauth2/main.go)
-- [Request Auth(JWT)](https://github.com/iris-contrib/middleware/blob/master/jwt)
-- [Sessions](https://github.com/kataras/iris/tree/master/_examples/#sessions)
+- [JWT](https://github.com/kataras/iris/tree/master/_examples/miscellaneous/jwt)
+- [JWT (community edition)](https://github.com/iris-contrib/middleware/blob/master/jwt)
+- [Sessions](https://github.com/kataras/iris/tree/master/_examples/sessions)

_examples/configuration/from-yaml-file/configs/iris.yml

@@ -3,4 +3,6 @@ EnablePathEscape: false
 FireMethodNotAllowed: true
 DisableBodyConsumptionOnUnmarshal: true
 TimeFormat: Mon, 01 Jan 2006 15:04:05 GMT
-Charset: UTF-8
+Charset: UTF-8
+Other:
+  Addr: :8080

_examples/configuration/from-yaml-file/main.go

@@ -14,7 +14,9 @@ func main() {
 	// Good when you have two configurations, one for development and a different one for production use.
 	// If iris.YAML's input string argument is "~" then it loads the configuration from the home directory
 	// and can be shared between many iris instances.
-	app.Listen(":8080", iris.WithConfiguration(iris.YAML("./configs/iris.yml")))
+	cfg := iris.YAML("./configs/iris.yml")
+	addr := cfg.Other["Addr"].(string)
+	app.Listen(addr, iris.WithConfiguration(cfg))
 
 	// or before run:
 	// app.Configure(iris.WithConfiguration(iris.YAML("./configs/iris.yml")))

_examples/miscellaneous/jwt/README.md

@@ -0,0 +1,29 @@
+# Generate RSA
+
+```sh
+$ openssl genrsa -des3 -out private_rsa.pem 2048
+```
+
+```go
+b, err := ioutil.ReadFile("./private_rsa.pem")
+if err != nil {
+    panic(err)
+}
+key := jwt.MustParseRSAPrivateKey(b, []byte("pass"))
+```
+
+OR
+
+```go
+import "crypto/rand"
+import "crypto/rsa"
+
+key, err := rsa.GenerateKey(rand.Reader, 2048)
+```
+
+# Generate Ed25519
+
+```sh
+$ openssl genpkey -algorithm Ed25519 -out private_ed25519.pem
+$ openssl req -x509 -key private_ed25519.pem -out cert_ed25519.pem -days 365
+```

_examples/miscellaneous/jwt/main.go

@@ -0,0 +1,117 @@
+package main
+
+import (
+	"time"
+
+	"github.com/kataras/iris/v12"
+	"github.com/kataras/iris/v12/middleware/jwt"
+)
+
+// UserClaims a custom claims structure. You can just use jwt.Claims too.
+type UserClaims struct {
+	jwt.Claims
+	Username string
+}
+
+func main() {
+	// hmac
+	key := []byte("secret")
+	j, err := jwt.New(1*time.Minute, jwt.HS256, key)
+	if err != nil {
+		panic(err)
+	}
+
+	// OPTIONAL encryption:
+	encryptionKey := []byte("itsa16bytesecret")
+	err = j.WithEncryption(jwt.A128GCM, jwt.DIRECT, encryptionKey)
+	if err != nil {
+		panic(err)
+	}
+
+	app := iris.New()
+	app.Logger().SetLevel("debug")
+
+	app.Get("/authenticate", func(ctx iris.Context) {
+		standardClaims := jwt.Claims{Issuer: "an-issuer", Audience: jwt.Audience{"an-audience"}}
+		// NOTE: if custom claims then the `j.Expiry(claims)` (or jwt.Expiry(duration, claims))
+		// MUST be called in order to set the expiration time.
+		customClaims := UserClaims{
+			Claims:   j.Expiry(standardClaims),
+			Username: "kataras",
+		}
+
+		j.WriteToken(ctx, customClaims)
+	})
+
+	userRouter := app.Party("/user")
+	{
+		// userRouter.Use(j.Verify)
+		// userRouter.Get("/", func(ctx iris.Context) {
+		// 	var claims UserClaims
+		// 	if err := jwt.ReadClaims(ctx, &claims); err != nil {
+		//      // Validation-only errors, the rest are already
+		//      // checked on `j.Verify` middleware.
+		// 		ctx.StopWithStatus(iris.StatusUnauthorized)
+		// 		return
+		// 	}
+		//
+		// 	ctx.Writef("Claims: %#+v\n", claims)
+		// })
+		//
+		// OR:
+		userRouter.Get("/", func(ctx iris.Context) {
+			var claims UserClaims
+			if err := j.VerifyToken(ctx, &claims); err != nil {
+				ctx.StopWithStatus(iris.StatusUnauthorized)
+				return
+			}
+
+			ctx.Writef("Claims: %#+v\n", claims)
+		})
+	}
+
+	app.Listen(":8080")
+}
+
+/*
+func load_From_File_Example() {
+	b, err := ioutil.ReadFile("./private_rsa.pem")
+	if err != nil {
+		panic(err)
+	}
+	signKey := jwt.MustParseRSAPrivateKey(b, []byte("pass"))
+
+	j, err := jwt.New(15*time.Minute, jwt.RS256, signKey)
+	if err != nil {
+		panic(err)
+	}
+}
+*/
+
+/*
+func random_RSA_Sign_And_Encrypt_Example() {
+	j := jwt.Random(1 * time.Minute)
+}
+*/
+
+/*
+func random_manually_generate_RSA_Example() {
+	signey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		panic(err)
+	}
+	encryptionKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		panic(err)
+	}
+
+	j, err := jwt.New(1*time.Minute, jwt.RS256, signey)
+	if err != nil {
+		panic(err)
+	}
+	err = j.WithEncryption(jwt.A128CBCHS256, jwt.RSA15, encryptionKey)
+	if err != nil {
+		panic(err)
+	}
+}
+*/

_examples/miscellaneous/jwt/private_rsa.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6B0BC214C94124FE
+
+lAM48DEM/GdCDimr9Vhi+fSHLgduDb0l2BA4uhILgNby51jxY/4X3IqM6f3ImKX7
+cEd9OBug+pwIugB0UW0L0f5Pd59Ovpiaz3xLci1/19ehYnMqsuP3YAnJm40hT5VP
+p0gWRiR415PJ0fPeeJPFx5IsqvkTJ30LWZHUZX4EkdcL5L8PrVbmthGDbLh+OcMc
+LzoP8eTglzlZF03nyvAol6+p2eZtvOJLu8nWG25q17kyBx6kEiCsWFcUBTX9G7sH
+CM3naByDijqZXE/XXtmTMLSRRnlk7Q5WLxClroHlUP9y8BQFMo2TW4Z+vNjHUkc1
+77ghabX1704bAlIE8LLZJKrm/C5+VKyV6117SVG/2bc4036Y5rStXpANbk1j4K0x
+ADvpRhuTpifaogdvJP+8eXBdl841MQMRzWuZHp6UNYYQegoV9C+KHyJx4UPjZyzd
+gblZmKgU+BsX3mV6MLhJtd6dheLZtpBsAlSstJxzmgwqz9faONYEGeItXO+NnxbA
+mxAp/mI+Fz2jfgYlWjwkyPPzD4k/ZMMzB4XLkKKs9XaxUtTomiDkuYZfnABhxt73
+xBy40V1rb/NyeW80pk1zEHM6Iy/48ETSp9U3k9sSOXjMhYbPXgxDtimV8w0qGFAo
+2Tif7ZuaiuC38rOkoHK9C6vy2Dp8lQZ+QBnUKLeFsyhq9CaqSdnyUTMj3oEZXXf+
+TqqeO+PTtl7JaNfGRq6/aMZqxACHkyVUvYvjZzx07CJ2fr+OtNqxallM6Oc/o9NZ
+5u7lpgrYaKM/b67q0d2X/AoxR5zrZuM8eam3acD1PwHFQKbJWuFNmjWtnlZNuR3X
+fZEmxIKwDlup8TxFcqbbZtPHuQA2mTMTqfRkf8oPSO+N6NNaUpb0ignYyA7Eu5GT
+b02d/oNLETMikxUxntMSH7GhuOpfJyELz8krYTttbJ+a93h4wBeYW2+LyAr/cRLB
+mbtKLtaN7f3FaOSnu8e0+zlJ7xglHPXqblRL9q6ZDM5UJtJD4rA7LPZHk/0Y1Kb6
+hBh1qMDu0r3IV4X7MDacvxw7aa7D8TyXJiFSvxykVhds+ndjIe51Ics5908+lev3
+nwE69PLMwyqe2vvE2oDwao4XJuBLCHjcv/VagRSz/XQGMbZqb3L6unyd3UPl8JjP
+ovipNwM4rFnE54uiUUeki7TZGDYO72vQcSaLrmbeAWc2m202+rqLz0WMm6HpPmCv
+IgexpX2MnIeHJ3+BlEjA2u+S6xNSD7qHGk2pb7DD8nRvUdSHAHeaQbrkEfEhhR2Q
+Dw5gdw1JyQ0UKBl5ndn/1Ub2Asl016lZjpqHyMIVS4tFixACDsihEYMmq/zQmTj4
+8oBZTU+fycN/KiGKZBsqxIwgYIeMz/GfvoyN5m57l6fwEZALVpveI1pP4fiZB/Z8
+xLKa5JK6L10lAD1YHWc1dPhamf9Sb3JwN2CFtGvjOJ/YjAZu3jJoxi40DtRkE3Rh
+HI8Cbx1OORzoo0kO0vy42rz5qunYyVmEzPKtOj+YjVEhVJ85yJZ9bTZtuyqMv8mH
+cnwEeIFK8cmm9asbVzQGDwN/UGB4cO3LrMX1RYk4GRttTGlp0729BbmZmu00RnD/
+-----END RSA PRIVATE KEY-----