diff --git a/auth_utility.go b/auth_utility.go index 333f629..93a7fdb 100644 --- a/auth_utility.go +++ b/auth_utility.go @@ -20,7 +20,7 @@ const secret = "korisnicki-centar-api" type Role struct { Name string `json:"name"` - ID uint32 `json:"id"` + ID int `json:"id"` } // TokenClaims are JWT token claims. @@ -29,20 +29,13 @@ type TokenClaims struct { TokenType string `json:"token_type"` Username string `json:"username"` Role string `json:"role"` - RoleID uint32 `json:"role_id"` + RoleID int `json:"role_id"` ExpiresIn int64 `json:"expires_in"` // extending a struct jwt.StandardClaims } -// CredentialsStruct is an instace of username/password values. -type CredentialsStruct struct { - Username string `json:"username"` - Password string `json:"password"` - RoleID uint32 `json:"roleID"` -} - // ValidateCredentials hashes pass and salt and returns comparison result with resultHash func ValidateCredentials(pass, salt, resultHash string) bool { hash, _, err := CreateHash(pass, salt) @@ -112,12 +105,10 @@ func CreateAuthToken(username string, role Role) (TokenClaims, error) { return claims, nil } -// RefreshAuthToken prolongs JWT token's expiration date for one week. +// RefreshAuthToken returns new JWT token with sprolongs JWT token's expiration date for one week. // It returns new JWT token or an error if it fails. -func RefreshAuthToken(req *http.Request) (TokenClaims, error) { - authHead := req.Header.Get("Authorization") - tokenstr := strings.TrimPrefix(authHead, "Bearer ") - token, err := jwt.ParseWithClaims(tokenstr, &TokenClaims{}, secretFunc) +func RefreshAuthToken(tok string) (TokenClaims, error) { + token, err := jwt.ParseWithClaims(tok, &TokenClaims{}, secretFunc) if err != nil { if validation, ok := err.(*jwt.ValidationError); ok { // don't return error if token is expired @@ -174,9 +165,8 @@ func RbacCheck(req *http.Request, authRoles []string) bool { // ProcessRBAC returns token claims and boolean value based on user's rights to access resource specified in req. // It exctracts user's role from the JWT token located in Authorization header of -// http.Request and then compares it with the list of supplied roles and returns -// true if there's a match, if "*" is provided or if the authRoles is nil. -// Otherwise it returns false. +// HTTP request and then compares it with the list of supplied (authorized); +// it returns true if there's a match, if "*" is provided or if the authRoles is nil. func ProcessRBAC(req *http.Request, authRoles []string) (*TokenClaims, bool) { if authRoles == nil { return nil, true