nihonium/nyanimedb
1
0
Fork 1
Code Issues 10 Pull requests Releases Packages 3 Activity Actions

feat: use JWT Subject
All checks were successful
Build and Deploy Go App / build (push) Successful in 6m1s
Details
Build and Deploy Go App / deploy (push) Successful in 37s
Details

Browse source
This commit is contained in:
nihonium 2025-12-06 06:47:01 +03:00
parent 713c0adc14
commit 714ef57027
Signed by: nihonium
GPG key ID: 0251623741027CFC
3 changed files with 15 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

5
auth/claims.go
View file

@ -3,8 +3,7 @@ package auth
import "github.com/golang-jwt/jwt/v5"
type TokenClaims struct {
UserID string `json:"user_id"`
Type string `json:"type"`
ImpID *string `json:"imp_id,omitempty"`
Type string `json:"type"`
ImpID *string `json:"imp_id,omitempty"`
jwt.RegisteredClaims
}

22
modules/auth/handlers/handlers.go
View file

@ -50,10 +50,10 @@ func CheckPassword(password, hash string) (bool, error) {
func (s *Server) generateImpersonationToken(userID string, impersonatedBy string) (string, error) {
now := time.Now()
claims := auth.TokenClaims{
UserID: userID,
ImpID: &impersonatedBy,
Type: "access",
ImpID: &impersonatedBy,
Type: "access",
RegisteredClaims: jwt.RegisteredClaims{
Subject: userID,
IssuedAt: jwt.NewNumericDate(now),
ExpiresAt: jwt.NewNumericDate(now.Add(15 * time.Minute)),
ID: generateJTI(),
@ -69,9 +69,9 @@ func (s *Server) generateTokens(userID string) (accessToken string, refreshToken
// Access token (15 мин)
accessClaims := auth.TokenClaims{
UserID: userID,
Type: "access",
Type: "access",
RegisteredClaims: jwt.RegisteredClaims{
Subject: userID,
IssuedAt: jwt.NewNumericDate(now),
ExpiresAt: jwt.NewNumericDate(now.Add(15 * time.Minute)),
ID: generateJTI(),
@ -85,9 +85,9 @@ func (s *Server) generateTokens(userID string) (accessToken string, refreshToken
// Refresh token (7 дней)
refreshClaims := auth.TokenClaims{
UserID: userID,
Type: "refresh",
Type: "refresh",
RegisteredClaims: jwt.RegisteredClaims{
Subject: userID,
IssuedAt: jwt.NewNumericDate(now),
ExpiresAt: jwt.NewNumericDate(now.Add(7 * 24 * time.Hour)),
ID: generateJTI(),
@ -154,7 +154,7 @@ func (s Server) PostSignIn(ctx context.Context, req auth.PostSignInRequestObject
return auth.PostSignIn401Response{}, nil
}
accessToken, refreshToken, csrfToken, err := s.generateTokens(req.Body.Nickname)
accessToken, refreshToken, csrfToken, err := s.generateTokens(fmt.Sprintf("%d", user.ID))
if err != nil {
log.Errorf("failed to generate tokens for user %s: %v", req.Body.Nickname, err)
// TODO: return 500
@ -260,7 +260,7 @@ func (s Server) RefreshTokens(ctx context.Context, req auth.RefreshTokensRequest
}
claims, ok := token.Claims.(*auth.TokenClaims)
if !ok || claims.UserID == "" {
if !ok || claims.Subject == "" {
log.Print("invalid refresh token claims")
return auth.RefreshTokens401Response{}, nil
}
@ -269,9 +269,9 @@ func (s Server) RefreshTokens(ctx context.Context, req auth.RefreshTokensRequest
return auth.RefreshTokens401Response{}, nil
}
accessToken, refreshToken, csrfToken, err := s.generateTokens(claims.UserID)
accessToken, refreshToken, csrfToken, err := s.generateTokens(claims.Subject)
if err != nil {
log.Errorf("failed to generate tokens for user %s: %v", claims.UserID, err)
log.Errorf("failed to generate tokens for user %s: %v", claims.Subject, err)
return auth.RefreshTokens500Response{}, nil
}

4
modules/backend/middlewares/access.go
View file

@ -70,7 +70,7 @@ func JWTAuthMiddleware(secret string) gin.HandlerFunc {
return
}
if claims.UserID == "" {
if claims.Subject == "" {
abortWithJSON(c, http.StatusUnauthorized, "user_id claim missing or invalid")
return
}
@ -80,7 +80,7 @@ func JWTAuthMiddleware(secret string) gin.HandlerFunc {
}
// 5. Сохраняем в контексте
c.Set("user_id", claims.UserID)
c.Set("user_id", claims.Subject)
// 6. Для oapi-codegen — кладём gin.Context в request context
GinContextToContext(c)