-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
151 lines (123 loc) · 4 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package main
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"os"
"video-share/routes"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
// "github.com/codegangsta/negroni"
jwtmiddleware "github.com/auth0/go-jwt-middleware"
"github.com/form3tech-oss/jwt-go"
// "github.com/gorilla/mux"
)
type Response struct {
Message string `json:"message"`
}
type Jwks struct {
Keys []JSONWebKeys `json:"keys"`
}
type JSONWebKeys struct {
Kty string `json:"kty"`
Kid string `json:"kid"`
Use string `json:"use"`
N string `json:"n"`
E string `json:"e"`
X5c []string `json:"x5c"`
}
var jwtMiddleware = jwtmiddleware.New(jwtmiddleware.Options{
ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
// Verify 'aud' claim
aud := "https://videoshare/api"
checkAud := token.Claims.(jwt.MapClaims).VerifyAudience(aud, false)
if !checkAud {
return token, errors.New("Invalid audience.")
}
// Verify 'iss' claim
iss := os.Getenv("AUTH0_DOMAIN")
checkIss := token.Claims.(jwt.MapClaims).VerifyIssuer(iss, false)
if !checkIss {
return token, errors.New("Invalid issuer.")
}
cert, err := getPemCert(token)
if err != nil {
panic(err.Error())
}
result, _ := jwt.ParseRSAPublicKeyFromPEM([]byte(cert))
return result, nil
},
SigningMethod: jwt.SigningMethodRS256,
})
func checkJWT() gin.HandlerFunc {
return func(c *gin.Context) {
jwtMid := *jwtMiddleware
if err := jwtMid.CheckJWT(c.Writer, c.Request); err != nil {
fmt.Println("ERROR: ", err)
c.AbortWithStatus(401)
}
}
}
func main() {
port := os.Getenv("PORT")
router := gin.New()
router.Use(gin.Logger())
config := cors.DefaultConfig()
config.AllowHeaders = []string{"X-Auth-Token", "content-type", "authorization", "Access-Control-Allow-Origin"}
config.ExposeHeaders = []string{"Content-Length"}
config.AllowOrigins = []string{"*"}
router.Use(cors.New(config))
router.LoadHTMLGlob("index.html")
router.GET("/", func(c *gin.Context) {
c.HTML(http.StatusOK, "index.html", nil)
})
//admin endpoints. not available to the web app
// adminGroup := router.Group("/")
// adminGroup.Use(routes.JWTAuthMiddleware()) //using simple api key since these will only be available on localhost
// adminGroup.GET("/users", routes.GetUsers)
// adminGroup.DELETE("/users/delete", routes.DeleteAllUsers)
// adminGroup.GET("/media/buckets", routes.ListBuckets)
// adminGroup.GET("/media/bucket-contents", routes.ListBucketContents)
// adminGroup.GET("/media/empty-bucket", routes.EmptyBucket)
// adminGroup.GET("media/all", routes.GetAllMedia)
// adminGroup.DELETE("/media/delete-all", routes.DeleteAllMedia)
//user endpoints which will be available to the web app
userGroup := router.Group("/")
userGroup.Use(checkJWT())
userGroup.GET("/user/:id", routes.GetUser)
userGroup.GET("media/single/:id", routes.GetSingleMedia)
userGroup.GET("/media/get-presigned-url/:location", routes.GetPreSignedUrl)
userGroup.POST("/user/add", routes.AddUser)
userGroup.POST("media/list", routes.GetListOfMedia) //using post since we are sending data through body
userGroup.POST("/media/add", routes.AddMedia)
userGroup.POST("/media/post-media", routes.UploadMedia)
userGroup.DELETE("/user/delete/:id", routes.DeleteUser)
userGroup.PUT("/media/change-accessor/:id", routes.ChangeAccessor)
userGroup.DELETE("media/delete/:id", routes.DeleteSingleMedia)
router.Run(":" + port)
}
func getPemCert(token *jwt.Token) (string, error) {
cert := ""
resp, err := http.Get(os.Getenv("AUTH0_DOMAIN") + ".well-known/jwks.json")
if err != nil {
return cert, err
}
defer resp.Body.Close()
var jwks = Jwks{}
err = json.NewDecoder(resp.Body).Decode(&jwks)
if err != nil {
return cert, err
}
for k, _ := range jwks.Keys {
if token.Header["kid"] == jwks.Keys[k].Kid {
cert = "-----BEGIN CERTIFICATE-----\n" + jwks.Keys[k].X5c[0] + "\n-----END CERTIFICATE-----"
}
}
if cert == "" {
fmt.Println("Unable to find appropriate key")
err := errors.New("Unable to find appropriate key.")
return cert, err
}
return cert, nil
}