Golang authorization middleware for JWT tokens. JWT tools (auth0 or other)
There are two important features on this package:
authorization.go
contains a middleware that processes a token and checks its validity (authorizes).permissions.go
handles the "PermissionsTable" struct which contains the information of the JWT token conveniently adapted, and a set of functions to use it.
We just need to add a call to the function Authorize
on all the calls that must be authorized (in this case, we use a Route
struct that contains the HandlerFunc
and a bool
indicating if that Route
must be authorized). Authorize
expects the handler function to wrap and a configuration object of type Config
(defined on authorization.go
file).
IMPORTANT: The middleware stores the PermissionTable
item on the context, under the key defined on the ContextKey
constant.
func NewRouter() *mux.Router {
router := mux.NewRouter().StrictSlash(true)
// Prepare Authorization configuration
c := authorization.Config{
PublicKeyStr: "myKey",
AdminGroup: "admin",
IgnoreExpiration: false,
TokenDummy: "TokenDummy",
}
for _, route := range routes {
var handler http.Handler
// Add Authorization or not
if route.Authorization {
handler = authorization.Authorize(route.HandlerFunc(), c)
} else {
handler = route.HandlerFunc()
}
handler = handlers.CompressHandler(util.CompressGzip(handler, route.GzipMandatory))
router.
Methods(route.Method).
Path(route.Pattern).
Name(route.Name).
Handler(handler)
}
return router
}
After this, out PermissionTable
will be stored on the ContextKey
key of the context:
permissions := ctx.Value(authorization.ContextKey).(*authorization.PermissionTable)
-
BuildPermissions(jwt interface{})
: Builds the PermissionTable object by traversing the given jwt token. It's not necessary to call this function as long as you have the authorization middleware set. -
(t *PermissionTable) CheckPermission(product string, object string, per string, specials ...string) ([]string, bool)
: Checks the given permissions for a given product and object. Returns the special permissions applied on that object if any, and a boolean indicating if the user has the requested permission. NOTE: Special permissions returned can be filtered by thespecials
argument). -
(t *PermissionTable) ValidGroups(product string, object string, per string) (map[string]bool)
: Returns all the groups and its permissions that have any permission for the given product and object. -
(t *PermissionTable) GetAllGroups() (map[string]struct{})
: Returns the group hierarchy found in the token. -
(t *PermissionTable) GetParents(group string) (map[string]interface{})
: Returns all the parent groups of a given group. -
(t *PermissionTable) IsAdminFrom(group string) (bool)
: Returnstrue
if the user has Admin permissions for the given group. -
(t *PermissionTable) CheckGroupPermissions(group string, per string, args ...string) ([]string, bool)
: Same functionality asCheckPermission
but for additional permissions only.