add: generic JWT token extraction
refactor: change project and POMs' names accordingly
This commit was merged in pull request #1.
This commit is contained in:
@@ -132,33 +132,4 @@
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<finalName>BackLib</finalName>
|
||||
<plugins>
|
||||
<!-- Maven Shade Plugin -->
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-shade-plugin</artifactId>
|
||||
<version>3.5.3</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>shade</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<createDependencyReducedPom>false</createDependencyReducedPom>
|
||||
<transformers>
|
||||
<transformer
|
||||
implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
|
||||
<mainClass>net.miarma.backlib.MainVerticle</mainClass>
|
||||
</transformer>
|
||||
</transformers>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
|
||||
@@ -19,9 +19,9 @@ public abstract class AbstractAuthGuard<U, R extends Enum<R> & IUserRole> {
|
||||
|
||||
protected abstract R parseRole(String roleStr);
|
||||
protected abstract void getUserEntity(int userId, RoutingContext ctx, Consumer<U> callback);
|
||||
protected abstract boolean hasPermission(U user, R role);
|
||||
protected abstract boolean hasPermission(U user, R role, R... allowedRoles);
|
||||
|
||||
public Handler<RoutingContext> check(R... allowedRoles) {
|
||||
public Handler<RoutingContext> check(R... allowedRoles) {
|
||||
return ctx -> {
|
||||
String token = extractToken(ctx);
|
||||
if (token == null || !JWTManager.getInstance().isValid(token)) {
|
||||
@@ -30,18 +30,6 @@ public abstract class AbstractAuthGuard<U, R extends Enum<R> & IUserRole> {
|
||||
}
|
||||
|
||||
int userId = JWTManager.getInstance().extractUserId(token);
|
||||
String roleStr = JWTManager.getInstance().extractRole(token);
|
||||
|
||||
R role;
|
||||
try {
|
||||
role = parseRole(roleStr);
|
||||
} catch (Exception e) {
|
||||
JsonUtil.sendJson(ctx, ApiStatus.UNAUTHORIZED, "Invalid role");
|
||||
return;
|
||||
}
|
||||
|
||||
ctx.put("userId", userId);
|
||||
ctx.put("role", role);
|
||||
|
||||
getUserEntity(userId, ctx, entity -> {
|
||||
if (entity == null) {
|
||||
@@ -49,7 +37,9 @@ public abstract class AbstractAuthGuard<U, R extends Enum<R> & IUserRole> {
|
||||
return;
|
||||
}
|
||||
|
||||
if (allowedRoles.length == 0 || isRoleAllowed(role, allowedRoles)) {
|
||||
R userRole = extractRoleFromEntity(entity);
|
||||
|
||||
if (allowedRoles.length == 0 || hasPermission(entity, userRole, allowedRoles)) {
|
||||
ctx.put("userEntity", entity);
|
||||
ctx.next();
|
||||
} else {
|
||||
@@ -58,12 +48,13 @@ public abstract class AbstractAuthGuard<U, R extends Enum<R> & IUserRole> {
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
private boolean isRoleAllowed(R role, R... allowedRoles) {
|
||||
for (R allowed : allowedRoles) {
|
||||
if (role == allowed) return true;
|
||||
|
||||
protected R extractRoleFromEntity(U user) {
|
||||
try {
|
||||
return (R) user.getClass().getMethod("getRole").invoke(user);
|
||||
} catch (Exception e) {
|
||||
return null;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private String extractToken(RoutingContext ctx) {
|
||||
|
||||
@@ -1,14 +1,15 @@
|
||||
package net.miarma.api.backlib.security;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
import com.auth0.jwt.JWT;
|
||||
import com.auth0.jwt.algorithms.Algorithm;
|
||||
import com.auth0.jwt.interfaces.DecodedJWT;
|
||||
import com.auth0.jwt.interfaces.JWTVerifier;
|
||||
|
||||
import net.miarma.api.backlib.ConfigManager;
|
||||
import net.miarma.api.backlib.Constants;
|
||||
import net.miarma.api.backlib.Constants.CoreUserRole;
|
||||
|
||||
import java.util.Date;
|
||||
import net.miarma.api.backlib.interfaces.IUserRole;
|
||||
|
||||
/**
|
||||
* Clase de gestión de JSON Web Tokens (JWT).
|
||||
@@ -49,7 +50,7 @@ public class JWTManager {
|
||||
* @param keepLoggedIn Indica si el token debe tener una duración prolongada.
|
||||
* @return El token JWT generado.
|
||||
*/
|
||||
public String generateToken(String user_name, Integer user_id, CoreUserRole role, boolean keepLoggedIn) {
|
||||
public String generateToken(String user_name, Integer user_id, IUserRole role, boolean keepLoggedIn) {
|
||||
final long EXPIRATION_TIME_MS = 1000L * (keepLoggedIn ? config.getIntProperty("jwt.expiration") : config.getIntProperty("jwt.expiration.short"));
|
||||
return JWT.create()
|
||||
.withSubject(user_name)
|
||||
|
||||
Reference in New Issue
Block a user