sovonegr/neomovies-api
1
0
Fork 0
mirror of https://gitlab.com/foxixus/neomovies-api.git synced 2025-10-27 17:38:51 +05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea3159fb8ef6586d2f8844658c992c1df0f4689a
neomovies-api/pkg/middleware/auth.go
factory-droid[bot] ea3159fb8e feat: implement JWT refresh token mechanism and improve auth 
- Add refresh token support with 30-day expiry
- Implement automatic token rotation on refresh
- Add new endpoints: /auth/refresh, /auth/revoke-token, /auth/revoke-all-tokens
- Reduce access token lifetime to 1 hour for better security
- Store refresh tokens in user document with metadata
- Add support for token cleanup and management
- Update login flow to return both access and refresh tokens
- Maintain backward compatibility with existing auth methods
2025-09-28 11:37:56 +00:00

64 lines
1.5 KiB
Go
Raw Blame History

package middleware
import (
"context"
"net/http"
"strings"
"github.com/golang-jwt/jwt/v5"
)
type contextKey string
const UserIDKey contextKey = "userID"
func JWTAuth(secret string) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
http.Error(w, "Authorization header required", http.StatusUnauthorized)
return
}
tokenString := strings.TrimPrefix(authHeader, "Bearer ")
if tokenString == authHeader {
http.Error(w, "Bearer token required", http.StatusUnauthorized)
return
}
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, jwt.ErrSignatureInvalid
}
return []byte(secret), nil
})
if err != nil || !token.Valid {
http.Error(w, "Invalid token", http.StatusUnauthorized)
return
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok {
http.Error(w, "Invalid token claims", http.StatusUnauthorized)
return
}
userID, ok := claims["user_id"].(string)
if !ok {
http.Error(w, "Invalid user ID in token", http.StatusUnauthorized)
return
}
ctx := context.WithValue(r.Context(), UserIDKey, userID)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
}
func GetUserIDFromContext(ctx context.Context) (string, bool) {
userID, ok := ctx.Value(UserIDKey).(string)
return userID, ok
}
Reference in New Issue View Git Blame Copy Permalink