Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Url whitelist without token check #253

Open
hahait opened this issue Jul 27, 2020 · 1 comment
Open

Url whitelist without token check #253

hahait opened this issue Jul 27, 2020 · 1 comment
Assignees
@appleboy
Labels
feature

Comments

@hahait
Copy link

hahait commented Jul 27, 2020

// On the premise of registering MW.MiddlewareFunc() as global middleware, partial url token - free authentication is implemented

type GinJWTMiddleware struct {
    ……
    // Add the following property to the structure to define the URL whitelist
    // example:  WhiteUrlList []string{"/login", "/dashboard/overview", "/user/info?id=8"}
    WhiteUrlList []string
}

// Add the following method to verify that the url currently requested is in the URL whitelist

func (mw *GinJWTMiddleware) checkWhiteUrlList(c_url string) bool {
        for _, wul := range mw.WhiteUrlList {
                if c_url == wul {
                        return true
                }
        }
        return false
}


func (mw *GinJWTMiddleware) middlewareImpl(c *gin.Context) {
    // Pass the url of the current request to checkWhiteUrlList() to determine whether it is in the whitelist;If it is, the request is passed on to other handlers for processing
    if mw.checkWhiteUrlList(c.Request.URL.RequestURI()) {
        c.Next()
    } else {
        claims, err := mw.GetClaimsFromJWT(c)
        if err != nil {
            mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(err, c))
            return
        }

        if claims["exp"] == nil {
            mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrMissingExpField, c))
            return
        }

        if _, ok := claims["exp"].(float64); !ok {
            mw.unauthorized(c, http.StatusBadRequest, mw.HTTPStatusMessageFunc(ErrWrongFormatOfExp, c))
            return
        }

        if int64(claims["exp"].(float64)) < mw.TimeFunc().Unix() {
            mw.unauthorized(c, http.StatusUnauthorized, mw.HTTPStatusMessageFunc(ErrExpiredToken, c))
            return
        }

        c.Set("JWT_PAYLOAD", claims)
        identity := mw.IdentityHandler(c)

        if identity != nil {
            c.Set(mw.IdentityKey, identity)
        }

        if !mw.Authorizator(identity, c) {
            mw.unauthorized(c, http.StatusForbidden, mw.HTTPStatusMessageFunc(ErrForbidden, c))
            return
        }

        c.Next()
    }
}
@appleboy
Copy link
Owner

I will take it.

@appleboy appleboy self-assigned this Oct 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@appleboy appleboy

Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@appleboy @hahait