README
¶
PASETO (Platform-Agnostic SEcurity TOkens)
PASETO returns a Web Token (PASETO) auth middleware.
- For valid token, it sets the payload data in Ctx.Locals and calls next handler.
- For invalid token, it returns "401 - Unauthorized" error.
- For missing token, it returns "400 - BadRequest" error.
Install
This middleware supports Fiber v2.
go get -u github.com/gofiber/fiber/v2
go get -u github.com/gofiber/contrib/paseto
go get -u github.com/o1egl/paseto
Signature
pasetoware.New(config ...pasetoware.Config) func(*fiber.Ctx) error
Config
| Property | Type | Description | Default |
|---|---|---|---|
| Next | func(*Ctx) bool |
Defines a function to skip middleware | nil |
| SuccessHandler | func(*fiber.Ctx) error |
SuccessHandler defines a function which is executed for a valid token. | c.Next() |
| ErrorHandler | func(*fiber.Ctx, error) error |
ErrorHandler defines a function which is executed for an invalid token. | 401 Invalid or expired PASETO |
| Validate | PayloadValidator |
Defines a function to validate if payload is valid. Optional. In case payload used is created using CreateToken function. If token is created using another function, this function must be provided. |
nil |
| SymmetricKey | []byte |
Secret key to encrypt token. If present the middleware will generate local tokens. | nil |
| PrivateKey | ed25519.PrivateKey |
Secret key to sign the tokens. If present (along with its PublicKey) the middleware will generate public tokens. |
nil |
| PublicKey | crypto.PublicKey |
Public key to verify the tokens. If present (along with PrivateKey) the middleware will generate public tokens. |
nil |
| ContextKey | string |
Context key to store user information from the token into context. | "auth-token" |
| TokenLookup | [2]string |
TokenLookup is a string slice with size 2, that is used to extract token from the request | ["header","Authorization"] |
Instructions
When using this middleware, and creating a token for authentication, you can use the function pasetoware.CreateToken, that will create a token, encrypt or sign it and returns the PASETO token.
Passing a SymmetricKey in the Config results in a local (encrypted) token, while passing a PublicKey and PrivateKey results in a public (signed) token.
In case you want to use your own data structure, is needed to provide the Validate function in paseware.Config, that will return the data stored in the token, and a error.
Documentation
¶
Index ¶
- Constants
- Variables
- func CreateToken(key []byte, dataInfo string, duration time.Duration, purpose TokenPurpose) (string, error)
- func New(authConfigs ...Config) fiber.Handler
- func NewPayload(userToken string, duration time.Duration) (*paseto.JSONToken, error)
- type Config
- type PayloadCreator
- type PayloadValidator
- type TokenPurpose
Constants ¶
View Source
const ( LookupHeader = "header" LookupCookie = "cookie" LookupQuery = "query" LookupParam = "param" // DefaultContextKey is the Default key used by this middleware to store decrypted token DefaultContextKey = "auth-token" )
Variables ¶
View Source
var ( ErrExpiredToken = errors.New("token has expired") ErrMissingToken = errors.New("missing PASETO token") ErrIncorrectTokenPrefix = errors.New("missing prefix for PASETO token") ErrDataUnmarshal = errors.New("can't unmarshal token data to Payload type") )
View Source
var ConfigDefault = Config{ Next: nil, SuccessHandler: nil, ErrorHandler: nil, Validate: nil, SymmetricKey: nil, ContextKey: DefaultContextKey, TokenLookup: [2]string{LookupHeader, fiber.HeaderAuthorization}, }
ConfigDefault is the default config
Functions ¶
func CreateToken ¶
func CreateToken(key []byte, dataInfo string, duration time.Duration, purpose TokenPurpose) (string, error)
CreateToken Create a new Token Payload that will be stored in PASETO
Types ¶
type Config ¶
type Config struct {
// Filter defines a function to skip middleware.
// Optional. Default: nil
Next func(*fiber.Ctx) bool
// SuccessHandler defines a function which is executed for a valid token.
// Optional. Default: c.Next()
SuccessHandler fiber.Handler
// ErrorHandler defines a function which is executed for an invalid token.
// It may be used to define a custom PASETO error.
// Optional. Default: 401 Invalid or expired PASETO
ErrorHandler fiber.ErrorHandler
// Validate defines a function to validate if payload is valid
// Optional. In case payload used is created using CreateToken function
// If token is created using another function, this function must be provided
Validate PayloadValidator
// SymmetricKey to validate local tokens.
// If it's set the middleware will use local tokens
//
// Required if PrivateKey and PublicKey are not set
SymmetricKey []byte
// PrivateKey to sign public tokens
//
// If it's set the middleware will use public tokens
// Required if SymmetricKey is not set
PrivateKey ed25519.PrivateKey
// PrivateKey to verify public tokens
//
// If it's set the middleware will use public tokens
// Required if SymmetricKey is not set
PublicKey crypto.PublicKey
// ContextKey to store user information from the token into context.
// Optional. Default: DefaultContextKey.
ContextKey string
// TokenLookup is a string slice with size 2, that is used to extract token from the request.
// Optional. Default value ["header","Authorization"].
// Possible values:
// - ["header","<name>"]
// - ["query","<name>"]
// - ["param","<name>"]
// - ["cookie","<name>"]
TokenLookup [2]string
// TokenPrefix is a string that holds the prefix for the token lookup.
// Generally it'cs used the "Bearer" prefix.
//
// Optional. Default value ""
// Recommended value: "Bearer"
TokenPrefix string
}
Config defines the config for PASETO middleware
type PayloadCreator ¶
type PayloadCreator func(key []byte, dataInfo string, duration time.Duration, purpose TokenPurpose) (string, error)
PayloadCreator Signature of a function that generates a payload token
type PayloadValidator ¶
PayloadValidator Function that receives the decrypted payload and returns an interface and an error that's a result of validation logic
Source Files
Click to show internal directories.
Click to hide internal directories.