Last active
January 25, 2019 13:59
-
-
Save birowo/53a5403779e5d3a16fa060c5711d3ba2 to your computer and use it in GitHub Desktop.
golang: latihan json-web-token(JWT) dengan pakai library: https://github.com/dgrijalva/jwt-go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "errors" | |
| "fmt" | |
| "time" | |
| jwt "github.com/dgrijalva/jwt-go" | |
| ) | |
| func newToken(signingKey []byte, claims map[string]interface{}) (string, error) { | |
| token := jwt.New(jwt.SigningMethodHS256) | |
| tokenClaims := token.Claims.(jwt.MapClaims) | |
| for key, val := range claims { | |
| tokenClaims[key] = val | |
| } | |
| return token.SignedString(signingKey) | |
| } | |
| func parseToken(signingKey []byte, tokenString string) (jwt.MapClaims, error) { | |
| token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { | |
| return signingKey, nil | |
| }) | |
| if token.Valid { | |
| return token.Claims.(jwt.MapClaims), nil | |
| } | |
| return nil, errors.New("invalid token") | |
| } | |
| func main() { | |
| signingKey := []byte("captainjacksparrowsayshi") | |
| now := time.Now() //simpan waktu saat aplikasi mulai dijalankan | |
| nowAddOneSec := now.Add(time.Second * 1) | |
| nowAddThreeSec := nowAddOneSec.Add(time.Second * 2) | |
| setClaims := map[string]interface{}{ | |
| "key1": "val1", | |
| "nbf": nowAddOneSec.Unix(), //token tidak valid sebelum waktu 1 menit dari sekarang | |
| "exp": nowAddThreeSec.Unix(), //token tidak valid setelah waktu 3 menit dari sekarang | |
| //jadi token akan valid jika berada dalam rentang waktu | |
| //antara nbf(not before) & exp(expire) secara inklusif | |
| //umumnya yang dipakai hanya exp tanpa nbf , jadi token akan valid mulai dari | |
| //ketika token dibuat sampai exp | |
| } | |
| tokenString, _ := newToken(signingKey, setClaims) | |
| //jika dipakai untuk REST API maka tokenString taruh di http header: | |
| //authorization: bearer <ACCESS TOKEN HERE> | |
| getClaims, err := parseToken(signingKey, tokenString) //cek sesaat setelah aplikasi dijalankan | |
| if err != nil { | |
| //eksekusi sampai ke sini karena pengecekan dilakukan sebelum waktu nbf | |
| fmt.Println(err) //invalid token | |
| } else { | |
| //eksekusi tidak sampai ke sini | |
| fmt.Printf("%v //valid token\n", getClaims) | |
| } | |
| time.Sleep(time.Second * 2) | |
| getClaims, err = parseToken(signingKey, tokenString) //pengecekan setelah 2 detik | |
| if err != nil { | |
| //eksekusi tidak sampai ke sini | |
| fmt.Println(err) | |
| } else { | |
| //eksekusi sampai ke sini karena pengecekan dilakukan dalam rentang waktu | |
| //antara nbf & exp | |
| fmt.Printf("%v //valid token\n", getClaims) | |
| } | |
| time.Sleep(time.Second * 2) | |
| getClaims, err = parseToken(signingKey, tokenString) //pengecekan setelah 4 detik | |
| if err != nil { | |
| //eksekusi sampai ke sini karena pengecekan dilakukan setelah waktu exp | |
| fmt.Println(err) //invalid token | |
| } else { | |
| //eksekusi tidak sampai ke sini | |
| fmt.Printf("%v //valid token\n", getClaims) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment