dahernan/auth.go

## auth.go
// example for Minimal Auth
// it does not compile is just as a guide for rolling your own

// some code for login by http post
func (a *AuthRoute) Login(w http.ResponseWriter, req *http.Request) {

	var authForm map[string]string
	err := RequestToJsonObject(req, &authForm)
	if err != nil {
		Render().JSON(w, http.StatusUnauthorized, nil)
		return
	}

	email := authForm["email"]
	pass := authForm["password"]

	userId, err := a.userStore.Login(email, pass)
	if err != nil {
		Render().JSON(w, http.StatusUnauthorized, "Username or Password Invalid")
		log.Printf("INFO: Failed attempt to login '%s' with error '%v'\n", email, err)
		return
	}
	log.Println("INFO: user login", email, userId)

	token, err := jwt.GenerateJWTToken(userId)
	if err != nil {
		Render().JSON(w, http.StatusInternalServerError, "Error while Signing Token :S")
		log.Printf("ERROR: Token Signing error: %v\n", err)
		return
	}

	authredis.SetSessionToken(token, userId)

	Render().JSON(w, http.StatusOK, map[string]string{"token": token})
}

// some code to validate the login in Redis
func (r *RedisRepository) Login(email, pass string) (string, error) {
	id, err := r.UserByEmail(email)
	if err != nil {
		return "", err
	}
	userId := string(id)
	if userId == "" {
		return "", ErrUserNotFound
	}

	data, err := r.client.HMGet(userKey+userId, "Password", "Salt")
	if err != nil {
		return "", err
	}
	if string(data[0]) == "" {
		return "", ErrUserNotFound
	}
	passStored := data[0]
	salt := data[1]

	hpass, err := HashPassword(pass, salt)
	if err != nil {
		return "", err
	}
	passOk := SecureCompare(hpass, passStored)
	if !passOk {
		return "", ErrWrongPassword
	}

	r.client.HSet(userKey+userId, "Lastlogin", strconv.FormatInt(time.Now().Unix(), 10))
	log.Println("INFO: User Login", userId, email)

	return userId, nil
}
// "golang.org/x/crypto/scrypt"
func HashPassword(pass string, salt []byte) ([]byte, error) {
	return scrypt.Key([]byte(pass), salt, 16384, 8, 1, 32)
}
//"crypto/subtle"
func SecureCompare(given, actual []byte) bool {
	return subtle.ConstantTimeCompare(given, actual) == 1
}

// auth middleware for negroni
func AuthMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	var userId, token string
	var err error

	auth := r.Header.Get("Authorization")
	if auth == "" {
		w.WriteHeader(http.StatusUnauthorized)
		fmt.Fprintln(w, "Error while Validation Token!")
		return
	}

	// API Auth "Basic "

	if strings.HasPrefix(auth, "Basic ") {
		userId, token, err = validateAPIToken(auth)
	} else {
		// Web Auth with JWT "Bearer "
		userId, token, err = jwt.ValidateToken(r)
	}

	if err != nil {
		w.WriteHeader(http.StatusUnauthorized)
		fmt.Fprintln(w, err.Error())
		log.Printf("ERROR: Token Validation Error: %+v\n", err.Error())
		return
	}

	context.Set(r, TokenKey, token)
	context.Set(r, UserKey, userId)
	// gorilla context Clear
	defer context.Clear(r)

	next(w, r)

}


// Generate and Validate JWT with
// jwt "github.com/dgrijalva/jwt-go"
func GenerateJWTToken(userId string) (string, error) {
	// create a signer for rsa 256
	t := jwt.New(jwt.GetSigningMethod("RS256"))

	// set claims
	t.Claims["exp"] = time.Now().Add(time.Minute * 60).Unix()
	t.Claims["iat"] = time.Now().Unix()
	t.Claims["sub"] = userId

	tokenString, err := t.SignedString([]byte(keys.Private))
	return tokenString, err

}

func ValidateToken(r *http.Request) (string, string, error) {
	token, err := jwt.ParseFromRequest(r, func(token *jwt.Token) (interface{}, error) {
		return []byte(keys.Public), nil
	})

	if err != nil {
		switch err.(type) {
		case *jwt.ValidationError:
			vErr := err.(*jwt.ValidationError)

			switch vErr.Errors {
			case jwt.ValidationErrorExpired:
				log.Printf("ERROR: JWT Token Expired: %+v\n", vErr.Errors)
				return "", "", ErrTokenExpired
			default:
				log.Printf("ERROR: JWT Token ValidationError: %+v\n", vErr.Errors)
				return "", "", ErrTokenValidation
			}
		}
		log.Printf("ERROR: Token parse error: %v\n", err)
		return "", "", ErrTokenParse
	}

	if !token.Valid {
		log.Printf("ERROR: Token Invalid trying to access: %v\n", err)
		return "", "", ErrTokenInvalid
	}

	// otherwise is a valid token
	userId := token.Claims["sub"].(string)

	//log.Printf("INFO: user '%s' accesed with a Valid token", userId)

	return userId, token.Raw, nil

}
	// example for Minimal Auth
	// it does not compile is just as a guide for rolling your own

	// some code for login by http post
	func (a AuthRoute) Login(w http.ResponseWriter, req http.Request) {

	var authForm map[string]string
	err := RequestToJsonObject(req, &authForm)
	if err != nil {
	Render().JSON(w, http.StatusUnauthorized, nil)
	return
	}

	email := authForm["email"]
	pass := authForm["password"]

	userId, err := a.userStore.Login(email, pass)
	if err != nil {
	Render().JSON(w, http.StatusUnauthorized, "Username or Password Invalid")
	log.Printf("INFO: Failed attempt to login '%s' with error '%v'\n", email, err)
	return
	}
	log.Println("INFO: user login", email, userId)

	token, err := jwt.GenerateJWTToken(userId)
	if err != nil {
	Render().JSON(w, http.StatusInternalServerError, "Error while Signing Token :S")
	log.Printf("ERROR: Token Signing error: %v\n", err)
	return
	}

	authredis.SetSessionToken(token, userId)

	Render().JSON(w, http.StatusOK, map[string]string{"token": token})
	}

	// some code to validate the login in Redis
	func (r *RedisRepository) Login(email, pass string) (string, error) {
	id, err := r.UserByEmail(email)
	if err != nil {
	return "", err
	}
	userId := string(id)
	if userId == "" {
	return "", ErrUserNotFound
	}

	data, err := r.client.HMGet(userKey+userId, "Password", "Salt")
	if err != nil {
	return "", err
	}
	if string(data[0]) == "" {
	return "", ErrUserNotFound
	}
	passStored := data[0]
	salt := data[1]

	hpass, err := HashPassword(pass, salt)
	if err != nil {
	return "", err
	}
	passOk := SecureCompare(hpass, passStored)
	if !passOk {
	return "", ErrWrongPassword
	}

	r.client.HSet(userKey+userId, "Lastlogin", strconv.FormatInt(time.Now().Unix(), 10))
	log.Println("INFO: User Login", userId, email)

	return userId, nil
	}
	// "golang.org/x/crypto/scrypt"
	func HashPassword(pass string, salt []byte) ([]byte, error) {
	return scrypt.Key([]byte(pass), salt, 16384, 8, 1, 32)
	}
	//"crypto/subtle"
	func SecureCompare(given, actual []byte) bool {
	return subtle.ConstantTimeCompare(given, actual) == 1
	}

	// auth middleware for negroni
	func AuthMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	var userId, token string
	var err error

	auth := r.Header.Get("Authorization")
	if auth == "" {
	w.WriteHeader(http.StatusUnauthorized)
	fmt.Fprintln(w, "Error while Validation Token!")
	return
	}

	// API Auth "Basic "

	if strings.HasPrefix(auth, "Basic ") {
	userId, token, err = validateAPIToken(auth)
	} else {
	// Web Auth with JWT "Bearer "
	userId, token, err = jwt.ValidateToken(r)
	}

	if err != nil {
	w.WriteHeader(http.StatusUnauthorized)
	fmt.Fprintln(w, err.Error())
	log.Printf("ERROR: Token Validation Error: %+v\n", err.Error())
	return
	}

	context.Set(r, TokenKey, token)
	context.Set(r, UserKey, userId)
	// gorilla context Clear
	defer context.Clear(r)

	next(w, r)

	}


	// Generate and Validate JWT with
	// jwt "github.com/dgrijalva/jwt-go"
	func GenerateJWTToken(userId string) (string, error) {
	// create a signer for rsa 256
	t := jwt.New(jwt.GetSigningMethod("RS256"))

	// set claims
	t.Claims["exp"] = time.Now().Add(time.Minute * 60).Unix()
	t.Claims["iat"] = time.Now().Unix()
	t.Claims["sub"] = userId

	tokenString, err := t.SignedString([]byte(keys.Private))
	return tokenString, err

	}

	func ValidateToken(r *http.Request) (string, string, error) {
	token, err := jwt.ParseFromRequest(r, func(token *jwt.Token) (interface{}, error) {
	return []byte(keys.Public), nil
	})

	if err != nil {
	switch err.(type) {
	case *jwt.ValidationError:
	vErr := err.(*jwt.ValidationError)

	switch vErr.Errors {
	case jwt.ValidationErrorExpired:
	log.Printf("ERROR: JWT Token Expired: %+v\n", vErr.Errors)
	return "", "", ErrTokenExpired
	default:
	log.Printf("ERROR: JWT Token ValidationError: %+v\n", vErr.Errors)
	return "", "", ErrTokenValidation
	}
	}
	log.Printf("ERROR: Token parse error: %v\n", err)
	return "", "", ErrTokenParse
	}

	if !token.Valid {
	log.Printf("ERROR: Token Invalid trying to access: %v\n", err)
	return "", "", ErrTokenInvalid
	}

	// otherwise is a valid token
	userId := token.Claims["sub"].(string)

	//log.Printf("INFO: user '%s' accesed with a Valid token", userId)

	return userId, token.Raw, nil

	}