tweaks to jwt to be consistent.

2022-12-03 17:15:19 -08:00 · 2022-12-03 17:15:19 -08:00 · 1a18319c8c
parent 0d57a75890
commit 1a18319c8c
4 changed files with 17 additions and 6 deletions
--- a/backend/pkg/auth/jwt_utils.go
+++ b/backend/pkg/auth/jwt_utils.go
@ -2,17 +2,18 @@ package auth

 import (
 	"errors"
+	"fmt"
 	"github.com/fastenhealth/fastenhealth-onprem/backend/pkg/models"
 	"github.com/golang-jwt/jwt/v4"
 	"log"
 	"time"
 )

+// JwtGenerateFastenTokenFromUser Note: these functions are duplicated, in Fasten Cloud
+//Any changes here must be replicated in that repo
 func JwtGenerateFastenTokenFromUser(user models.User, issuerSigningKey string) (string, error) {
 	log.Printf("ISSUER KEY: " + issuerSigningKey)
 	userClaims := UserRegisteredClaims{
-		FullName: user.FullName,
-		UserId:   user.ID.String(),
 		RegisteredClaims: jwt.RegisteredClaims{
 			// In JWT, the expiry time is expressed as unix milliseconds
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
@ -20,6 +21,11 @@ func JwtGenerateFastenTokenFromUser(user models.User, issuerSigningKey string) (
 			Issuer:    "docker-fastenhealth",
 			Subject:   user.Username,
 		},
+		UserMetadata: UserMetadata{
+			FullName: user.FullName,
+			Picture:  "",
+			Email:    user.ID.String(),
+		},
 	}

 	//FASTEN_JWT_ISSUER_KEY
@ -39,7 +45,7 @@ func JwtValidateFastenToken(encryptionKey string, signedToken string) (*UserRegi
 		&UserRegisteredClaims{},
 		func(token *jwt.Token) (interface{}, error) {
 			if jwt.SigningMethodHS256 != token.Method {
-				return nil, errors.New("Invalid signing algorithm")
+				return nil, fmt.Errorf("invalid signing algorithm: %s", token.Method)
 			}
 			return []byte(encryptionKey), nil
 		},
--- a/backend/pkg/auth/user_metadata.go
+++ b/backend/pkg/auth/user_metadata.go
@ -0,0 +1,7 @@
+package auth
+
+type UserMetadata struct {
+	FullName string `json:"full_name"`
+	Picture  string `json:"picture"`
+	Email    string `json:"email"`
+}
--- a/backend/pkg/auth/user_registered_claims.go
+++ b/backend/pkg/auth/user_registered_claims.go
@ -3,7 +3,6 @@ package auth
 import "github.com/golang-jwt/jwt/v4"

 type UserRegisteredClaims struct {
-	FullName string `json:"full_name"`
-	UserId   string `json:"user_id"`
+	UserMetadata
 	jwt.RegisteredClaims
 }
--- a/backend/pkg/web/middleware/require_auth.go
+++ b/backend/pkg/web/middleware/require_auth.go
@ -40,7 +40,6 @@ func RequireAuth() gin.HandlerFunc {
 		//todo, is this shared between all sessions??
 		c.Set("AUTH_TOKEN", tokenString)
 		c.Set("AUTH_USERNAME", claim.Subject)
-		c.Set("AUTH_USERID", claim.UserId)

 		c.Next()
 	}