mirror
/
jwt
mirror of https://github.com/golang-jwt/jwt.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

added documentation

This commit is contained in:
Dave Grijalva 2016-06-06 16:55:41 -07:00
parent bb45bfcdec
commit de0a819d8d
4 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
request/doc.go Normal file
View File

@ -0,0 +1,7 @@
// Utility package for extracting JWT tokens from
// HTTP requests.
//
// The main function is ParseFromRequest and it's WithClaims variant.
// See examples for how to use the various Extractor implementations
// or roll your own.
package request

15
request/extractor.go
View File

@ -10,12 +10,15 @@ var (
ErrNoTokenInRequest = errors.New("no token present in request") ErrNoTokenInRequest = errors.New("no token present in request")
) )
// Interface for extracting a token from an HTTP request // Interface for extracting a token from an HTTP request.
// The ExtractToken method should return a token string or an error.
// If no token is present, you must return ErrNoTokenInRequest.
type Extractor interface { type Extractor interface {
ExtractToken(*http.Request) (string, error) ExtractToken(*http.Request) (string, error)
} }
// Extract token from headers // Extractor for finding a token in a header. Looks at each specified
// header in order until there's a match
type HeaderExtractor []string type HeaderExtractor []string
func (e HeaderExtractor) ExtractToken(req *http.Request) (string, error) { func (e HeaderExtractor) ExtractToken(req *http.Request) (string, error) {
@ -28,7 +31,8 @@ func (e HeaderExtractor) ExtractToken(req *http.Request) (string, error) {
return "", ErrNoTokenInRequest return "", ErrNoTokenInRequest
} }
// Extract token from request args // Extract token from request arguments. This includes a POSTed form or
// GET URL arguments. Argument names are tried in order until there's a match.
type ArgumentExtractor []string type ArgumentExtractor []string
func (e ArgumentExtractor) ExtractToken(req *http.Request) (string, error) { func (e ArgumentExtractor) ExtractToken(req *http.Request) (string, error) {
@ -45,7 +49,7 @@ func (e ArgumentExtractor) ExtractToken(req *http.Request) (string, error) {
return "", ErrNoTokenInRequest return "", ErrNoTokenInRequest
} }
// Tries extractors in order until one works or an error occurs // Tries Extractors in order until one returns a token string or an error occurs
type MultiExtractor []Extractor type MultiExtractor []Extractor
func (e MultiExtractor) ExtractToken(req *http.Request) (string, error) { func (e MultiExtractor) ExtractToken(req *http.Request) (string, error) {
@ -60,7 +64,8 @@ func (e MultiExtractor) ExtractToken(req *http.Request) (string, error) {
return "", ErrNoTokenInRequest return "", ErrNoTokenInRequest
} }
// Wrap an Extractor in this to post-process the value before it's handed off // Wrap an Extractor in this to post-process the value before it's handed off.
// See AuthorizationHeaderExtractor for an example
type PostExtractionFilter struct { type PostExtractionFilter struct {
Extractor Extractor
Filter func(string) (string, error) Filter func(string) (string, error)

6
request/oauth2.go
View File

@ -4,7 +4,8 @@ import (
"strings" "strings"
) )
// Extract Authorization header and strip 'Bearer ' from it // Extract bearer token from Authorization header
// Uses PostExtractionFilter to strip "Bearer " prefix from header
var AuthorizationHeaderExtractor = &PostExtractionFilter{ var AuthorizationHeaderExtractor = &PostExtractionFilter{
HeaderExtractor{"Authorization"}, HeaderExtractor{"Authorization"},
func(tok string) (string, error) { func(tok string) (string, error) {
@ -16,7 +17,8 @@ var AuthorizationHeaderExtractor = &PostExtractionFilter{
}, },
} }
// Extractor for OAuth2 access tokens // Extractor for OAuth2 access tokens. Looks in 'Authorization'
// header then 'access_token' argument for a token.
var OAuth2Extractor = &MultiExtractor{ var OAuth2Extractor = &MultiExtractor{
// Look for authorization token first // Look for authorization token first
AuthorizationHeaderExtractor, AuthorizationHeaderExtractor,

16
request/request.go
View File

@ -5,20 +5,20 @@ import (
"net/http" "net/http"
) )
// Try to find the token in an http.Request. // Extract and parse a JWT token from an HTTP request.
// This method will call ParseMultipartForm if there's no token in the header. // This behaves the same as Parse, but accepts a request and an extractor
// Currently, it looks in the Authorization header as well as // instead of a token string. The Extractor interface allows you to define
// looking for an 'access_token' request parameter in req.Form. // the logic for extracting a token. Several useful implementations are provided.
func ParseFromRequest(req *http.Request, extractor Extractor, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) { func ParseFromRequest(req *http.Request, extractor Extractor, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) {
return ParseFromRequestWithClaims(req, extractor, jwt.MapClaims{}, keyFunc) return ParseFromRequestWithClaims(req, extractor, jwt.MapClaims{}, keyFunc)
} }
// ParseFromRequest but with custom Claims type
func ParseFromRequestWithClaims(req *http.Request, extractor Extractor, claims jwt.Claims, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) { func ParseFromRequestWithClaims(req *http.Request, extractor Extractor, claims jwt.Claims, keyFunc jwt.Keyfunc) (token *jwt.Token, err error) {
// Extract token from request // Extract token from request
tokStr, err := extractor.ExtractToken(req) if tokStr, err := extractor.ExtractToken(req); err == nil {
if err != nil { return jwt.ParseWithClaims(tokStr, claims, keyFunc)
} else {
return nil, err return nil, err
} }
return jwt.ParseWithClaims(tokStr, claims, keyFunc)
} }