navidrome/core/auth/auth.go

package auth

import (
	"context"
	"sync"
	"time"

	"github.com/go-chi/jwtauth/v5"
	"github.com/lestrrat-go/jwx/v2/jwt"
	"github.com/navidrome/navidrome/conf"
	"github.com/navidrome/navidrome/consts"
	"github.com/navidrome/navidrome/log"
	"github.com/navidrome/navidrome/model"
)

var (
	once      sync.Once
	Secret    []byte
	TokenAuth *jwtauth.JWTAuth
)

func Init(ds model.DataStore) {
	once.Do(func() {
		log.Info("Setting Session Timeout", "value", conf.Server.SessionTimeout)
		secret, err := ds.Property(context.TODO()).DefaultGet(consts.JWTSecretKey, "not so secret")
		if err != nil {
			log.Error("No JWT secret found in DB. Setting a temp one, but please report this error", err)
		}
		Secret = []byte(secret)
		TokenAuth = jwtauth.New("HS256", Secret, nil)
	})
}

func CreateToken(u *model.User) (string, error) {
	claims := map[string]interface{}{}
	claims[jwt.IssuerKey] = consts.JWTIssuer
	claims[jwt.IssuedAtKey] = time.Now().UTC().Unix()
	claims[jwt.SubjectKey] = u.UserName
	claims["uid"] = u.ID
	claims["adm"] = u.IsAdmin
	token, _, err := TokenAuth.Encode(claims)
	if err != nil {
		return "", err
	}

	return TouchToken(token)
}

func TouchToken(token jwt.Token) (string, error) {
	claims, err := token.AsMap(context.Background())
	if err != nil {
		return "", err
	}

	claims[jwt.ExpirationKey] = time.Now().UTC().Add(conf.Server.SessionTimeout).Unix()
	_, newToken, err := TokenAuth.Encode(claims)

	return newToken, err
}

func Validate(tokenStr string) (map[string]interface{}, error) {
	token, err := jwtauth.VerifyToken(TokenAuth, tokenStr)
	if err != nil {
		return nil, err
	}
	return token.AsMap(context.Background())
}
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`package auth`

			`import (`
Fixing static checks about passing nil context 2020-04-26 18:06:38 +02:00			`"context"`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`"sync"`
			`"time"`

Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`"github.com/go-chi/jwtauth/v5"`
Bump github.com/go-chi/jwtauth/v5 from 5.0.2 to 5.1.0 2022-12-02 23:58:38 +01:00			`"github.com/lestrrat-go/jwx/v2/jwt"`
feat: allow session timeout to be configurable. closes #101 2020-03-19 01:16:18 +01:00			`"github.com/navidrome/navidrome/conf"`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`"github.com/navidrome/navidrome/consts"`
			`"github.com/navidrome/navidrome/log"`
			`"github.com/navidrome/navidrome/model"`
			`)`

			`var (`
Removed unnecessary code 2021-05-12 00:55:58 +02:00			`once sync.Once`
			`Secret []byte`
			`TokenAuth *jwtauth.JWTAuth`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`)`

Removed unnecessary code 2021-05-12 00:55:58 +02:00			`func Init(ds model.DataStore) {`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`once.Do(func() {`
Removed unnecessary code 2021-05-12 00:55:58 +02:00			`log.Info("Setting Session Timeout", "value", conf.Server.SessionTimeout)`
Fixing static checks about passing nil context 2020-04-26 18:06:38 +02:00			`secret, err := ds.Property(context.TODO()).DefaultGet(consts.JWTSecretKey, "not so secret")`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`if err != nil {`
			`log.Error("No JWT secret found in DB. Setting a temp one, but please report this error", err)`
			`}`
More auth tests 2021-04-30 16:00:03 +02:00			`Secret = []byte(secret)`
			`TokenAuth = jwtauth.New("HS256", Secret, nil)`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`})`
			`}`

			`func CreateToken(u *model.User) (string, error) {`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`claims := map[string]interface{}{}`
			`claims[jwt.IssuerKey] = consts.JWTIssuer`
			`claims[jwt.IssuedAtKey] = time.Now().UTC().Unix()`
			`claims[jwt.SubjectKey] = u.UserName`
Allow regular users to change their info, including password. Should fix #199 2021-04-29 04:35:25 +02:00			`claims["uid"] = u.ID`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`claims["adm"] = u.IsAdmin`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`token, _, err := TokenAuth.Encode(claims)`
			`if err != nil {`
			`return "", err`
			`}`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00
			`return TouchToken(token)`
			`}`

Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`func TouchToken(token jwt.Token) (string, error) {`
			`claims, err := token.AsMap(context.Background())`
			`if err != nil {`
			`return "", err`
More auth tests 2021-04-30 16:00:03 +02:00			`}`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00
Removed unnecessary code 2021-05-12 00:55:58 +02:00			`claims[jwt.ExpirationKey] = time.Now().UTC().Add(conf.Server.SessionTimeout).Unix()`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`_, newToken, err := TokenAuth.Encode(claims)`

			`return newToken, err`
More auth tests 2021-04-30 16:00:03 +02:00			`}`

Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`func Validate(tokenStr string) (map[string]interface{}, error) {`
			`token, err := jwtauth.VerifyToken(TokenAuth, tokenStr)`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`if err != nil {`
			`return nil, err`
			`}`
Upgrade to go-chi 5 2021-05-11 23:21:18 +02:00			`return token.AsMap(context.Background())`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`}`