/hertz-paseto

Paseto middleware for Hertz.

Primary LanguageGoApache License 2.0Apache-2.0

PASETO (This is a community driven project)

Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

This is the PASETO middleware for Hertz framework.

Usage

Install

go get github.com/hertz-contrib/paseto

Import

import "github.com/hertz-contrib/paseto"

Example

package main

import (
	"context"
	"fmt"
	"net/http"
	"time"

	"github.com/cloudwego/hertz/pkg/app"
	"github.com/cloudwego/hertz/pkg/app/client"
	"github.com/cloudwego/hertz/pkg/app/server"
	"github.com/cloudwego/hertz/pkg/common/hlog"
	"github.com/cloudwego/hertz/pkg/protocol"
	"github.com/hertz-contrib/paseto"
)

func performRequest() {
	time.Sleep(time.Second)
	c, _ := client.NewClient()
	req, resp := protocol.AcquireRequest(), protocol.AcquireResponse()
	req.SetRequestURI("http://127.0.0.1:8080/paseto")

	req.SetMethod("GET")
	_ = c.Do(context.Background(), req, resp)
	fmt.Printf("get token: %s\n", resp.Body())

	req.SetMethod("POST")
	req.SetHeader("Authorization", string(resp.Body()))
	_ = c.Do(context.Background(), req, resp)
	fmt.Printf("Authorization response :%s", resp.Body())
}

func main() {
	h := server.New(server.WithHostPorts(":8080"))
	h.GET("/paseto", func(c context.Context, ctx *app.RequestContext) {
		now := time.Now()
		genTokenFunc := paseto.DefaultGenTokenFunc()
		token, err := genTokenFunc(&paseto.StandardClaims{
			Issuer:    "cwg-issuer",
			ExpiredAt: now.Add(time.Hour),
			NotBefore: now,
			IssuedAt:  now,
		}, nil, nil)
		if err != nil {
			hlog.Error("generate token failed")
		}
		ctx.String(http.StatusOK, token)
	})

	h.POST("/paseto", paseto.New(), func(c context.Context, ctx *app.RequestContext) {
		ctx.String(http.StatusOK, "token is valid")
	})

	go performRequest()

	h.Spin()
}

Options

Option Default Description
Next nil Next defines a function to skip this middleware when returned true.
ErrorHandler output log and response 401 ErrorHandler defines a function which is executed when an error occurs.
SuccessHandler save the claims to app.RequestContext SuccessHandler defines a function which is executed when the token is valid.
KeyLookup "header:Authorization" KeyLookup is a string in the form of ":" that is used to create an Extractor that extracts the token from the request.
TokenPrefix "" TokenPrefix is a string that holds the prefix for the token lookup.
ParseFunc parse V4 Public Token ParseFunc parse and verify token.

Version comparison

Version Local Public
v1 Encrypted with AES-256-CBC and signed with HMAC-SHA-256 Signed with RSA-SHA-256
v2 Encrypted with XSalsa20Poly1305 and signed with HMAC-SHA-384 Signed with EdDSA (Ed25519)
v3 Encrypted with XChaCha20Poly1305 and signed with HMAC-SHA-384 Signed with EdDSA (Ed25519)
v4 Encrypted with XChaCha20Poly1305 and signed with HMAC-SHA-512-256 Signed with EdDSA (Ed448)