jwt for api endpoints

[ghost]

Hi guys, @raven-chen ,

Hope you are all well !

I created the website https://paper2code.com/ with the qor framework and I need to implement a more advanced restful api functions.

So I have read the documentation about the RESTFul api but I did not find a way to implement a JWT token to query the api endpoints.

Just to be sure, and that's a very important question as I need to implement that asap, how can I implement gin-jwt with qor or as a use case with qor-example ?

Thanks for you insights or snippets by advance.

Cheers,
X

[raven-chen]

hi @x0rzkov

Do you want to integrate JWT with QOR Admin resources? Or your own handler but with QOR Auth?

[ghost]

@raven-chen

Both is it possible ?

But in priority, I want to create an api endpoint with a bearer and allow users to get it with their login credentials (I use auth_themes/clean); not admin users.

So if "Or your own handler but with QOR Auth?" means that so the answer is that.

Btw, it is my second handle of @x0rzkov

Cheers

[raven-chen]

Both are possible. but integrate JWT into QOR Admin is not an easy job.

Since you're in rush. better to do something with the Auth.

type Auth interface {
	GetCurrentUser(*Context) qor.CurrentUser
	LoginURL(*Context) string
	LogoutURL(*Context) string
}

A quick patch would be inserting the jwt logic into GetCurrentUser. I'm not 100% sure it would work but worth a try.

[ghost]

@raven-chen

Do you have a snippet to share ? plz

I found that integrating jwt:

• https://github.com/cryptix/ssb-pubmon/blob/master/config/config.go#L86
• https://github.com/cryptix/ssb-pubmon/blob/master/config/auth/auth.go
• https://github.com/imagepit/go-micro-user/blob/master/main.go

[raven-chen]

I don't have a snippet. just an idea. e.g.

func (AdminAuth) GetCurrentUser(c *admin.Context) qor.CurrentUser {
        // this is a normal implementation. You can try embed JWT logic here, if user passes the jwt check, return a proper user. otherwise return nil?
	currentUser := Auth.GetCurrentUser(c.Request)
	if currentUser != nil {
		qorCurrentUser, ok := currentUser.(qor.CurrentUser)
		if !ok {
			fmt.Printf("User %#v haven't implement qor.CurrentUser interface\n", currentUser)
		}
		return qorCurrentUser
	}
	return nil
}

[sergolius]

@x0rzkov
auth module partly supports JWT authentication:

auth/session_storer.go

Line 43 in 11d4c97

tokenString := req.Header.Get("Authorization")

You can wrap SessionStorer with decorator to extend behaviour of Update method

auth/session_storer.go

Line 54 in 11d4c97

func (sessionStorer *SessionStorer) Update(w http.ResponseWriter, req *http.Request, claims *claims.Claims) error {

To make set "Authorization" header in response

[ghost]

@sergolius thanks for your reply :-)

Is there a way to create login controller without the form to get it and/or refresh it ?

Cheers,
X

[sergolius]

@x0rzkov QOR is very flexible, it's up to you to extend or override functionality.
See Password provider as base example: https://github.com/qor/auth/blob/11d4c974507d28e2fd10ff94edcdd00369e069a6/providers/password/password.go

[ghost]

Unfortunately, I am lost on this one, do not know how to do it... If you have a snippet, you would be my saviour ^^

[lutfuahmet]

auth/handlers.go

Line 27 in 2bfb79d

// TODO write json token

[lutfuahmet]

I send pull request to auth package.

#45

[ghost]

@lutfuahmet do you have an example with the full implementation mate ? Thanks for you reply also, greatly appreciated :-)