create a JWT and put in the clients cookie
(res http.ResponseWriter, req *http.Request)
| 23 | |
| 24 | // create a JWT and put in the clients cookie |
| 25 | func setToken(res http.ResponseWriter, req *http.Request) { |
| 26 | // 30m Expiration for non-sensitive applications - OWSAP |
| 27 | expireToken := time.Now().Add(time.Minute * 30).Unix() |
| 28 | expireCookie := time.Now().Add(time.Minute * 30) |
| 29 | |
| 30 | // token Claims |
| 31 | claims := Claims{ |
| 32 | "TestUser", |
| 33 | jwt.StandardClaims{ |
| 34 | ExpiresAt: expireToken, |
| 35 | Issuer: "localhost:9000", |
| 36 | }, |
| 37 | } |
| 38 | |
| 39 | token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) |
| 40 | signedToken, _ := token.SignedString([]byte("secret")) |
| 41 | |
| 42 | // Set Cookie parameters |
| 43 | cookie := http.Cookie{ |
| 44 | Name: "Auth", |
| 45 | Value: signedToken, |
| 46 | Expires: expireCookie, // 30 min |
| 47 | HttpOnly: true, |
| 48 | Path: "/", |
| 49 | Domain: "127.0.0.1", |
| 50 | Secure: true, |
| 51 | } |
| 52 | |
| 53 | http.SetCookie(res, &cookie) |
| 54 | http.Redirect(res, req, "/profile", http.StatusTemporaryRedirect) |
| 55 | } |
| 56 | |
| 57 | // middleware to protect private pages |
| 58 | func validate(page http.HandlerFunc) http.HandlerFunc { |
nothing calls this directly
no outgoing calls
no test coverage detected