improved goreportcard score even more

adam-hanna · Jan 27, 2017 · ad22cc4 · ad22cc4
1 parent f185942
commit ad22cc4
Show file tree

Hide file tree

Showing 3 changed files with 106 additions and 76 deletions.
diff --git a/jwt/auth-utils.go b/jwt/auth-utils.go
@@ -36,7 +36,7 @@ func (a *Auth) extractTokenStringsFromReq(r *http.Request) (string, string, *jwt
 				return "", "", newJwtError(errors.New("Internal Server Error"), 500)
 			}
 
-			return bearerTokens.Auth_Token, bearerTokens.Refresh_Token, nil
+			return bearerTokens.AuthToken, bearerTokens.RefreshToken, nil
 		}
 
 		// tokens are form encoded

diff --git a/jwt/auth-utils_unit_test.go b/jwt/auth-utils_unit_test.go
@@ -18,7 +18,7 @@ func TestExtractTokenStringsFromReq(t *testing.T) {
 		HMACKey: []byte(`#5K+¥¼ƒ~ew{¦Z³(æðTÉ(©„²ÒP.¿ÓûZ’ÒGï–Š´Ãwb="=.!r.OÀÍšõgÐ€£`),
 		RefreshTokenValidTime: 72 * time.Hour,
 		AuthTokenValidTime:    15 * time.Minute,
-		Debug:                 false,
+		Debug:                 true,
 		IsDevEnv:              true,
 	})
 	if authErr != nil {

diff --git a/jwt/auth.go b/jwt/auth.go
@@ -80,19 +80,12 @@ func defaultUnauthorizedHandler(w http.ResponseWriter, r *http.Request) {
 
 // this is a general json struct for when bearer tokens are used
 type bearerTokensStruct struct {
-	Auth_Token    string `json: "Auth_Token"`
-	Refresh_Token string `json: "Refresh_Token"`
+	AuthToken    string `json:"Auth_Token"`
+	RefreshToken string `json:"Refresh_Token"`
 }
 
 // New constructs a new Auth instance with supplied options.
-func New(auth *Auth, options ...Options) error {
-	var o Options
-	if len(options) == 0 {
-		o = Options{}
-	} else {
-		o = options[0]
-	}
-
+func New(auth *Auth, o Options) error {
 	// check if durations have been provided for auth and refresh token exp
 	// if not, set them equal to the default
 	if o.RefreshTokenValidTime <= 0 {
@@ -103,94 +96,131 @@ func New(auth *Auth, options ...Options) error {
 	}
 
 	// create the sign and verify keys
-	var signKey interface{}
-	var verifyKey interface{}
+	signKey, verifyKey, err := o.buildSignAndVerifyKeys()
+	if err != nil {
+		return err
+	}
+
+	auth.signKey = signKey
+	auth.verifyKey = verifyKey
+	auth.options = o
+	auth.errorHandler = http.HandlerFunc(defaultErrorHandler)
+	auth.unauthorizedHandler = http.HandlerFunc(defaultUnauthorizedHandler)
+	auth.revokeRefreshToken = TokenRevoker(defaultTokenRevoker)
+	auth.checkTokenId = TokenIdChecker(defaultCheckTokenId)
+
+	return nil
+}
+
+func (o *Options) buildSignAndVerifyKeys() (signKey interface{}, verifyKey interface{}, err error) {
 	if o.SigningMethodString == "HS256" || o.SigningMethodString == "HS384" || o.SigningMethodString == "HS512" {
-		if len(o.HMACKey) == 0 {
-			return errors.New("When using an HMAC-SHA signing method, please provide an HMACKey")
-		}
-		if !o.VerifyOnlyServer {
-			signKey = o.HMACKey
-		}
-		verifyKey = o.HMACKey
+		return o.buildHMACKeys()
 
 	} else if o.SigningMethodString == "RS256" || o.SigningMethodString == "RS384" || o.SigningMethodString == "RS512" {
-		// check to make sure the provided options are valid
-		if o.PrivateKeyLocation == "" && !o.VerifyOnlyServer {
-			return errors.New("Private key location is required!")
-		}
-		if o.PublicKeyLocation == "" {
-			return errors.New("Public key location is required!")
-		}
+		return o.buildRSAKeys()
 
-		// read the key files
-		if !o.VerifyOnlyServer {
-			signBytes, err := ioutil.ReadFile(o.PrivateKeyLocation)
-			if err != nil {
-				return err
-			}
+	} else if o.SigningMethodString == "ES256" || o.SigningMethodString == "ES384" || o.SigningMethodString == "ES512" {
+		return o.buildESKeys()
 
-			signKey, err = jwtGo.ParseRSAPrivateKeyFromPEM(signBytes)
-			if err != nil {
-				return err
-			}
-		}
+	} else {
+		err = errors.New("Signing method string not recognized!")
+		return
+	}
 
-		verifyBytes, err := ioutil.ReadFile(o.PublicKeyLocation)
+	return
+}
+
+func (o *Options) buildHMACKeys() (signKey interface{}, verifyKey interface{}, err error) {
+	if len(o.HMACKey) == 0 {
+		err = errors.New("When using an HMAC-SHA signing method, please provide an HMACKey")
+		return
+	}
+	if !o.VerifyOnlyServer {
+		signKey = o.HMACKey
+	}
+	verifyKey = o.HMACKey
+
+	return
+}
+
+func (o *Options) buildRSAKeys() (signKey interface{}, verifyKey interface{}, err error) {
+	var signBytes []byte
+	var verifyBytes []byte
+
+	// check to make sure the provided options are valid
+	if o.PrivateKeyLocation == "" && !o.VerifyOnlyServer {
+		err = errors.New("Private key location is required!")
+		return
+	}
+	if o.PublicKeyLocation == "" {
+		err = errors.New("Public key location is required!")
+		return
+	}
+
+	// read the key files
+	if !o.VerifyOnlyServer {
+		signBytes, err = ioutil.ReadFile(o.PrivateKeyLocation)
 		if err != nil {
-			return err
+			return
 		}
 
-		verifyKey, err = jwtGo.ParseRSAPublicKeyFromPEM(verifyBytes)
+		signKey, err = jwtGo.ParseRSAPrivateKeyFromPEM(signBytes)
 		if err != nil {
-			return err
+			return
 		}
+	}
 
-	} else if o.SigningMethodString == "ES256" || o.SigningMethodString == "ES384" || o.SigningMethodString == "ES512" {
-		// check to make sure the provided options are valid
-		if o.PrivateKeyLocation == "" && !o.VerifyOnlyServer {
-			return errors.New("Private key location is required!")
-		}
-		if o.PublicKeyLocation == "" {
-			return errors.New("Public key location is required!")
-		}
+	verifyBytes, err = ioutil.ReadFile(o.PublicKeyLocation)
+	if err != nil {
+		return
+	}
 
-		// read the key files
-		if !o.VerifyOnlyServer {
-			signBytes, err := ioutil.ReadFile(o.PrivateKeyLocation)
-			if err != nil {
-				return err
-			}
+	verifyKey, err = jwtGo.ParseRSAPublicKeyFromPEM(verifyBytes)
+	if err != nil {
+		return
+	}
 
-			signKey, err = jwtGo.ParseECPrivateKeyFromPEM(signBytes)
-			if err != nil {
-				return err
-			}
-		}
+	return
+}
 
-		verifyBytes, err := ioutil.ReadFile(o.PublicKeyLocation)
+func (o *Options) buildESKeys() (signKey interface{}, verifyKey interface{}, err error) {
+	var signBytes []byte
+	var verifyBytes []byte
+
+	// check to make sure the provided options are valid
+	if o.PrivateKeyLocation == "" && !o.VerifyOnlyServer {
+		err = errors.New("Private key location is required!")
+		return
+	}
+	if o.PublicKeyLocation == "" {
+		err = errors.New("Public key location is required!")
+		return
+	}
+
+	// read the key files
+	if !o.VerifyOnlyServer {
+		signBytes, err = ioutil.ReadFile(o.PrivateKeyLocation)
 		if err != nil {
-			return err
+			return
 		}
 
-		verifyKey, err = jwtGo.ParseECPublicKeyFromPEM(verifyBytes)
+		signKey, err = jwtGo.ParseECPrivateKeyFromPEM(signBytes)
 		if err != nil {
-			return err
+			return
 		}
+	}
 
-	} else {
-		return errors.New("Signing method string not recognized!")
+	verifyBytes, err = ioutil.ReadFile(o.PublicKeyLocation)
+	if err != nil {
+		return
 	}
 
-	auth.signKey = signKey
-	auth.verifyKey = verifyKey
-	auth.options = o
-	auth.errorHandler = http.HandlerFunc(defaultErrorHandler)
-	auth.unauthorizedHandler = http.HandlerFunc(defaultUnauthorizedHandler)
-	auth.revokeRefreshToken = TokenRevoker(defaultTokenRevoker)
-	auth.checkTokenId = TokenIdChecker(defaultCheckTokenId)
+	verifyKey, err = jwtGo.ParseECPublicKeyFromPEM(verifyBytes)
+	if err != nil {
+		return
+	}
 
-	return nil
+	return
 }
 
 // SetErrorHandler : add methods to allow the changing of default functions