multitenantStack/services/tokenTools/tokenTools.go

package tokenTools

import (
	"crypto/rand"
	"encoding/base64"
	"fmt"

	jwt "github.com/dgrijalva/jwt-go"
	"golang.org/x/crypto/bcrypt"
)

var hmacSecret []byte

// GenerateSecret generate the secret to verify JWTs
func GenerateSecret() []byte {
	b := make([]byte, 32)
	rand.Read(b)
	return b
}

// InitJWTService generate the secret to verify JWTs and store it in memory
func InitTokenToolsService() {
	hmacSecret = GenerateSecret()
	encodedSecret := base64.StdEncoding.EncodeToString(hmacSecret)
	fmt.Println("InitJWTService", encodedSecret)

	// TODO: This needs to be replaced with reading rsa keys, there needs to be a automatic generation of these if they do not exist

}

// Validate a jwt tokenstring
func Validate(Token string) (bool, jwt.Token) {
	if len(hmacSecret) < 32 {
		panic("No Secret initialized")
	}

	token, err := jwt.Parse(Token, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}

		return hmacSecret, nil
	})

	if err == nil && token.Valid {

		fmt.Println("Token is valid")
		return true, *token
	}

	fmt.Println("Token Validation failed")
	return false, *token
}

// CreateToken create a new jwt token with the provided claims
func CreateToken(Claims jwt.MapClaims) string {

	// Create a new token object, specifying signing method and the claims
	// you would like it to contain.

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, Claims)

	// Sign and get the complete encoded token as a string using the secret
	tokenString, err := token.SignedString(hmacSecret)
	if err != nil {
		fmt.Println(err.Error())
	}

	return tokenString
}

func HashPassword(password string) (string, error) {
	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
	return string(bytes), err
}

func CheckPasswordHash(password, hash string) bool {
	// Interestingly this function costs around 800ms
	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
	return err == nil
}