Remove dgrijalva/jwt-go dependency (#769)

a2632bd4 · Angelo Capossele · GitHub · 99fa5bc2 · a2632bd4 · 99fa5bc2
Unverified Commit a2632bd4 authored 4 years ago by Angelo Capossele Committed by GitHub 4 years ago
--- a/client/lib.go
+++ b/client/lib.go
@@ -42,7 +42,6 @@ func NewGoShimmerAPI(baseURL string, httpClient ...http.Client) *GoShimmerAPI {
 type GoShimmerAPI struct {
 	httpClient http.Client
 	baseURL    string
-	jwt        string
 }

 type errorresponse struct {
@@ -107,11 +106,6 @@ func (api *GoShimmerAPI) do(method string, route string, reqObj interface{}, res
 		req.Header.Set("Content-Type", contentTypeJSON)
 	}

-	// add authorization header with JWT
-	if len(api.jwt) > 0 {
-		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", api.jwt))
-	}
-
 	// make the request
 	res, err := api.httpClient.Do(req)
 	if err != nil {

--- a/client/login.go
+++ b/client/login.go
-package client
-
-import (
-	"net/http"
-
-	webapi_auth "github.com/iotaledger/goshimmer/plugins/webauth"
-)
-
-const (
-	routeLogin = "login"
-)
-
-// Login authorizes this API instance against the web API.
-// You must call this function before any other call, if the web-auth plugin is enabled.
-func (api *GoShimmerAPI) Login(username string, password string) error {
-	res := &webapi_auth.Response{}
-	if err := api.do(http.MethodPost, routeLogin,
-		&webapi_auth.Request{Username: username, Password: password}, res); err != nil {
-		return err
-	}
-	api.jwt = res.Token
-	return nil
-}
--- a/config.default.json
+++ b/config.default.json
@@ -91,11 +91,6 @@
    "bindAddress": "127.0.0.1:9311"
  },
  "webapi": {
-    "auth": {
-      "password": "goshimmer",
-      "privateKey": "",
-      "username": "goshimmer"
-    },
    "bindAddress": "127.0.0.1:8080"
  },
  "networkdelay": {

--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,6 @@ require (
 	github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
 	github.com/beevik/ntp v0.3.0
 	github.com/dgraph-io/badger/v2 v2.0.3
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/drand/drand v1.1.1
 	github.com/drand/kyber v1.1.2
 	github.com/gin-gonic/gin v1.6.3

--- a/plugins/webapi.go
+++ b/plugins/webapi.go
@@ -11,14 +11,12 @@ import (
 	"github.com/iotaledger/goshimmer/plugins/webapi/message"
 	"github.com/iotaledger/goshimmer/plugins/webapi/tools"
 	"github.com/iotaledger/goshimmer/plugins/webapi/value"
-	"github.com/iotaledger/goshimmer/plugins/webauth"
 	"github.com/iotaledger/hive.go/node"
 )

 // WebAPI contains the webapi endpoint plugins of a GoShimmer node.
 var WebAPI = node.Plugins(
 	webapi.Plugin(),
-	webauth.Plugin(),
 	data.Plugin(),
 	drng.Plugin(),
 	faucet.Plugin(),

--- a/plugins/webauth/parameters.go
+++ b/plugins/webauth/parameters.go
-package webauth
-
-import (
-	flag "github.com/spf13/pflag"
-)
-
-const (
-	// CfgWebAPIAuthUsername defines the config flag of the web API authentication username.
-	CfgWebAPIAuthUsername = "webapi.auth.username"
-	// CfgWebAPIAuthPassword defines the config flag of the web API authentication password.
-	CfgWebAPIAuthPassword = "webapi.auth.password"
-	// CfgWebAPIAuthPrivateKey defines the config flag of the web API authentication private key.
-	CfgWebAPIAuthPrivateKey = "webapi.auth.privateKey"
-)
-
-func init() {
-	flag.String(CfgWebAPIAuthUsername, "goshimmer", "username for the webapi")
-	flag.String(CfgWebAPIAuthPassword, "goshimmer", "password for the webapi")
-	flag.String(CfgWebAPIAuthPrivateKey, "", "private key used to sign the JWTs")
-}
--- a/plugins/webauth/webauth.go
+++ b/plugins/webauth/webauth.go
-package webauth
-
-import (
-	"net/http"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/dgrijalva/jwt-go"
-	"github.com/iotaledger/goshimmer/plugins/config"
-	"github.com/iotaledger/goshimmer/plugins/webapi"
-	"github.com/iotaledger/hive.go/logger"
-	"github.com/iotaledger/hive.go/node"
-	"github.com/labstack/echo"
-	"github.com/labstack/echo/middleware"
-)
-
-// PluginName is the name of the web API auth plugin.
-const PluginName = "WebAPI Auth"
-
-var (
-	// plugin is the plugin instance of the web API auth plugin.
-	plugin     *node.Plugin
-	once       sync.Once
-	log        *logger.Logger
-	privateKey string
-)
-
-// Plugin gets the plugin instance.
-func Plugin() *node.Plugin {
-	once.Do(func() {
-		plugin = node.NewPlugin(PluginName, node.Disabled, configure)
-	})
-	return plugin
-}
-
-func configure(plugin *node.Plugin) {
-	log = logger.NewLogger(PluginName)
-	privateKey = config.Node().GetString(CfgWebAPIAuthPrivateKey)
-	if len(privateKey) == 0 {
-		panic("")
-	}
-
-	webapi.Server().Use(middleware.JWTWithConfig(middleware.JWTConfig{
-		SigningKey: []byte(privateKey),
-		Skipper: func(c echo.Context) bool {
-			if strings.HasPrefix(c.Path(), "/ui") || c.Path() == "/login" {
-				return true
-			}
-			return false
-		},
-	}))
-
-	webapi.Server().POST("/login", Handler)
-	log.Info("WebAPI is now secured through JWT authentication")
-}
-
-// Request defines the struct of the request.
-type Request struct {
-	// Username is the username of the request.
-	Username string `json:"username"`
-	// Password is the password of the request.
-	Password string `json:"password"`
-}
-
-// Response defines the struct of the response.
-type Response struct {
-	// Token is the json web token.
-	Token string `json:"token"`
-}
-
-// Handler handles the web auth request.
-func Handler(c echo.Context) error {
-	login := &Request{}
-	if err := c.Bind(login); err != nil {
-		return echo.ErrBadRequest
-	}
-
-	if login.Username != config.Node().GetString(CfgWebAPIAuthUsername) ||
-		login.Password != config.Node().GetString(CfgWebAPIAuthPassword) {
-		return echo.ErrUnauthorized
-	}
-
-	token := jwt.New(jwt.SigningMethodHS256)
-	claims := token.Claims.(jwt.MapClaims)
-	claims["name"] = login.Username
-	claims["exp"] = time.Now().Add(time.Hour * 24 * 7).Unix()
-
-	t, err := token.SignedString([]byte(privateKey))
-	if err != nil {
-		return err
-	}
-
-	return c.JSON(http.StatusOK, &Response{Token: t})
-}