web.auth.jwt #
fn create_secret #
fn create_secret() string
fn create_token #
fn create_token(payload_ JwtPayload) JsonWebToken
creates jwt with encoded payload and header DOESN'T handle data encryption, sensitive data should be encrypted
fn get_data #
fn get_data(token string) !string
gets cookie token, returns user obj
fn get_payload #
fn get_payload(token string) !JwtPayload
gets cookie token, returns user obj
fn verify_jwt #
fn verify_jwt(token string) bool
verifies jwt cookie
fn verify_jwt_assymetric #
fn verify_jwt_assymetric(token string, pk string) bool
verifies jwt cookie
Todo: implement assymetric verification
type SignedJWT #
type SignedJWT = string
fn (SignedJWT) is_valid #
fn (token SignedJWT) is_valid() bool
fn (SignedJWT) verify #
fn (token SignedJWT) verify(secret string) !bool
fn (SignedJWT) decode #
fn (token SignedJWT) decode() !JsonWebToken
gets cookie token, returns user obj
fn (SignedJWT) get_field #
fn (token SignedJWT) get_field(field string) !string
gets cookie token, returns user obj
fn (SignedJWT) decode_subject #
fn (token SignedJWT) decode_subject() !string
gets cookie token, returns user obj
struct JsonWebToken #
struct JsonWebToken {
JwtHeader
JwtPayload
}
JWT code in this page is from https://github.com/vlang/v/blob/master/examples/vweb_orm_jwt/src/auth_services.v credit to https://github.com/enghitalo
fn (JsonWebToken) sign #
fn (token JsonWebToken) sign(secret string) string
fn (JsonWebToken) is_expired #
fn (token JsonWebToken) is_expired() bool
struct JwtPayload #
struct JwtPayload {
pub:
sub string // (subject)
iss string // (issuer)
exp time.Time // (expiration)
iat time.Time // (issued at)
aud string // (audience)
data string
}
Todo: refactor to use single JWT interface
Todo: we can name these better