// Package auth implements minimal HS256 JSON Web Tokens using only the standard // library. The API Server issues a token after verifying a user's credentials // against PocketBase, and verifies that token on every protected request. package auth import ( "crypto/hmac" "crypto/rand" "crypto/sha256" "encoding/base64" "encoding/hex" "encoding/json" "errors" "strings" "time" ) var ( ErrInvalidToken = errors.New("invalid token") ErrExpired = errors.New("token expired") ) // Claims is the JWT payload carried for an authenticated user. type Claims struct { Sub string `json:"sub"` // user id Email string `json:"email"` // user email Name string `json:"name"` // display name (optional) Role string `json:"role,omitempty"` // access role: "user" | "admin" Jti string `json:"jti"` // id of the backing "sessions" record, for revocation Iat int64 `json:"iat"` // issued-at (unix seconds) Exp int64 `json:"exp"` // expiry (unix seconds) } // NewJTI generates a random session identifier, hex-encoded so it's always a // safe, quote-free literal to embed directly in PocketBase filter strings. func NewJTI() (string, error) { b := make([]byte, 16) if _, err := rand.Read(b); err != nil { return "", err } return hex.EncodeToString(b), nil } const headerB64 = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" // {"alg":"HS256","typ":"JWT"} // Sign creates a signed token for the given claims and lifetime. func Sign(secret string, c Claims, ttl time.Duration) (string, error) { now := time.Now() c.Iat = now.Unix() c.Exp = now.Add(ttl).Unix() payload, err := json.Marshal(c) if err != nil { return "", err } signingInput := headerB64 + "." + b64(payload) sig := sign(signingInput, secret) return signingInput + "." + sig, nil } // Verify checks the signature and expiry, returning the embedded claims. func Verify(secret, token string) (*Claims, error) { parts := strings.Split(token, ".") if len(parts) != 3 { return nil, ErrInvalidToken } signingInput := parts[0] + "." + parts[1] expected := sign(signingInput, secret) // Constant-time comparison to avoid timing leaks. if !hmac.Equal([]byte(expected), []byte(parts[2])) { return nil, ErrInvalidToken } raw, err := base64.RawURLEncoding.DecodeString(parts[1]) if err != nil { return nil, ErrInvalidToken } var c Claims if err := json.Unmarshal(raw, &c); err != nil { return nil, ErrInvalidToken } if time.Now().Unix() >= c.Exp { return nil, ErrExpired } return &c, nil } func sign(input, secret string) string { mac := hmac.New(sha256.New, []byte(secret)) mac.Write([]byte(input)) return base64.RawURLEncoding.EncodeToString(mac.Sum(nil)) } func b64(b []byte) string { return base64.RawURLEncoding.EncodeToString(b) }