paseto: change the Unpack return type to PublicToken

Previously, UnpackHTTPRequest and Unpack methods return the data inside the token and footer. This changes, return the unpacked token as a whole, include the JSON token, the data inside JSON token, and the JSON footer. In this way, user can do additional process to the request token that they receive, for example, to log the request.
author: Shulhan <m.shulhan@gmail.com> 2020-09-21 13:20:06 +0700
committer: Shulhan <m.shulhan@gmail.com> 2020-09-21 13:20:06 +0700
commit: da8b0b06e994b8fd80b08c33ea81e10dec760f96 (patch)
tree: bdede75fbf6bbfbfd75ab023cfa9d310548ecf37 /lib
parent: da7b881112557eee0f4136ab1da38dad0404d29b (diff)
download: pakakeh.go-da8b0b06e994b8fd80b08c33ea81e10dec760f96.tar.xz
4 files changed, 47 insertions, 32 deletions
diff --git a/lib/paseto/example_public_mode_test.go b/lib/paseto/example_public_mode_test.go
index 705be1ae..9b283513 100644
--- a/lib/paseto/example_public_mode_test.go
+++ b/lib/paseto/example_public_mode_test.go
@@ -69,22 +69,22 @@ func ExamplePublicMode() {
 	receiver.AddPeer(senderKey)
 
 	// receiver receive the token from sender and unpack it ...
-	gotData, gotFooter, err := receiver.Unpack(token)
+	got, err := receiver.Unpack(token)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	fmt.Printf("Received data: %s\n", gotData)
-	fmt.Printf("Received footer: %+v\n", gotFooter)
+	fmt.Printf("Received data: %s\n", got.Data)
+	fmt.Printf("Received footer: %+v\n", got.Footer)
 
 	// receiver receive invalid token from sender and unpack it ...
-	gotData, gotFooter, err = receiver.Unpack(invalidToken)
+	got, err = receiver.Unpack(invalidToken)
 	if err != nil {
 		fmt.Println(err)
 	}
 
 	// Output:
 	// Received data: hello receiver
-	// Received footer: map[FOOTER:HERE]
+	// Received footer: {KID:sender Data:map[FOOTER:HERE]}
 	// token subject "unknown-subject" is not allowed for key "sender"
 }
diff --git a/lib/paseto/public_mode.go b/lib/paseto/public_mode.go
index fdbbfc9f..1c50d6d5 100644
--- a/lib/paseto/public_mode.go
+++ b/lib/paseto/public_mode.go
@@ -60,10 +60,10 @@ func NewPublicMode(our Key) (auth *PublicMode, err error) {
 // from query parameter "access_token".
 //
 func (auth *PublicMode) UnpackHTTPRequest(req *http.Request) (
-	data []byte, footer map[string]interface{}, err error,
+	publicToken *PublicToken, err error,
 ) {
 	if req == nil {
-		return nil, nil, fmt.Errorf("empty HTTP request")
+		return nil, fmt.Errorf("empty HTTP request")
 	}
 
 	var token string
@@ -72,15 +72,15 @@ func (auth *PublicMode) UnpackHTTPRequest(req *http.Request) (
 	if len(headerAuth) == 0 {
 		token = req.Form.Get(paramNameAccessToken)
 		if len(token) == 0 {
-			return nil, nil, fmt.Errorf("missing access token")
+			return nil, fmt.Errorf("missing access token")
 		}
 	} else {
 		vals := strings.Fields(headerAuth)
 		if len(vals) != 2 {
-			return nil, nil, fmt.Errorf("invalid Authorization: %s", headerAuth)
+			return nil, fmt.Errorf("invalid Authorization: %s", headerAuth)
 		}
 		if strings.ToLower(vals[0]) != keyBearer {
-			return nil, nil, fmt.Errorf("invalid Authorization: expecting %q, got %q",
+			return nil, fmt.Errorf("invalid Authorization: expecting %q, got %q",
 				keyBearer, vals[0])
 		}
 		token = vals[1]
@@ -157,58 +157,59 @@ func (auth *PublicMode) Pack(audience, subject string, data []byte, footer map[s
 //
 // Unpack the token to get the JSONToken and the data.
 //
-func (auth *PublicMode) Unpack(token string) (data []byte, footer map[string]interface{}, err error) {
+func (auth *PublicMode) Unpack(token string) (publicToken *PublicToken, err error) {
 	pieces := strings.Split(token, ".")
 	if len(pieces) != 4 {
-		return nil, nil, fmt.Errorf("invalid token format")
+		return nil, fmt.Errorf("invalid token format")
 	}
 	if pieces[0] != "v2" {
-		return nil, nil, fmt.Errorf("unsupported protocol version " + pieces[0])
+		return nil, fmt.Errorf("unsupported protocol version " + pieces[0])
 	}
 	if pieces[1] != "public" {
-		return nil, nil, fmt.Errorf("expecting public mode, got " + pieces[1])
+		return nil, fmt.Errorf("expecting public mode, got " + pieces[1])
 	}
 
+	publicToken = &PublicToken{}
+
 	rawfooter, err := base64.RawURLEncoding.DecodeString(pieces[3])
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	jsonFooter := &JSONFooter{}
-	err = json.Unmarshal(rawfooter, jsonFooter)
+	err = json.Unmarshal(rawfooter, &publicToken.Footer)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
-	peerKey, ok := auth.peers.get(jsonFooter.KID)
+	peerKey, ok := auth.peers.get(publicToken.Footer.KID)
 	if !ok {
-		return nil, nil, fmt.Errorf("unknown peer key ID %s", jsonFooter.KID)
+		return nil, fmt.Errorf("unknown peer key ID %s",
+			publicToken.Footer.KID)
 	}
 
 	msgSig, err := base64.RawURLEncoding.DecodeString(pieces[2])
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	msg, err := Verify(peerKey.Public, msgSig, rawfooter)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	jtoken := &JSONToken{}
-	err = json.Unmarshal(msg, jtoken)
+	err = json.Unmarshal(msg, &publicToken.Token)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	err = jtoken.Validate(auth.our.ID, peerKey)
+	err = publicToken.Token.Validate(auth.our.ID, peerKey)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	data, err = base64.StdEncoding.DecodeString(jtoken.Data)
+	publicToken.Data, err = base64.StdEncoding.DecodeString(publicToken.Token.Data)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	return data, jsonFooter.Data, nil
+	return publicToken, nil
 }
diff --git a/lib/paseto/public_mode_test.go b/lib/paseto/public_mode_test.go
index b9f95c02..f09675b9 100644
--- a/lib/paseto/public_mode_test.go
+++ b/lib/paseto/public_mode_test.go
@@ -85,12 +85,12 @@ func TestPublicMode_UnpackHTTPRequest(t *testing.T) {
 	}}
 
 	for _, c := range cases {
-		gotData, _, err := auth.UnpackHTTPRequest(c.req)
+		got, err := auth.UnpackHTTPRequest(c.req)
 		if err != nil {
 			test.Assert(t, c.desc, c.expError, err.Error(), true)
 			continue
 		}
 
-		test.Assert(t, c.desc, c.expData, gotData, true)
+		test.Assert(t, c.desc, c.expData, got.Data, true)
 	}
 }
diff --git a/lib/paseto/public_token.go b/lib/paseto/public_token.go
new file mode 100644
index 00000000..71963894
--- /dev/null
+++ b/lib/paseto/public_token.go
@@ -0,0 +1,14 @@
+// Copyright 2020, Shulhan <ms@kilabit.info>. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package paseto
+
+//
+// PublicToken contains the unpacked public token.
+//
+type PublicToken struct {
+	Token  JSONToken
+	Data   []byte
+	Footer JSONFooter
+}
author	Shulhan <m.shulhan@gmail.com>	2020-09-21 13:20:06 +0700
committer	Shulhan <m.shulhan@gmail.com>	2020-09-21 13:20:06 +0700
commit	da8b0b06e994b8fd80b08c33ea81e10dec760f96 (patch)
tree	bdede75fbf6bbfbfd75ab023cfa9d310548ecf37 /lib
parent	da7b881112557eee0f4136ab1da38dad0404d29b (diff)
download	pakakeh.go-da8b0b06e994b8fd80b08c33ea81e10dec760f96.tar.xz