chore: upgrade to go-jwt/v4 (#157)

* chore: upgrade to go-jwt/v4 Upgrade all references of go-jwt to the v4 module. This brings proper module support and is 100% compatible with the previous v3 version. chore: avoid deprecated jwt method Signed-off-by: Lucas Roesler <[email protected]>
contiamo · Aug 27, 2021 · 8c948b3 · 8c948b3
1 parent 5fe641f
commit 8c948b3
Show file tree

Hide file tree

Showing 8 changed files with 14 additions and 21 deletions.
diff --git a/go.mod b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/go-chi/chi v4.0.2+incompatible
 	github.com/go-ozzo/ozzo-validation v3.6.0+incompatible
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0
-	github.com/golang-jwt/jwt v3.2.1+incompatible
+	github.com/golang-jwt/jwt/v4 v4.0.0
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.0.0 // indirect
 	github.com/gorilla/websocket v1.4.2

diff --git a/go.sum b/go.sum
@@ -71,8 +71,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
-github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
+github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=

diff --git a/pkg/config/jwt.go b/pkg/config/jwt.go
@@ -4,7 +4,7 @@ import (
 	"crypto/rsa"
 	"io/ioutil"
 
-	jwt "github.com/golang-jwt/jwt"
+	jwt "github.com/golang-jwt/jwt/v4"
 	"github.com/pkg/errors"
 )
 

diff --git a/pkg/config/jwt_test.go b/pkg/config/jwt_test.go
@@ -19,7 +19,7 @@ func TestJWTGetPublicKey(t *testing.T) {
 		key, err := cfg.GetPublicKey()
 		require.Nil(t, key)
 		require.Error(t, err)
-		require.Equal(t, "Invalid Key: Key must be a PEM encoded PKCS1 or PKCS8 key", err.Error())
+		require.Equal(t, "invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key", err.Error())
 	})
 	t.Run("Returns error when the path is not found", func(t *testing.T) {
 		cfg := JWT{PublicKeyPath: "./testdata/invalid"}
@@ -50,7 +50,7 @@ func TestJWTGetPrivateKey(t *testing.T) {
 		key, err := cfg.GetPrivateKey()
 		require.Nil(t, key)
 		require.Error(t, err)
-		require.Equal(t, "Invalid Key: Key must be a PEM encoded PKCS1 or PKCS8 key", err.Error())
+		require.Equal(t, "invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key", err.Error())
 	})
 	t.Run("Returns error when the path is not found", func(t *testing.T) {
 		cfg := JWT{PrivateKeyPath: "./testdata/invalid"}

diff --git a/pkg/http/middlewares/authorization/middleware.go b/pkg/http/middlewares/authorization/middleware.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/contiamo/go-base/v4/pkg/tracing"
 	goserverhttp "github.com/contiamo/goserver/http"
-	jwt "github.com/golang-jwt/jwt"
+	jwt "github.com/golang-jwt/jwt/v4"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -84,7 +84,7 @@ func (a *middleware) WrapHandler(next http.Handler) http.Handler {
 			return
 		}
 
-		claims, err := parseClaims(token.Raw)
+		claims, err := parseClaims(token)
 		if err != nil {
 			err = errors.Wrap(err, "could not parse request token from claims")
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
@@ -126,24 +126,17 @@ func sanitizeHeaderValue(value string) string {
 	return trimmed[0:len(trimmed)/2] + "****"
 }
 
-func parseClaims(token string) (claims Claims, err error) {
-	parts := strings.Split(token, ".")
-	if len(parts) != 3 {
-		return claims, errors.New("token contains an invalid number of segments")
-	}
-
-	rawClaims, err := jwt.DecodeSegment(parts[1])
+func parseClaims(token *jwt.Token) (claims Claims, err error) {
+	rawClaims, err := json.Marshal(token.Claims)
 	if err != nil {
 		return claims, err
 	}
 
-	claimMap := make(map[string]interface{})
-	err = json.Unmarshal(rawClaims, &claimMap)
+	err = json.Unmarshal(rawClaims, &claims)
 	if err != nil {
 		return claims, err
 	}
 
-	err = claims.FromClaimsMap(claimMap)
 	return claims, err
 }
 

diff --git a/pkg/http/middlewares/authorization/middleware_test.go b/pkg/http/middlewares/authorization/middleware_test.go
@@ -11,7 +11,7 @@ import (
 	"testing"
 	"time"
 
-	jwt "github.com/golang-jwt/jwt"
+	jwt "github.com/golang-jwt/jwt/v4"
 	uuid "github.com/satori/go.uuid"
 	"github.com/stretchr/testify/require"
 )

diff --git a/pkg/tokens/creator.go b/pkg/tokens/creator.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	authz "github.com/contiamo/go-base/v4/pkg/http/middlewares/authorization"
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v4"
 
 	uuid "github.com/satori/go.uuid"
 )

diff --git a/pkg/tokens/creator_test.go b/pkg/tokens/creator_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/contiamo/go-base/v4/pkg/config"
-	jwt "github.com/golang-jwt/jwt"
+	jwt "github.com/golang-jwt/jwt/v4"
 	"github.com/stretchr/testify/require"
 )