From cd597a52c2ad61ec358f196a7eea8d7b56d53e96 Mon Sep 17 00:00:00 2001
From: francescods <f.disciascio@informaticaitaliana.eu>
Date: Tue, 18 Feb 2025 16:06:15 +0100
Subject: [PATCH] implementazione metodo di verifica JWT

secret in file di configurazione application.config
---
 src/main/kotlin/eu/maiora/Application.kt      |  8 +++--
 src/main/kotlin/eu/maiora/plugins/Security.kt | 35 +++++++++++++++++++
 2 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 src/main/kotlin/eu/maiora/plugins/Security.kt

diff --git a/src/main/kotlin/eu/maiora/Application.kt b/src/main/kotlin/eu/maiora/Application.kt
index bfd7600..d82eece 100644
--- a/src/main/kotlin/eu/maiora/Application.kt
+++ b/src/main/kotlin/eu/maiora/Application.kt
@@ -17,10 +17,12 @@ fun main() {
 
 fun Application.module() {
     val config = ApplicationConfig("application.conf")
-    val dbUrl = config.property("ktor.database.url").getString();
-    val username = config.property("ktor.database.username").getString();
-    val password = config.property("ktor.database.password").getString();
+    val dbUrl = config.property("ktor.database.url").getString()
+    val username = config.property("ktor.database.username").getString()
+    val password = config.property("ktor.database.password").getString()
+    val secret = config.property("ktor.jwt.secret").getString()
     configureDatabases(dbUrl, username, password)
+    configureSecurity(secret)
     configureRouting(dbUrl, username, password)
     configureSerialization()
 
diff --git a/src/main/kotlin/eu/maiora/plugins/Security.kt b/src/main/kotlin/eu/maiora/plugins/Security.kt
new file mode 100644
index 0000000..3facb4e
--- /dev/null
+++ b/src/main/kotlin/eu/maiora/plugins/Security.kt
@@ -0,0 +1,35 @@
+package eu.maiora.plugins
+
+import com.auth0.jwt.JWT
+import com.auth0.jwt.algorithms.Algorithm
+import io.ktor.http.*
+import io.ktor.server.application.*
+import io.ktor.server.auth.*
+import io.ktor.server.auth.jwt.*
+import io.ktor.server.response.*
+
+fun Application.configureSecurity(secret: String) {
+    install(Authentication) {
+        jwt ("auth-jwt"){
+            verifier(
+                JWT
+                    .require(Algorithm.HMAC256(secret))
+                    .build())
+            validate { credential ->
+                val expiresAt = credential.payload.expiresAt?.time ?: 0
+                val now = System.currentTimeMillis()
+
+                // Verifica se il token ? scaduto
+                if (expiresAt >= now) {
+                    JWTPrincipal(credential.payload)
+                }
+                else {
+                    null
+                }
+            }
+            challenge { defaultScheme, realm ->
+                call.respond(HttpStatusCode.Unauthorized, "Token non valido o scaduto")
+            }
+        }
+    }
+}
\ No newline at end of file