Merge remote-tracking branch 'upstream/dev' into 0002343-endpoint-tessere
This commit is contained in:
		
						commit
						488cab4ac7
					
				| @ -17,10 +17,12 @@ fun main() { | |||||||
| 
 | 
 | ||||||
| fun Application.module() { | fun Application.module() { | ||||||
|     val config = ApplicationConfig("application.conf") |     val config = ApplicationConfig("application.conf") | ||||||
|     val dbUrl = config.property("ktor.database.url").getString(); |     val dbUrl = config.property("ktor.database.url").getString() | ||||||
|     val username = config.property("ktor.database.username").getString(); |     val username = config.property("ktor.database.username").getString() | ||||||
|     val password = config.property("ktor.database.password").getString(); |     val password = config.property("ktor.database.password").getString() | ||||||
|  |     val secret = config.property("ktor.jwt.secret").getString() | ||||||
|     configureDatabases(dbUrl, username, password) |     configureDatabases(dbUrl, username, password) | ||||||
|  |     configureSecurity(secret) | ||||||
|     configureRouting(dbUrl, username, password) |     configureRouting(dbUrl, username, password) | ||||||
|     configureSerialization() |     configureSerialization() | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										35
									
								
								src/main/kotlin/eu/maiora/plugins/Security.kt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								src/main/kotlin/eu/maiora/plugins/Security.kt
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,35 @@ | |||||||
|  | package eu.maiora.plugins | ||||||
|  | 
 | ||||||
|  | import com.auth0.jwt.JWT | ||||||
|  | import com.auth0.jwt.algorithms.Algorithm | ||||||
|  | import io.ktor.http.* | ||||||
|  | import io.ktor.server.application.* | ||||||
|  | import io.ktor.server.auth.* | ||||||
|  | import io.ktor.server.auth.jwt.* | ||||||
|  | import io.ktor.server.response.* | ||||||
|  | 
 | ||||||
|  | fun Application.configureSecurity(secret: String) { | ||||||
|  |     install(Authentication) { | ||||||
|  |         jwt ("auth-jwt"){ | ||||||
|  |             verifier( | ||||||
|  |                 JWT | ||||||
|  |                     .require(Algorithm.HMAC256(secret)) | ||||||
|  |                     .build()) | ||||||
|  |             validate { credential -> | ||||||
|  |                 val expiresAt = credential.payload.expiresAt?.time ?: 0 | ||||||
|  |                 val now = System.currentTimeMillis() | ||||||
|  | 
 | ||||||
|  |                 // Verifica se il token ? scaduto | ||||||
|  |                 if (expiresAt >= now) { | ||||||
|  |                     JWTPrincipal(credential.payload) | ||||||
|  |                 } | ||||||
|  |                 else { | ||||||
|  |                     null | ||||||
|  |                 } | ||||||
|  |             } | ||||||
|  |             challenge { defaultScheme, realm -> | ||||||
|  |                 call.respond(HttpStatusCode.Unauthorized, "Token non valido o scaduto") | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | } | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user