implementazione metodo di verifica JWT

secret in file di configurazione application.config
2025-02-18 16:06:15 +01:00 · 2025-02-18 16:06:15 +01:00 · cd597a52c2
commit cd597a52c2
parent b8ee25b762
2 changed files with 40 additions and 3 deletions
--- a/src/main/kotlin/eu/maiora/Application.kt
+++ b/src/main/kotlin/eu/maiora/Application.kt
@ -17,10 +17,12 @@ fun main() {

 fun Application.module() {
    val config = ApplicationConfig("application.conf")
-    val dbUrl = config.property("ktor.database.url").getString();
-    val username = config.property("ktor.database.username").getString();
-    val password = config.property("ktor.database.password").getString();
+    val dbUrl = config.property("ktor.database.url").getString()
+    val username = config.property("ktor.database.username").getString()
+    val password = config.property("ktor.database.password").getString()
+    val secret = config.property("ktor.jwt.secret").getString()
    configureDatabases(dbUrl, username, password)
+    configureSecurity(secret)
    configureRouting(dbUrl, username, password)
    configureSerialization()

--- a/src/main/kotlin/eu/maiora/plugins/Security.kt
+++ b/src/main/kotlin/eu/maiora/plugins/Security.kt
@ -0,0 +1,35 @@
+package eu.maiora.plugins
+
+import com.auth0.jwt.JWT
+import com.auth0.jwt.algorithms.Algorithm
+import io.ktor.http.*
+import io.ktor.server.application.*
+import io.ktor.server.auth.*
+import io.ktor.server.auth.jwt.*
+import io.ktor.server.response.*
+
+fun Application.configureSecurity(secret: String) {
+    install(Authentication) {
+        jwt ("auth-jwt"){
+            verifier(
+                JWT
+                    .require(Algorithm.HMAC256(secret))
+                    .build())
+            validate { credential ->
+                val expiresAt = credential.payload.expiresAt?.time ?: 0
+                val now = System.currentTimeMillis()
+
+                // Verifica se il token ? scaduto
+                if (expiresAt >= now) {
+                    JWTPrincipal(credential.payload)
+                }
+                else {
+                    null
+                }
+            }
+            challenge { defaultScheme, realm ->
+                call.respond(HttpStatusCode.Unauthorized, "Token non valido o scaduto")
+            }
+        }
+    }
+}