diff --git a/src/main/kotlin/Application.kt b/src/main/kotlin/Application.kt index 43d91bb..6538438 100644 --- a/src/main/kotlin/Application.kt +++ b/src/main/kotlin/Application.kt @@ -1,12 +1,18 @@ package codes.kalar +import com.auth0.jwt.JWT +import com.auth0.jwt.algorithms.Algorithm import io.ktor.http.* import io.ktor.server.application.* import io.ktor.server.plugins.contentnegotiation.* import io.ktor.serialization.kotlinx.json.* +import io.ktor.server.auth.Authentication +import io.ktor.server.auth.jwt.JWTPrincipal +import io.ktor.server.auth.jwt.jwt import io.ktor.server.engine.* import io.ktor.server.netty.* import io.ktor.server.plugins.cors.routing.* +import io.ktor.server.response.respond import kotlinx.serialization.json.Json fun main(args: Array) { @@ -20,6 +26,11 @@ fun main(args: Array) { } fun Application.module() { + val secret = environment.config.property("jwt.secret").getString() + val issuer = environment.config.property("jwt.issuer").getString() + val audience = environment.config.property("jwt.audience").getString() + val myRealm = environment.config.property("jwt.realm").getString() + install(ContentNegotiation) { json(Json { prettyPrint = true @@ -27,6 +38,28 @@ fun Application.module() { }) } + install(Authentication) { + jwt("auth-jwt") { + realm = myRealm + verifier( + JWT + .require(Algorithm.HMAC256(secret)) + .withAudience(audience) + .withIssuer(issuer) + .build()) + validate { credential -> + if (credential.payload.getClaim("name").asString() != "") { + JWTPrincipal(credential.payload) + } else { + null + } + } + challenge { defaultScheme, realm -> + call.respond(HttpStatusCode.Unauthorized, "${defaultScheme}, $realm Token is not valid or has expired") + } + } + } + configureHTTP() configureSecurity() configureSerialization()