fix jwt token authorization

api/rest-api.go

@@ -22,6 +22,7 @@ var bearerTokenRegex *regexp.Regexp = regexp.MustCompile(bearerTokenRegexPattern
 
 type customClaims struct {
 	Username string   `json:"username"`
+	Roles    []string `json:"role"`
 	jwt.StandardClaims
 }
 
@@ -111,6 +112,8 @@ func (api *weatherRestApi) generateToken(w http.ResponseWriter, r *http.Request)
 		StandardClaims: jwt.StandardClaims{
 			ExpiresAt: time.Now().Add(time.Minute * 30).Unix(),
 		},
+		Username: "Joel",
+		Roles:    []string{"role 1", "role 2"},
 	}
 
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
@@ -307,9 +310,10 @@ func (api *weatherRestApi) IsAuthorized(next http.Handler) http.Handler {
 
 		jwtFromHeader := bearerTokenRegex.FindStringSubmatch(authorizationHeader[0])[1]
 
+		var claims customClaims
 		token, err := jwt.ParseWithClaims(
 			jwtFromHeader,
-			&customClaims{},
+			&claims,
 			func(token *jwt.Token) (interface{}, error) {
 				return []byte(api.config.JwtTokenSecret), nil
 			},

config/config.go

@@ -65,7 +65,7 @@ var RestConfiguration = RestConfig{
 	AccessControlAllowOriginHeader: getEnv("ACCESS_CONTROL_ALLOW_ORIGIN_HEADER", "*"),
 	UseTokenAuthorization:          getEnvBool("USE_TOKEN_AUTHORIZATION", false),
 	AllowTokenGeneration:           getEnvBool("ALLOW_TOKEN_GENERATION", false),
-	JwtTokenSecret:                 getEnv("JWT_TOKEN_SECRET", "jwt-token-secret"),
+	JwtTokenSecret:                 getEnv("JWT_TOKEN_SECRET", "my_token_string"),
 }
 
 var AllowUnregisteredSensors = getEnvBool("ALLOW_UNREGISTERED_SENSORS", false)