add jwt token validation

db/db.go

@@ -14,7 +14,7 @@ var (
 )
 
 func InitDB() {
-	clientOptions := options.Client().ApplyURI("mongodb://root:example@192.168.2.177:27017/")
+	clientOptions := options.Client().ApplyURI("mongodb://root:example@localhost:27017/")
 	client, err := mongo.Connect(context.TODO(), clientOptions)
 	if err != nil {
 		log.Fatal(err)

go.mod

@@ -8,7 +8,10 @@ require (
 	github.com/gorilla/mux v1.7.3
 	github.com/rs/cors v1.11.0
 	golang.org/x/crypto v0.32.0
+	k8s.io/api v0.31.0
 	k8s.io/apimachinery v0.31.0
+	k8s.io/client-go v0.31.0
+	k8s.io/kubectl v0.31.2
 )
 
 require (
@@ -86,13 +89,10 @@ require (
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.31.0 // indirect
 	k8s.io/apiextensions-apiserver v0.31.2 // indirect
 	k8s.io/apiserver v0.31.0 // indirect
-	k8s.io/client-go v0.31.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/kubectl v0.31.2 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	oras.land/oras-go/v2 v2.5.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.4-0.20241211184406-7bf59b3d70ee // indirect

handler/handler.go

@@ -16,6 +16,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/golang-jwt/jwt/v4"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/kubectl/pkg/scheme"
@@ -31,6 +32,13 @@ import (
 	"k8s.io/client-go/tools/remotecommand"
 )
 
+type User struct {
+	ID       string `json:"id,omitempty"`
+	Username string `json:"username"`
+	Email    string `json:"email"`
+	Password string `json:"password,omitempty"`
+}
+
 type Cluster struct {
 	ID              primitive.ObjectID `bson:"_id,omitempty"`
 	Name            string             `json:"name"`
@@ -175,14 +183,27 @@ func human(d time.Duration) string {
 	return fmt.Sprintf("%ds", secs)
 }
 
+var jwtKey = []byte("mysecret123")
+
+func DecodeJwt(tokenString *string, user *User) {
+	claims := jwt.MapClaims{}
+	_, err := jwt.ParseWithClaims(*tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+		return []byte(jwtKey), nil
+	})
+
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	user.Username = claims["username"].(string)
+}
+
 func CreateClusterHandler(w http.ResponseWriter, r *http.Request) {
 
 	var cluster Cluster
 	_ = json.NewDecoder(r.Body).Decode(&cluster)
 
-	var header Header
-	header.Authorization = r.Header.Get("Authorization")
-
 	// vclusterCollection := db.Vclusters_details.FindOne(context.TODO(), bson.M{"name": Cluster.Name}).Decode(&existsCluster)
 
 	if cluster.Name == "" || cluster.ControlPlane == "" || cluster.PlatformVersion == "" || cluster.Cpu == "" || cluster.Memory == "" {
@@ -268,6 +289,18 @@ func getClientset(w http.ResponseWriter, clustername string) (*kubernetes.Client
 
 func ListUserClusters(w http.ResponseWriter, r *http.Request) {
 	// var cluster Cluster
+
+	var header Header
+	var user User
+	header.Authorization = r.Header.Get("Authorization")
+	DecodeJwt(&header.Authorization, &user)
+
+	count, err := db.UserCollection.CountDocuments(context.TODO(), bson.M{"username": user.Username})
+	if err != nil || count <= 0 {
+		http.Error(w, `{"message": "Invalid username "}`, http.StatusUnauthorized)
+		return
+	}
+
 	_, clusterList := argohandler.ListUserClusters("userid")
 
 	w.Header().Set("Content-Type", "application/json")

main.go

@@ -95,7 +95,7 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	expirationTime := time.Now().Add(15 * time.Minute)
+	expirationTime := time.Now().Add(120 * time.Minute)
 	claims := &Claims{
 		Username: creds.Username,
 		RegisteredClaims: jwt.RegisteredClaims{