Architecture
System layout of JWTAuth, middleware, PEM loading, and Redis-backed token lifecycle.
Overview
graph TB
REQ[HTTP Request] --> MW[Middleware]
MW --> V[Verify]
V -->|Valid| AUTH[Return Auth]
V -->|Expired| RF[Refresh]
V -->|No Token| DENY[Deny]
RF --> REDIS[(Redis)]
V --> FP[Device Fingerprint]
Module: JWTAuth
JWTAuth is the public entry point holding Config, Redis client, and ECDSA keys.
graph TB
subgraph JWTAuth
New[New] --> PEM[handlePEM / parsePEM]
New --> Redis[Redis Client]
Create[Create] --> Sign[signJWT ES256]
Create --> Store[Redis Pipeline]
Verify[Verify] --> Parse[parseJWT]
Verify --> RevokeCheck[Revocation check]
Verify --> Refresh[refresh]
Refresh --> Lock[SetNX distributed lock]
Refresh --> Sign
Revoke[Revoke] --> Clear[clearCookie + revoke key]
end
Client[Caller] --> New
Client --> Create
Client --> Verify
Client --> Revoke
RedisDB[(Redis)] --> Store
RedisDB --> RevokeCheck
RedisDB --> Lock
Module: Middleware
Gin and net/http middleware wrap Verify and store Auth in context on success.
graph LR
subgraph Middleware
Gin[GinMiddleware] --> Verify
HTTP[HTTPMiddleware] --> Verify
GetGin[GetAuthDataFromGinContext]
GetHTTP[GetAuthDataFromHTTPRequest]
end
Verify[Verify] --> Auth[Auth in context]
Module: PEM
Key load order: file path → inline PEM string → default path auto-generate ECDSA P-256.
graph TB
Start[handlePEM] --> File{File path?}
File -->|yes| ReadFile[Read PEM files]
File -->|no| Inline{Option inline?}
Inline -->|yes| UseInline[Use strings]
Inline -->|no| Default{Default files exist?}
Default -->|yes| ReadDefault[Read ./keys]
Default -->|no| Create[createPEM P-256]
ReadFile --> Parse[parsePEM]
UseInline --> Parse
ReadDefault --> Parse
Create --> Parse
Data Flow
sequenceDiagram
participant C as Client
participant M as Middleware
participant V as Verify
participant R as Redis
participant P as PEM
C->>M: HTTP Request
M->>V: Verify(w, r)
V->>R: check revoke / jti
alt Valid token
V->>P: parseJWT ES256
V-->>M: Auth
M-->>C: allow + context
else Expired token
V->>R: SetNX lock + getRefreshData
V->>P: signJWT
V->>R: update refresh / jti
V-->>M: Auth + new token
M-->>C: allow
else Missing / revoked
V-->>M: Unauthorized
M-->>C: 401 / error JSON
end
Package layout
| Path | Role |
|---|---|
core/ |
Library package goJwt (import github.com/pardnchiu/go-jwt/core) |
core/instance.go |
New, Close, option defaults |
core/create.go |
Issue Access Token + Refresh ID |
core/verify.go |
Parse, revoke check, transparent refresh |
core/revoke.go |
Logout / session revoke |
core/middleware.go |
Gin and net/http middleware |
core/type.go |
Config, Auth, JWTAuthResult, Redis keys |
core/pem.go |
PEM load / generate / parse |