reugn
diff --git a/‎.dockerignore‎
Lines changed: 1 addition & 0 deletions b/‎.dockerignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 19 additions & 0 deletions b/‎.github/workflows/build.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.github/workflows/docker.yml‎
Lines changed: 42 additions & 0 deletions b/‎.github/workflows/docker.yml‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 14 additions & 15 deletions b/‎README.md‎
Lines changed: 14 additions & 15 deletions
diff --git a/‎auth/jwt_validator.go‎
Lines changed: 4 additions & 1 deletion b/‎auth/jwt_validator.go‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 19 additions & 6 deletions b/‎go.mod‎
Lines changed: 19 additions & 6 deletions
@@ -1,4 +1,5 @@
 .git
+.github
 .cache
 
 examples/
@@ -0,0 +1,19 @@
+name: Build
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [1.15.x, 1.16.x]
+    steps:
+    - name: Setup Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v2
+    - name: Test
+      run: go test ./...
@@ -0,0 +1,42 @@
+name: Create and publish a Docker image
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
@@ -5,7 +5,7 @@ COPY . .
 RUN go get ./...
 RUN GOOS=linux go build -ldflags="-s -w" -o ./bin/auth
 
-FROM alpine:3.9
+FROM alpine:3.14
 WORKDIR /go/bin
 COPY --from=build /go/src/app/bin /go/bin
 COPY ./secrets ./secrets
 
@@ -1,25 +1,27 @@
 # auth-server
-[![GoDoc](https://godoc.org/github.com/reugn/auth_server?status.svg)](https://godoc.org/github.com/reugn/auth_server)
+[![Build](https://github.com/reugn/auth-server/actions/workflows/build.yml/badge.svg)](https://github.com/reugn/auth-server/actions/workflows/build.yml)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/reugn/auth-server)](https://pkg.go.dev/github.com/reugn/auth-server)
+[![Go Report Card](https://goreportcard.com/badge/github.com/reugn/auth-server)](https://goreportcard.com/report/github.com/reugn/auth-server)
 
-Simple authentication and authorization server.  
-`auth-server` can act as a proxy middleware or be configured in a stand-alone mode as well. It doesn't require any third-party software integration. Use one of the available repositories to configure backend storage, or implement one of your own.
+This project provides tools to set up a custom authentication and authorization server.  
+`auth-server` can act as a proxy middleware or be configured in a stand-alone mode. It doesn't require any third-party software integration. Use one of the [available repositories](./repository) to configure backend storage, or implement one of your own.
 
 ## Introduction
 * **Authentication** is used by a server when the server needs to know exactly who is accessing their information or site.
 * **Authorization** is a process by which a server determines if the client has permission to use a resource or access a file.
 
-Building an authentication and authorization strategy is always a challenging process.
-Just a number of quick questions that immediately arise:
+Creating an authentication and authorization strategy is always a complex process. A number of quick questions immediately arise:
+
 * Should we set up separate services for authentication and authorization
 * How do we handle access token creation and who is responsible for this
 * Should we alter our REST service to support authorization flow
 
-`auth-server` project tries to accumulate all those capabilities and act as a transparent authentication and authorization proxy middleware.
+The `auth-server` project tries to accumulate all of those capabilities and act as a transparent authentication and authorization proxy middleware.
 
 ## Architecture
-![](./images/architecture_diagram_1.png)
+![architecture_diagram](./images/architecture_diagram_1.png)
 
-1. Client requests an access token (JWT), using a basic authentication header:
+1. The user requests an access token (JWT), using a basic authentication header:
     ```
     GET /token HTTP/1.1
     Host: localhost:8081
@@ -30,7 +32,7 @@ Just a number of quick questions that immediately arise:
     Response body:  
     `{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1ODg5MzMyNTIsImlhdCI6MTU4ODkyOTY1MiwidXNlciI6ImFkbWluIiwicm9sZSI6MX0.LUx9EYsfBZGwbEsofBTT_5Lo3Y_3lk7T8pWLv3bw-XKVOqb_GhaRkVE90QR_sI-bWTkYCFIG9cPYmMXzmPLyjbofgsqTOzH6OaXi3IqxwZRtRGFtuqMoqXkakX5n38mvI3XkIOwFkNosHrpMtIq-HdqB3tfiDJc3YMsYfPbqyRBnBYJu2K51NslGQSiqKSnS_4KeLeaqqdpC7Zdb9Fo-r7EMn3FFuyPEab1iBsrcUYG3qnsKkvDhaq_jEGHflao7dEPEWaiGvJywXWaKR6XyyGtVx0H-OPfgvh1vUCLUUci2K3xE-IxjfRrHx3dSzdqFgJq_n4bVXpO9iNVYOZLccQ","token_type":"Bearer","expires_in":3600000}`
 
-3. Client sends an authenticated request to the proxy server:
+3. The user sends an authenticated request to the proxy server:
     ```
     GET /foo HTTP/1.1
     Host: localhost:8081
@@ -39,8 +41,8 @@ Just a number of quick questions that immediately arise:
 
 4. Proxy invokes `auth-server` as an authentication/authorization middleware. In case the token was successfully authenticated/authorized, the request will be routed to the target service. Otherwise, an auth error code will be returned to the client.
 
-## Prerequisites
-* `auth-server` written in Golang.
+## Installation and Prerequisites
+* `auth-server` is written in Golang.
 To install the latest stable version of Go, visit https://golang.org/dl/
 
 * To run the project using Docker, visit their [page](https://www.docker.com/get-started) to get started. Docker images are available under the [GitHub Packages](https://github.com/reugn/auth-server/packages).
@@ -56,8 +58,5 @@ To run `auth-server` as a [Traefik](https://docs.traefik.io/) middleware:
 * `cd examples/traefik`
 * `docker-compose up -d`
 
-## Contributing
-Contributions are very welcome!
-
 ## License
-Licensed under the Apache 2.0 License.
+Licensed under the Apache 2.0 License.
@@ -55,7 +55,10 @@ func getClaims(token *jwt.Token) (*Claims, error) {
 	}
 
 	claims := Claims{}
-	json.Unmarshal(jsonClaims, &claims)
+	err = json.Unmarshal(jsonClaims, &claims)
+	if err != nil {
+		return nil, err
+	}
 
 	return &claims, nil
 }
 
@@ -1,12 +1,25 @@
 module github.com/reugn/auth-server
 
-go 1.14
+go 1.16
 
 require (
-	github.com/aerospike/aerospike-client-go v2.9.0+incompatible
+	github.com/aerospike/aerospike-client-go/v5 v5.6.0
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/onsi/ginkgo v1.12.0 // indirect
-	github.com/onsi/gomega v1.9.0 // indirect
-	github.com/yuin/gopher-lua v0.0.0-20191220021717-ab39c6098bdb // indirect
-	golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/go-test/deep v1.0.7 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-hclog v0.16.2 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.6.7 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-3 // indirect
+	github.com/hashicorp/vault/api v1.1.2-0.20210713235431-1fc8af4c041f
+	github.com/hashicorp/vault/sdk v0.2.2-0.20211005222123-93e045565e4a // indirect
+	github.com/mattn/go-colorable v0.1.11 // indirect
+	github.com/mitchellh/mapstructure v1.3.3 // indirect
+	github.com/stretchr/testify v1.7.0 // indirect
+	github.com/yuin/gopher-lua v0.0.0-20210529063254-f4c35e4016d9 // indirect
+	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect
+	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
-Original file line number
+Diff line change
@@ @@ -1,4 +1,5 @@ @@
 .git
 +.github
 .cache
 examples/
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,10 @@ func getClaims(token jwt.Token) (Claims, error) {`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`claims := Claims{}`
`58`		`- json.Unmarshal(jsonClaims, &claims)`
	`58`	`+ err = json.Unmarshal(jsonClaims, &claims)`
	`59`	`+ if err != nil {`
	`60`	`+ return nil, err`
	`61`	`+ }`
`59`	`62`
`60`	`63`	`return &claims, nil`
`61`	`64`	`}`