feat: use JWT for authentication (WIP)
BREAKING CHANGE: changes format of cookie
This commit is contained in:
parent
0f0b2ede64
commit
bcc446ed16
@ -3,6 +3,7 @@ module sirlab.de/go/knowyt
|
|||||||
go 1.18
|
go 1.18
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
github.com/golang-jwt/jwt v3.2.2+incompatible
|
||||||
github.com/google/uuid v1.3.0
|
github.com/google/uuid v1.3.0
|
||||||
github.com/imkira/go-observer v1.0.3
|
github.com/imkira/go-observer v1.0.3
|
||||||
)
|
)
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
|
||||||
|
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
|
||||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||||
github.com/imkira/go-observer v1.0.3 h1:l45TYAEeAB4L2xF6PR2gRLn2NE5tYhudh33MLmC7B80=
|
github.com/imkira/go-observer v1.0.3 h1:l45TYAEeAB4L2xF6PR2gRLn2NE5tYhudh33MLmC7B80=
|
||||||
|
@ -36,17 +36,26 @@ func (authMux *AuthMux) Login(w http.ResponseWriter, r *http.Request) {
|
|||||||
// check, if game is enabled
|
// check, if game is enabled
|
||||||
gm, err := authMux.app.GetGameById(usr.GetGameId())
|
gm, err := authMux.app.GetGameById(usr.GetGameId())
|
||||||
if err != nil || !gm.IsActive() {
|
if err != nil || !gm.IsActive() {
|
||||||
log.ErrorLog(fmt.Errorf("game %s disabled for user %s", gm.GetId(), usr.GetName()))
|
log.ErrorLog(fmt.Errorf("game %s disabled for user %s (%s)", gm.GetId(), usr.GetName(), usr.GetId()))
|
||||||
http.SetCookie(w, authMux.createCookie())
|
http.SetCookie(w, authMux.createCookie())
|
||||||
authMux.accessDenied(w, r)
|
authMux.accessDenied(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Info("%s logged into game %s\n", usr.GetName(), usr.GetGameId())
|
log.Info("%s (%s) logged into game %s\n", usr.GetName(), usr.GetId(), usr.GetGameId())
|
||||||
|
|
||||||
|
tokenString, err := authMux.createToken(usr.GetId())
|
||||||
|
if err != nil {
|
||||||
|
log.ErrorLog(fmt.Errorf("failed to create JWT for user id %s (%s)", usr.GetName(), usr.GetId()))
|
||||||
|
log.ErrorLog(err)
|
||||||
|
http.SetCookie(w, authMux.createCookie())
|
||||||
|
authMux.accessDenied(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
cookie := authMux.createCookie()
|
cookie := authMux.createCookie()
|
||||||
cookie.Value = usr.GetId() + ":" + usr.GetAuthCode()
|
cookie.Value = tokenString
|
||||||
cookie.MaxAge = 0
|
cookie.MaxAge = 0
|
||||||
http.SetCookie(w, cookie)
|
http.SetCookie(w, cookie)
|
||||||
w.Header().Add("Content-Type", "text/plain")
|
w.Header().Add("Content-Type", "text/plain")
|
||||||
|
27
server/src/handler/token.go
Normal file
27
server/src/handler/token.go
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
package handler
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/golang-jwt/jwt"
|
||||||
|
)
|
||||||
|
|
||||||
|
var secretKey []byte = nil
|
||||||
|
|
||||||
|
func (authMux *AuthMux) createToken(uid string) (string, error) {
|
||||||
|
if secretKey == nil {
|
||||||
|
secretKey = make([]byte, 32)
|
||||||
|
if _, err := rand.Read(secretKey); err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS512,
|
||||||
|
jwt.MapClaims{
|
||||||
|
"uid": uid,
|
||||||
|
"exp": time.Now().Add(time.Hour * 24).Unix(),
|
||||||
|
})
|
||||||
|
|
||||||
|
return token.SignedString(secretKey)
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user