Get session secret from env instead of hardcoding
This commit is contained in:
@ -11,7 +11,9 @@ import (
|
||||
)
|
||||
|
||||
// TokenVerifier verifies Tokens.
|
||||
type TokenVerifier struct{}
|
||||
type TokenVerifier struct {
|
||||
Secret string
|
||||
}
|
||||
|
||||
// Token contains everything to authenticate a user.
|
||||
type Token struct {
|
||||
@ -23,7 +25,6 @@ type Token struct {
|
||||
|
||||
const (
|
||||
expiration = 72
|
||||
secret = "uditapbzuditagscwxuqdflgzpbu´ßiaefnlmzeßtrubiadern"
|
||||
)
|
||||
|
||||
// CreateToken creates a new token from username and name.
|
||||
@ -36,7 +37,7 @@ func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
||||
})
|
||||
|
||||
// Generate encoded token and send it as response.
|
||||
t, err := token.SignedString([]byte(secret))
|
||||
t, err := token.SignedString([]byte(tv.Secret))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("create token: %w", err)
|
||||
}
|
||||
@ -56,7 +57,7 @@ func (tv *TokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)
|
||||
}
|
||||
return []byte(secret), nil
|
||||
return []byte(tv.Secret), nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parse jwt: %w", err)
|
||||
|
Reference in New Issue
Block a user