Get session secret from env instead of hardcoding
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pr/woodpecker Pipeline was successful

This commit is contained in:
2022-02-20 22:51:54 +00:00
parent 4688d2d94d
commit 578e7d071c
5 changed files with 16 additions and 8 deletions

View File

@ -11,7 +11,9 @@ import (
)
// TokenVerifier verifies Tokens.
type TokenVerifier struct{}
type TokenVerifier struct {
Secret string
}
// Token contains everything to authenticate a user.
type Token struct {
@ -23,7 +25,6 @@ type Token struct {
const (
expiration = 72
secret = "uditapbzuditagscwxuqdflgzpbu´ßiaefnlmzeßtrubiadern"
)
// CreateToken creates a new token from username and name.
@ -36,7 +37,7 @@ func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
})
// Generate encoded token and send it as response.
t, err := token.SignedString([]byte(secret))
t, err := token.SignedString([]byte(tv.Secret))
if err != nil {
return "", fmt.Errorf("create token: %w", err)
}
@ -56,7 +57,7 @@ func (tv *TokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)
}
return []byte(secret), nil
return []byte(tv.Secret), nil
})
if err != nil {
return nil, fmt.Errorf("parse jwt: %w", err)