jacob1123/budgeteer
1
1
Fork 0
Code Issues 12 Pull Requests 1 Packages Releases 1 Wiki Activity

Get session secret from env instead of hardcoding
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Jan Bader 2022-02-20 22:51:54 +00:00
parent 4688d2d94d
commit 578e7d071c
5 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/budgeteer/main.go
View File

@ -31,7 +31,9 @@ func main() {
handler := &server.Handler{ handler := &server.Handler{
Service: queries, Service: queries,
TokenVerifier: &jwt.TokenVerifier{}, TokenVerifier: &jwt.TokenVerifier{
Secret: cfg.SessionSecret,
},
CredentialsVerifier: &bcrypt.Verifier{}, CredentialsVerifier: &bcrypt.Verifier{},
StaticFS: http.FS(static), StaticFS: http.FS(static),
} }

2
config/config.go
View File

@ -7,12 +7,14 @@ import (
// Config contains all needed configurations. // Config contains all needed configurations.
type Config struct { type Config struct {
DatabaseConnection string DatabaseConnection string
SessionSecret string
} }
// LoadConfig from path. // LoadConfig from path.
func LoadConfig() (*Config, error) { func LoadConfig() (*Config, error) {
configuration := Config{ configuration := Config{
DatabaseConnection: os.Getenv("BUDGETEER_DB"), DatabaseConnection: os.Getenv("BUDGETEER_DB"),
SessionSecret: os.Getenv("BUDGETEER_SESSION_SECRET"),
} }
return &configuration, nil return &configuration, nil

1
docker-compose.dev.yml
View File

@ -17,6 +17,7 @@ services:
- ~/.cache:/.cache - ~/.cache:/.cache
environment: environment:
BUDGETEER_DB: postgres://budgeteer:budgeteer@db:5432/budgeteer BUDGETEER_DB: postgres://budgeteer:budgeteer@db:5432/budgeteer
BUDGETEER_SESSION_SECRET: random string for JWT authorization
depends_on: depends_on:
- db - db

9
jwt/login.go
View File

@ -11,7 +11,9 @@ import (
) )
// TokenVerifier verifies Tokens. // TokenVerifier verifies Tokens.
type TokenVerifier struct{} type TokenVerifier struct {
Secret string
}
// Token contains everything to authenticate a user. // Token contains everything to authenticate a user.
type Token struct { type Token struct {
@ -23,7 +25,6 @@ type Token struct {
const ( const (
expiration = 72 expiration = 72
secret = "uditapbzuditagscwxuqdflgzpbu´ßiaefnlmzeßtrubiadern"
) )
// CreateToken creates a new token from username and name. // CreateToken creates a new token from username and name.
@ -36,7 +37,7 @@ func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
}) })
// Generate encoded token and send it as response. // Generate encoded token and send it as response.
t, err := token.SignedString([]byte(secret)) t, err := token.SignedString([]byte(tv.Secret))
if err != nil { if err != nil {
return "", fmt.Errorf("create token: %w", err) return "", fmt.Errorf("create token: %w", err)
} }
@ -56,7 +57,7 @@ func (tv *TokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod) return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)
} }
return []byte(secret), nil return []byte(tv.Secret), nil
}) })
if err != nil { if err != nil {
return nil, fmt.Errorf("parse jwt: %w", err) return nil, fmt.Errorf("parse jwt: %w", err)

4
server/account_test.go
View File

@ -28,7 +28,9 @@ func TestRegisterUser(t *testing.T) { //nolint:funlen
h := Handler{ h := Handler{
Service: database, Service: database,
TokenVerifier: &jwt.TokenVerifier{}, TokenVerifier: &jwt.TokenVerifier{
Secret: "this_is_my_demo_secret_for_unit_tests",
},
CredentialsVerifier: &bcrypt.Verifier{}, CredentialsVerifier: &bcrypt.Verifier{},
} }