Prevent startup on empty secret
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
6dd8a3791f
commit
dae6185857
@ -29,11 +29,14 @@ func main() {
|
|||||||
panic("couldn't open static files")
|
panic("couldn't open static files")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tokenVerifier, err := jwt.NewTokenVerifier(cfg.SessionSecret)
|
||||||
|
if err != nil {
|
||||||
|
panic("couldn't create token verifier")
|
||||||
|
}
|
||||||
|
|
||||||
handler := &server.Handler{
|
handler := &server.Handler{
|
||||||
Service: queries,
|
Service: queries,
|
||||||
TokenVerifier: &jwt.TokenVerifier{
|
TokenVerifier: tokenVerifier,
|
||||||
Secret: cfg.SessionSecret,
|
|
||||||
},
|
|
||||||
CredentialsVerifier: &bcrypt.Verifier{},
|
CredentialsVerifier: &bcrypt.Verifier{},
|
||||||
StaticFS: http.FS(static),
|
StaticFS: http.FS(static),
|
||||||
}
|
}
|
||||||
|
|||||||
24
jwt/login.go
24
jwt/login.go
@ -11,8 +11,20 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// TokenVerifier verifies Tokens.
|
// TokenVerifier verifies Tokens.
|
||||||
type TokenVerifier struct {
|
type tokenVerifier struct {
|
||||||
Secret string
|
secret string
|
||||||
|
}
|
||||||
|
|
||||||
|
var ErrEmptySecret = fmt.Errorf("secret is required")
|
||||||
|
|
||||||
|
func NewTokenVerifier(secret string) (*tokenVerifier, error) {
|
||||||
|
if secret == "" {
|
||||||
|
return nil, ErrEmptySecret
|
||||||
|
}
|
||||||
|
|
||||||
|
return &tokenVerifier{
|
||||||
|
secret: secret,
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Token contains everything to authenticate a user.
|
// Token contains everything to authenticate a user.
|
||||||
@ -28,7 +40,7 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// CreateToken creates a new token from username and name.
|
// CreateToken creates a new token from username and name.
|
||||||
func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
func (tv *tokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||||
"usr": user.Email,
|
"usr": user.Email,
|
||||||
"name": user.Name,
|
"name": user.Name,
|
||||||
@ -37,7 +49,7 @@ func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
// Generate encoded token and send it as response.
|
// Generate encoded token and send it as response.
|
||||||
t, err := token.SignedString([]byte(tv.Secret))
|
t, err := token.SignedString([]byte(tv.secret))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("create token: %w", err)
|
return "", fmt.Errorf("create token: %w", err)
|
||||||
}
|
}
|
||||||
@ -52,12 +64,12 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// VerifyToken verifys a given string-token.
|
// VerifyToken verifys a given string-token.
|
||||||
func (tv *TokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error) { //nolint:ireturn
|
func (tv *tokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error) { //nolint:ireturn
|
||||||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||||
return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)
|
return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)
|
||||||
}
|
}
|
||||||
return []byte(tv.Secret), nil
|
return []byte(tv.secret), nil
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("parse jwt: %w", err)
|
return nil, fmt.Errorf("parse jwt: %w", err)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user