Prevent startup on empty secret
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
6dd8a3791f
commit
dae6185857
@ -29,11 +29,14 @@ func main() {
|
||||
panic("couldn't open static files")
|
||||
}
|
||||
|
||||
tokenVerifier, err := jwt.NewTokenVerifier(cfg.SessionSecret)
|
||||
if err != nil {
|
||||
panic("couldn't create token verifier")
|
||||
}
|
||||
|
||||
handler := &server.Handler{
|
||||
Service: queries,
|
||||
TokenVerifier: &jwt.TokenVerifier{
|
||||
Secret: cfg.SessionSecret,
|
||||
},
|
||||
TokenVerifier: tokenVerifier,
|
||||
CredentialsVerifier: &bcrypt.Verifier{},
|
||||
StaticFS: http.FS(static),
|
||||
}
|
||||
|
||||
24
jwt/login.go
24
jwt/login.go
@ -11,8 +11,20 @@ import (
|
||||
)
|
||||
|
||||
// TokenVerifier verifies Tokens.
|
||||
type TokenVerifier struct {
|
||||
Secret string
|
||||
type tokenVerifier struct {
|
||||
secret string
|
||||
}
|
||||
|
||||
var ErrEmptySecret = fmt.Errorf("secret is required")
|
||||
|
||||
func NewTokenVerifier(secret string) (*tokenVerifier, error) {
|
||||
if secret == "" {
|
||||
return nil, ErrEmptySecret
|
||||
}
|
||||
|
||||
return &tokenVerifier{
|
||||
secret: secret,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// Token contains everything to authenticate a user.
|
||||
@ -28,7 +40,7 @@ const (
|
||||
)
|
||||
|
||||
// CreateToken creates a new token from username and name.
|
||||
func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
||||
func (tv *tokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||
"usr": user.Email,
|
||||
"name": user.Name,
|
||||
@ -37,7 +49,7 @@ func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
||||
})
|
||||
|
||||
// Generate encoded token and send it as response.
|
||||
t, err := token.SignedString([]byte(tv.Secret))
|
||||
t, err := token.SignedString([]byte(tv.secret))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("create token: %w", err)
|
||||
}
|
||||
@ -52,12 +64,12 @@ var (
|
||||
)
|
||||
|
||||
// VerifyToken verifys a given string-token.
|
||||
func (tv *TokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error) { //nolint:ireturn
|
||||
func (tv *tokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error) { //nolint:ireturn
|
||||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)
|
||||
}
|
||||
return []byte(tv.Secret), nil
|
||||
return []byte(tv.secret), nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parse jwt: %w", err)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user