beep
/
backend-login
5
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Sign tokens with RSA

feat/improved-bypass
Daniel Lim 2019-06-23 06:50:06 +08:00
parent 286e31c733
commit 217c90d0cf
1 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
main.go
View File

@ -3,11 +3,13 @@ package main
import ( import (
"crypto/rand" "crypto/rand"
"crypto/tls" "crypto/tls"
"crypto/rsa"
"database/sql" "database/sql"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
"io/ioutil"
"log" "log"
"math/big" "math/big"
"net/http" "net/http"
@ -27,10 +29,11 @@ import (
var listen string var listen string
var postgres string var postgres string
var redisHost string var redisHost string
var secret []byte
var ttl time.Duration var ttl time.Duration
var messagingSID string var messagingSID string
var privateKey *rsa.PrivateKey
var dummyToken string var dummyToken string
var coreURL string var coreURL string
@ -47,7 +50,6 @@ func main() {
log.Fatal("Error loading .env file") log.Fatal("Error loading .env file")
} }
listen = os.Getenv("LISTEN") listen = os.Getenv("LISTEN")
secret = []byte(os.Getenv("SECRET"))
postgres = os.Getenv("POSTGRES") postgres = os.Getenv("POSTGRES")
redisHost = os.Getenv("REDIS") redisHost = os.Getenv("REDIS")
@ -63,6 +65,17 @@ func main() {
dummyToken = "{\"userid\":\"dummy\",\"clientid\":\"dummy\"}" dummyToken = "{\"userid\":\"dummy\",\"clientid\":\"dummy\"}"
coreURL = os.Getenv("CORE_URL") coreURL = os.Getenv("CORE_URL")
// Load RSA private key
privateKeyBytes, err := ioutil.ReadFile("key")
if err != nil {
log.Fatal(err)
}
privateKey, err = jwt.ParseRSAPrivateKeyFromPEM(privateKeyBytes)
if err != nil {
log.Fatal(err)
}
// Postgres // Postgres
log.Printf("connecting to postgres %s", postgres) log.Printf("connecting to postgres %s", postgres)
db, err = sql.Open("postgres", postgres) db, err = sql.Open("postgres", postgres)
@ -251,12 +264,12 @@ func VerifyCode(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
} }
// Generate JWT // Generate JWT
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims { token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims {
"userid": userID, "userid": userID,
"clientid": req.ClientId, "clientid": req.ClientId,
}) })
tokenString, err := token.SignedString(secret) tokenString, err := token.SignedString(privateKey)
if err != nil { if err != nil {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return
@ -279,12 +292,12 @@ func Login(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
return return
} }
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims { token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims {
"userid": login.ID, "userid": login.ID,
"clientid": login.Client, "clientid": login.Client,
}) })
tokenString, err := token.SignedString(secret) tokenString, err := token.SignedString(privateKey)
if err != nil { if err != nil {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return return