Massaging JWT/auth
This commit is contained in:
Matthew Dillon
parent
f549169a1e
commit
b005301399
1 changed files with 22 additions and 11 deletions
33
users.go
33
users.go
|
|
@ -43,9 +43,9 @@ func (m *User) String() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserSession struct {
|
type UserSession struct {
|
||||||
Token string `json:"token"`
|
*User
|
||||||
AccessLevel string `json:"access_level"`
|
Role string `json:"access_level"`
|
||||||
Genus string `json:"genus"`
|
Genus string `json:"genus"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) {
|
func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
@ -59,21 +59,31 @@ func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
user_session, err := dbAuthenticate(a.Username, a.Password)
|
user_session, err := dbAuthenticate(a.Username, a.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
w.WriteHeader(http.StatusUnauthorized)
|
||||||
|
w.Write([]byte(`{"error":"Invalid username or password"}`))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
t := jwt.New(jwt.GetSigningMethod("RS256"))
|
currentTime := time.Now()
|
||||||
t.Claims["auth_level"] = user_session.AccessLevel
|
|
||||||
t.Claims["genus"] = user_session.Genus
|
t := jwt.New(jwt.GetSigningMethod("HS256"))
|
||||||
t.Claims["exp"] = time.Now().Add(time.Minute * 60 * 24).Unix()
|
t.Claims["name"] = user_session.Username
|
||||||
|
t.Claims["iss"] = "bactdb"
|
||||||
|
t.Claims["sub"] = "user@example.com" // TODO: fix this
|
||||||
|
t.Claims["role"] = user_session.Role
|
||||||
|
t.Claims["iat"] = currentTime.Unix()
|
||||||
|
t.Claims["exp"] = currentTime.Add(time.Minute * 60 * 24).Unix()
|
||||||
tokenString, err := t.SignedString(signKey)
|
tokenString, err := t.SignedString(signKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user_session.Token = tokenString
|
var token struct {
|
||||||
data, err := json.Marshal(user_session)
|
Token string `json:"token"`
|
||||||
|
}
|
||||||
|
token.Token = tokenString
|
||||||
|
data, err := json.Marshal(token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
|
|
@ -95,7 +105,8 @@ func dbAuthenticate(username string, password string) (*UserSession, error) {
|
||||||
if err := bcrypt.CompareHashAndPassword([]byte(users[0].Password), []byte(password)); err != nil {
|
if err := bcrypt.CompareHashAndPassword([]byte(users[0].Password), []byte(password)); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
user_session.AccessLevel = "read"
|
user_session.User = &users[0]
|
||||||
|
user_session.Role = "admin"
|
||||||
user_session.Genus = "hymenobacter"
|
user_session.Genus = "hymenobacter"
|
||||||
return &user_session, nil
|
return &user_session, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Reference in a new issue