Don't send password hash to front-end
Former-commit-id: 8063326551ef444c718284c0307acd646c28921d [formerly 222b0e273b26617e86c624f54e39db3743c2bff4] [formerly b75a02d333e94460ac83a305d062dc17bacf705e [formerly 43115f44f2941e92c41b1c8270d57f800ded93fa]] Former-commit-id: b2bc236aacbca7a2ede89809fd728b70291335f9 [formerly 332d8886620d00420c4ef9bf786464acaebb807e] Former-commit-id: 4bf173a4143a85a7f8fbba9cd5b7a4673ef64062
This commit is contained in:
Henrique Dias
parent
e1fb77a33b
commit
f4f1fc4213
46
auth.go
46
auth.go
|
|
@ -12,11 +12,6 @@ import (
|
||||||
"github.com/dgrijalva/jwt-go/request"
|
"github.com/dgrijalva/jwt-go/request"
|
||||||
)
|
)
|
||||||
|
|
||||||
type claims struct {
|
|
||||||
*User
|
|
||||||
jwt.StandardClaims
|
|
||||||
}
|
|
||||||
|
|
||||||
// authHandler proccesses the authentication for the user.
|
// authHandler proccesses the authentication for the user.
|
||||||
func authHandler(c *requestContext, w http.ResponseWriter, r *http.Request) (int, error) {
|
func authHandler(c *requestContext, w http.ResponseWriter, r *http.Request) (int, error) {
|
||||||
// Receive the credentials from the request and unmarshal them.
|
// Receive the credentials from the request and unmarshal them.
|
||||||
|
|
@ -41,23 +36,8 @@ func authHandler(c *requestContext, w http.ResponseWriter, r *http.Request) (int
|
||||||
return http.StatusForbidden, nil
|
return http.StatusForbidden, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
claims := claims{
|
c.us = u
|
||||||
c.fm.Users["admin"],
|
return printToken(c, w)
|
||||||
jwt.StandardClaims{
|
|
||||||
ExpiresAt: time.Now().Add(time.Hour * 24).Unix(),
|
|
||||||
Issuer: "File Manager",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
||||||
string, err := token.SignedString(c.fm.key)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return http.StatusInternalServerError, err
|
|
||||||
}
|
|
||||||
|
|
||||||
w.Write([]byte(string))
|
|
||||||
return 0, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// renewAuthHandler is used when the front-end already has a JWT token
|
// renewAuthHandler is used when the front-end already has a JWT token
|
||||||
|
|
@ -68,6 +48,25 @@ func renewAuthHandler(c *requestContext, w http.ResponseWriter, r *http.Request)
|
||||||
return http.StatusForbidden, nil
|
return http.StatusForbidden, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
c.us = u
|
||||||
|
return printToken(c, w)
|
||||||
|
}
|
||||||
|
|
||||||
|
// claims is the JWT claims.
|
||||||
|
type claims struct {
|
||||||
|
User
|
||||||
|
jwt.StandardClaims
|
||||||
|
}
|
||||||
|
|
||||||
|
// printToken prints the final JWT token to the user.
|
||||||
|
func printToken(c *requestContext, w http.ResponseWriter) (int, error) {
|
||||||
|
// Creates a copy of the user and removes it password
|
||||||
|
// hash so it never arrives to the user.
|
||||||
|
u := User{}
|
||||||
|
u = *c.us
|
||||||
|
u.Password = ""
|
||||||
|
|
||||||
|
// Builds the claims.
|
||||||
claims := claims{
|
claims := claims{
|
||||||
u,
|
u,
|
||||||
jwt.StandardClaims{
|
jwt.StandardClaims{
|
||||||
|
|
@ -76,12 +75,15 @@ func renewAuthHandler(c *requestContext, w http.ResponseWriter, r *http.Request)
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Creates the token and signs it.
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||||
string, err := token.SignedString(c.fm.key)
|
string, err := token.SignedString(c.fm.key)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return http.StatusInternalServerError, err
|
return http.StatusInternalServerError, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Writes the token.
|
||||||
w.Write([]byte(string))
|
w.Write([]byte(string))
|
||||||
return 0, nil
|
return 0, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue