cavepedia/src/cookies.go

package main

import (
	"fmt"
	"net/http"

	"git.seaturtle.pw/pew/cavepedia/utils"
	"github.com/dgrijalva/jwt-go"
)

// Key for signing JWTs
var key []byte

func deleteCookie(w http.ResponseWriter, name string, domain string) {
	cookie := http.Cookie{
		Domain: domain,
		MaxAge: -1,
		Name:   name,
		Path:   "/",
		Value:  "",
	}
	http.SetCookie(w, &cookie)
}

func setCookie(w http.ResponseWriter, name string, domain string, value string) {
	cookie := http.Cookie{
		Domain: domain,
		Name:   name,
		Path:   "/",
		Value:  value,
	}
	http.SetCookie(w, &cookie)
}

// 1st -> valid auth?, 2nd bool -> any errors?
func getJWT(w http.ResponseWriter, r *http.Request) (bool, bool) {
	tokenCookie, err := r.Cookie("CAVEPEDIA_SESSION")
	if err != nil {
		// Cookie does not exist
		return false, true
	}

	// Parse Cookie
	tokenStr := tokenCookie.Value
	token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
		// Verify signing method
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
		}
		return key, nil
	})

	// Corrupt JWT
	if err != nil {
		deleteCookie(w, "CAVEPEDIA_SESSION", utils.GetConfig().CookieDomain)
		return false, true
	}

	claims, ok := token.Claims.(jwt.MapClaims)
	// Issue looking up claims or invalid signature
	if !ok || !token.Valid {
		deleteCookie(w, "CAVEPEDIA_SESSION", utils.GetConfig().CookieDomain)
		return false, true
	}

	// Expired
	err = claims.Valid()
	if err != nil {
		if setJWT(w) {
			return true, true
		} else {
			return false, false
		}
	}
	return true, true
}

func setJWT(w http.ResponseWriter) bool {
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
		Subject: "CAVEPEDIA",
	})

	tokenStr, err := token.SignedString(key)
	if !checkWebError(w, err) {
		return false
	}

	setCookie(w, "CAVEPEDIA_SESSION", utils.GetConfig().CookieDomain, tokenStr)
	return true
}