91 lines
1.9 KiB
Go
91 lines
1.9 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"git.seaturtle.pw/pew/cavepedia/utils"
|
|
"github.com/dgrijalva/jwt-go"
|
|
)
|
|
|
|
// Key for signing JWTs
|
|
var key []byte
|
|
|
|
func deleteCookie(w http.ResponseWriter, name string, domain string) {
|
|
cookie := http.Cookie{
|
|
Domain: domain,
|
|
MaxAge: -1,
|
|
Name: name,
|
|
Path: "/",
|
|
Value: "",
|
|
}
|
|
http.SetCookie(w, &cookie)
|
|
}
|
|
|
|
func setCookie(w http.ResponseWriter, name string, domain string, value string) {
|
|
cookie := http.Cookie{
|
|
Domain: domain,
|
|
Name: name,
|
|
Path: "/",
|
|
Value: value,
|
|
}
|
|
http.SetCookie(w, &cookie)
|
|
}
|
|
|
|
// 1st -> valid auth?, 2nd bool -> any errors?
|
|
func getJWT(w http.ResponseWriter, r *http.Request) (bool, bool) {
|
|
tokenCookie, err := r.Cookie("CAVEPEDIA_SESSION")
|
|
if err != nil {
|
|
// Cookie does not exist
|
|
return false, true
|
|
}
|
|
|
|
// Parse Cookie
|
|
tokenStr := tokenCookie.Value
|
|
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
|
|
// Verify signing method
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
return key, nil
|
|
})
|
|
|
|
// Corrupt JWT
|
|
if err != nil {
|
|
deleteCookie(w, "CAVEPEDIA_SESSION", utils.GetConfig().CookieDomain)
|
|
return false, true
|
|
}
|
|
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
// Issue looking up claims or invalid signature
|
|
if !ok || !token.Valid {
|
|
deleteCookie(w, "CAVEPEDIA_SESSION", utils.GetConfig().CookieDomain)
|
|
return false, true
|
|
}
|
|
|
|
// Expired
|
|
err = claims.Valid()
|
|
if err != nil {
|
|
if setJWT(w) {
|
|
return true, true
|
|
} else {
|
|
return false, false
|
|
}
|
|
}
|
|
return true, true
|
|
}
|
|
|
|
func setJWT(w http.ResponseWriter) bool {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
|
|
Subject: "CAVEPEDIA",
|
|
})
|
|
|
|
tokenStr, err := token.SignedString(key)
|
|
if !checkWebError(w, err) {
|
|
return false
|
|
}
|
|
|
|
setCookie(w, "CAVEPEDIA_SESSION", utils.GetConfig().CookieDomain, tokenStr)
|
|
return true
|
|
}
|