From 098d4456e2427c939f72c0ae78dc1021c2117744 Mon Sep 17 00:00:00 2001 From: Medzik <8584366-Medzik@users.noreply.gitlab.com> Date: Mon, 2 Aug 2021 20:34:06 +0000 Subject: [PATCH] NOT WORKING --- website/routes/api/api.go | 3 -- website/routes/api/auth/authorize.go | 21 ++++---- website/routes/api/auth/login.go | 79 ---------------------------- website/routes/api/auth/token.go | 41 +++++++++++++-- website/routes/api/auth/types.go | 2 - website/routes/api/delete.go | 23 +------- website/routes/api/insert.go | 20 ++----- 7 files changed, 53 insertions(+), 136 deletions(-) delete mode 100644 website/routes/api/auth/login.go diff --git a/website/routes/api/api.go b/website/routes/api/api.go index 193fba8..d480084 100644 --- a/website/routes/api/api.go +++ b/website/routes/api/api.go @@ -2,7 +2,6 @@ package api import ( "github.com/gin-gonic/gin" - "gitlab.com/gaming0skar123/go/pingbot/website/routes/api/auth" ) func ApplyRoutes(r *gin.Engine) { @@ -12,8 +11,6 @@ func ApplyRoutes(r *gin.Engine) { api.POST("/url", Insert) api.DELETE("/url/:url", Delete) - api.POST("/login", auth.Login) - api.GET("/status", Status) } } diff --git a/website/routes/api/auth/authorize.go b/website/routes/api/auth/authorize.go index 940db8b..809908f 100644 --- a/website/routes/api/auth/authorize.go +++ b/website/routes/api/auth/authorize.go @@ -1,22 +1,23 @@ package auth import ( + "fmt" + "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt" ) -func Authorize(c *gin.Context) (bool, jwt.MapClaims, error) { +func AuthorizeJWT(c *gin.Context) bool { const BEARER_SCHEMA = "Bearer" - authHeader := c.GetHeader("Authorization") - if authHeader == "" { - return false, nil, nil - } tokenString := authHeader[len(BEARER_SCHEMA):] - token, claims, err := ValidateToken(tokenString) - if err != nil { - return false, claims, err + token, err := ValidateToken(tokenString) + if token.Valid { + claims := token.Claims.(jwt.MapClaims) + fmt.Println(claims) + return true + } else { + fmt.Println(err) + return false } - - return token.Valid, claims, err } diff --git a/website/routes/api/auth/login.go b/website/routes/api/auth/login.go deleted file mode 100644 index db673dd..0000000 --- a/website/routes/api/auth/login.go +++ /dev/null @@ -1,79 +0,0 @@ -package auth - -import ( - "crypto/sha512" - "fmt" - "net/http" - "time" - - "github.com/gin-gonic/gin" - "github.com/golang-jwt/jwt" - "gitlab.com/gaming0skar123/go/pingbot/config" - "gitlab.com/gaming0skar123/go/pingbot/database/mongo" -) - -func Login(c *gin.Context) { - var post UserAuth - err := c.BindJSON(&post) - if err != nil { - c.JSON(http.StatusBadRequest, json{ - "success": false, - "message": "Error Binding JSON!", - }) - - return - } - - if post.Username == "" || post.Password == "" { - c.JSON(http.StatusBadRequest, json{ - "success": false, - "message": "Invalid POST param!", - }) - - return - } - - if len(post.Username) < 6 || len(post.Password) < 8 { - c.JSON(http.StatusBadRequest, json{ - "success": false, - "message": "Username or Password is too short!", - }) - - return - } - - h := sha512.Sum512([]byte(post.Password)) - s := fmt.Sprintf("%x", h[:]) - - _, err = mongo.Login(post.Username, s) - if err != nil { - _, err = mongo.Register(post.Username, s) - if err != nil { - c.JSON(http.StatusNotFound, json{ - "success": false, - "message": "Can't register!", - }) - } - } - - token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ - "user": post.Username, - "exp": time.Now().Add(time.Hour * time.Duration(1)).Unix(), - "iat": time.Now().Unix(), - }) - - tokenString, err := token.SignedString([]byte(config.JWT_Secret)) - if err != nil { - c.JSON(http.StatusInternalServerError, json{ - "success": false, - "message": "Error sign token!", - }) - - return - } - - c.JSON(http.StatusOK, json{ - "success": true, - "token": tokenString, - }) -} diff --git a/website/routes/api/auth/token.go b/website/routes/api/auth/token.go index f8c06bc..2f070a0 100644 --- a/website/routes/api/auth/token.go +++ b/website/routes/api/auth/token.go @@ -1,15 +1,46 @@ package auth import ( + "fmt" + "time" + "github.com/golang-jwt/jwt" "gitlab.com/gaming0skar123/go/pingbot/config" ) -func ValidateToken(encodedToken string) (*jwt.Token, jwt.MapClaims, error) { - claims := jwt.MapClaims{} - token, err := jwt.ParseWithClaims(encodedToken, claims, func(token *jwt.Token) (interface{}, error) { +type authCustomClaims struct { + Name string `json:"name"` + Password string `json:"password"` + jwt.StandardClaims +} + +func GenerateToken(username, password string) string { + claims := &authCustomClaims{ + username, + password, + jwt.StandardClaims{ + ExpiresAt: time.Now().Add(time.Hour * 48).Unix(), + Issuer: username, + IssuedAt: time.Now().Unix(), + }, + } + + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + + //encoded string + t, err := token.SignedString([]byte(config.JWT_Secret)) + if err != nil { + panic(err) + } + + return t +} + +func ValidateToken(encodedToken string) (*jwt.Token, error) { + return jwt.Parse(encodedToken, func(token *jwt.Token) (interface{}, error) { + if _, isvalid := token.Method.(*jwt.SigningMethodHMAC); !isvalid { + return nil, fmt.Errorf("Invalid token", token.Header["alg"]) + } return []byte(config.JWT_Secret), nil }) - - return token, claims, err } diff --git a/website/routes/api/auth/types.go b/website/routes/api/auth/types.go index fdf24bb..d09106b 100644 --- a/website/routes/api/auth/types.go +++ b/website/routes/api/auth/types.go @@ -4,5 +4,3 @@ type UserAuth struct { Username string `json:"username"` Password string `json:"password"` } - -type json map[string]interface{} diff --git a/website/routes/api/delete.go b/website/routes/api/delete.go index 1f11749..e1b98f7 100644 --- a/website/routes/api/delete.go +++ b/website/routes/api/delete.go @@ -2,34 +2,13 @@ package api import ( "encoding/base64" - "fmt" "net/http" "github.com/gin-gonic/gin" "gitlab.com/gaming0skar123/go/pingbot/database/mongo" - "gitlab.com/gaming0skar123/go/pingbot/website/routes/api/auth" ) func Delete(c *gin.Context) { - valid, claims, err := auth.Authorize(c) - if !valid || err != nil { - c.JSON(http.StatusBadRequest, json{ - "success": false, - "message": "Unauthed!", - }) - - return - } - - var user string - - for key, val := range claims { - if key == "user" { - user = fmt.Sprintf("%q", val) - break - } - } - url := c.Param("url") d, err := base64.StdEncoding.DecodeString(url) @@ -44,7 +23,7 @@ func Delete(c *gin.Context) { url = string(d) - r, err := mongo.Delete(url, user) + r, err := mongo.Delete(url, "user") if r.DeletedCount <= 0 { c.JSON(http.StatusNotFound, json{ diff --git a/website/routes/api/insert.go b/website/routes/api/insert.go index b0975d2..f47df81 100644 --- a/website/routes/api/insert.go +++ b/website/routes/api/insert.go @@ -1,7 +1,6 @@ package api import ( - "fmt" "net/http" "github.com/gin-gonic/gin" @@ -10,9 +9,9 @@ import ( ) func Insert(c *gin.Context) { - valid, claims, err := auth.Authorize(c) - if !valid { - c.JSON(http.StatusBadRequest, json{ + auth := auth.AuthorizeJWT(c) + if !auth { + c.JSON(http.StatusUnauthorized, json{ "success": false, "message": "Unauthed!", }) @@ -20,17 +19,8 @@ func Insert(c *gin.Context) { return } - var user string - - for key, val := range claims { - if key == "user" { - user = fmt.Sprintf("%q", val) - break - } - } - var post mongo.URL - err = c.BindJSON(&post) + err := c.BindJSON(&post) if err != nil { c.JSON(http.StatusBadRequest, json{ "success": false, @@ -66,7 +56,7 @@ func Insert(c *gin.Context) { _, err = mongo.Insert(&mongo.URL{ URL: post.URL, Cluster: post.Cluster, - Owner: user, + Owner: "user", }) if err != nil { c.JSON(http.StatusInternalServerError, json{