Mercurial > gemma
diff auth/token.go @ 134:0c56c56a1c44 remove-jwt
Removed the JWT layer from the session management.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Fri, 29 Jun 2018 17:17:20 +0200 |
parents | bb9120d28950 |
children |
line wrap: on
line diff
--- a/auth/token.go Thu Jun 28 17:26:38 2018 +0200 +++ b/auth/token.go Fri Jun 29 17:17:20 2018 +0200 @@ -1,53 +1,54 @@ package auth import ( + "crypto/rand" + "encoding/base64" + "io" "time" - - "gemma.intevation.de/gemma/config" - - jwt "github.com/dgrijalva/jwt-go" ) -type Claims struct { - jwt.StandardClaims - - User string `json:"user"` - Roles []string `json:"roles"` +type Session struct { + ExpiresAt int64 `json:"expires"` + User string `json:"user"` + Password string `json:"password"` + Roles []string `json:"roles"` } -const maxTokenValid = time.Hour * 3 +const ( + sessionKeyLength = 20 + maxTokenValid = time.Hour * 3 +) -func NewToken(user string, roles []string) (string, error) { +func NewSession(user, password string, roles []string) *Session { // Create the Claims - claims := &Claims{ - StandardClaims: jwt.StandardClaims{ - ExpiresAt: jwt.TimeFunc().Add(maxTokenValid).Unix(), - }, - User: user, - Roles: roles, + return &Session{ + ExpiresAt: time.Now().Add(maxTokenValid).Unix(), + User: user, + Password: password, + Roles: roles, } +} - token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - return token.SignedString(config.Config.JWTSignKey) +func GenerateSessionKey() string { + return base64.URLEncoding.EncodeToString(GenerateRandomKey(sessionKeyLength)) } -func TokenToClaims(token string) (*Claims, error) { - claims := &Claims{} - _, err := jwt.ParseWithClaims(token, claims, - func(*jwt.Token) (interface{}, error) { return config.Config.JWTSignKey, nil }) - return claims, err +func GenerateRandomKey(length int) []byte { + k := make([]byte, length) + if _, err := io.ReadFull(rand.Reader, k); err != nil { + return nil + } + return k } -func GenerateToken(user, password string) (string, error) { +func GenerateSession(user, password string) (string, *Session, error) { roles, err := AllOtherRoles(user, password) if err != nil { - return "", err + return "", nil, err } - token, err := NewToken(user, roles) - if err != nil { - return "", err - } - ConnPool.Add(token, user, password) - return token, nil + token := GenerateSessionKey() + session := NewSession(user, password, roles) + ConnPool.Add(token, session) + return token, session, nil }