Mercurial > gemma

diff auth/token.go @ 134:0c56c56a1c44 remove-jwt

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Removed the JWT layer from the session management.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Fri, 29 Jun 2018 17:17:20 +0200
parents bb9120d28950
children
line wrap: on
line diff
--- a/auth/token.go	Thu Jun 28 17:26:38 2018 +0200
+++ b/auth/token.go	Fri Jun 29 17:17:20 2018 +0200
@@ -1,53 +1,54 @@
 package auth
 
 import (
+	"crypto/rand"
+	"encoding/base64"
+	"io"
 	"time"
-
-	"gemma.intevation.de/gemma/config"
-
-	jwt "github.com/dgrijalva/jwt-go"
 )
 
-type Claims struct {
-	jwt.StandardClaims
-
-	User  string   `json:"user"`
-	Roles []string `json:"roles"`
+type Session struct {
+	ExpiresAt int64    `json:"expires"`
+	User      string   `json:"user"`
+	Password  string   `json:"password"`
+	Roles     []string `json:"roles"`
 }
 
-const maxTokenValid = time.Hour * 3
+const (
+	sessionKeyLength = 20
+	maxTokenValid    = time.Hour * 3
+)
 
-func NewToken(user string, roles []string) (string, error) {
+func NewSession(user, password string, roles []string) *Session {
 
 	// Create the Claims
-	claims := &Claims{
-		StandardClaims: jwt.StandardClaims{
-			ExpiresAt: jwt.TimeFunc().Add(maxTokenValid).Unix(),
-		},
-		User:  user,
-		Roles: roles,
+	return &Session{
+		ExpiresAt: time.Now().Add(maxTokenValid).Unix(),
+		User:      user,
+		Password:  password,
+		Roles:     roles,
 	}
+}
 
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	return token.SignedString(config.Config.JWTSignKey)
+func GenerateSessionKey() string {
+	return base64.URLEncoding.EncodeToString(GenerateRandomKey(sessionKeyLength))
 }
 
-func TokenToClaims(token string) (*Claims, error) {
-	claims := &Claims{}
-	_, err := jwt.ParseWithClaims(token, claims,
-		func(*jwt.Token) (interface{}, error) { return config.Config.JWTSignKey, nil })
-	return claims, err
+func GenerateRandomKey(length int) []byte {
+	k := make([]byte, length)
+	if _, err := io.ReadFull(rand.Reader, k); err != nil {
+		return nil
+	}
+	return k
 }
 
-func GenerateToken(user, password string) (string, error) {
+func GenerateSession(user, password string) (string, *Session, error) {
 	roles, err := AllOtherRoles(user, password)
 	if err != nil {
-		return "", err
+		return "", nil, err
 	}
-	token, err := NewToken(user, roles)
-	if err != nil {
-		return "", err
-	}
-	ConnPool.Add(token, user, password)
-	return token, nil
+	token := GenerateSessionKey()
+	session := NewSession(user, password, roles)
+	ConnPool.Add(token, session)
+	return token, session, nil
 }