Adjust variable naming
This commit is contained in:
parent
c3334faa9e
commit
78056d8b48
10 changed files with 45 additions and 41 deletions
14
auth/auth.go
14
auth/auth.go
|
|
@ -25,15 +25,15 @@ func Register(w http.ResponseWriter, r *http.Request) {
|
|||
if ok {
|
||||
email = strings.TrimSpace(email)
|
||||
password = strings.TrimSpace(password)
|
||||
if !(validEmail(email) && validPass(password) && !storage.Data.EmailExists(email)) {
|
||||
slog.Debug("Outcome",
|
||||
if !(validEmail(email) && validPass(password) && !storage.Data.Taken(email)) {
|
||||
slog.Debug("outcome",
|
||||
"email", validEmail(email),
|
||||
"pass", validPass(password),
|
||||
"taken", !storage.Data.EmailExists(email))
|
||||
"taken", !storage.Data.Taken(email))
|
||||
http.Error(w, "invalid auth credentials", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
err := storage.Data.AddUser(email, password)
|
||||
err := storage.Data.Add(email, password)
|
||||
if err != nil {
|
||||
slog.Error("error adding a new user", "error", err)
|
||||
http.Error(w, "error adding a new user", http.StatusInternalServerError)
|
||||
|
|
@ -57,18 +57,18 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
|||
email = strings.TrimSpace(email)
|
||||
password = strings.TrimSpace(password)
|
||||
user, ok := storage.Data.ByEmail(email)
|
||||
if !ok || !user.PasswordFits(password) {
|
||||
if !ok || !user.Fits(password) {
|
||||
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
||||
http.Error(w, "you did something wrong", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
s, err := CreateJWT(user)
|
||||
token, err := Create(user)
|
||||
if err != nil {
|
||||
http.Error(w, "error creating jwt", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Write([]byte(s))
|
||||
w.Write([]byte(token))
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
22
auth/jwt.go
22
auth/jwt.go
|
|
@ -18,7 +18,7 @@ import (
|
|||
|
||||
var key *rsa.PrivateKey
|
||||
|
||||
// LoadKey attempts to load a private key from KeyFile.
|
||||
// LoadKey attempts to load a private RS256 key from file.
|
||||
// If the file does not exist, it generates a new key (and saves it)
|
||||
func MustLoadKey() {
|
||||
// If the key doesn't exist, create it
|
||||
|
|
@ -58,14 +58,15 @@ func MustLoadKey() {
|
|||
}
|
||||
}
|
||||
|
||||
// PublicKey returns our public key as PEM block over http
|
||||
func PublicKey(w http.ResponseWriter, r *http.Request) {
|
||||
// ServePublicKey returns our public key as PEM block over HTTP
|
||||
func ServePublicKey(w http.ResponseWriter, r *http.Request) {
|
||||
key_marshalled := x509.MarshalPKCS1PublicKey(&key.PublicKey)
|
||||
block := pem.Block{Bytes: key_marshalled, Type: "RSA PUBLIC KEY"}
|
||||
pem.Encode(w, &block)
|
||||
}
|
||||
|
||||
func CreateJWT(user storage.User) (string, error) {
|
||||
// Create creates a JSON Web Token that expires after a week
|
||||
func Create(user storage.User) (token string, err error) {
|
||||
t := jwt.NewWithClaims(jwt.SigningMethodRS256,
|
||||
jwt.MapClaims{
|
||||
"iss": "pye",
|
||||
|
|
@ -74,17 +75,17 @@ func CreateJWT(user storage.User) (string, error) {
|
|||
"iat": time.Now().Unix(),
|
||||
"exp": time.Now().Add(time.Hour * 24 * 7).Unix(),
|
||||
})
|
||||
s, err := t.SignedString(key)
|
||||
token, err = t.SignedString(key)
|
||||
if err != nil {
|
||||
slog.Error("error creating JWT", "error", err)
|
||||
return "", err
|
||||
}
|
||||
return s, nil
|
||||
return
|
||||
}
|
||||
|
||||
// VerifyToken receives a JWT and PEM-encoded public key,
|
||||
// Verify receives a JWT and PEM-encoded public key,
|
||||
// then returns whether the token is valid
|
||||
func VerifyJWT(token string, publicKey []byte) (*jwt.Token, error) {
|
||||
func Verify(token string, publicKey []byte) (*jwt.Token, error) {
|
||||
t, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
|
||||
key, err := jwt.ParseRSAPublicKeyFromPEM(publicKey)
|
||||
if err != nil {
|
||||
|
|
@ -98,8 +99,9 @@ func VerifyJWT(token string, publicKey []byte) (*jwt.Token, error) {
|
|||
return t, err
|
||||
}
|
||||
|
||||
func VerifyLocalJWT(token string) (*jwt.Token, error) {
|
||||
// VerifyLocal calls Verify with public key set to current local one
|
||||
func VerifyLocal(token string) (*jwt.Token, error) {
|
||||
key_marshalled := x509.MarshalPKCS1PublicKey(&key.PublicKey)
|
||||
block := pem.Block{Bytes: key_marshalled, Type: "RSA PUBLIC KEY"}
|
||||
return VerifyJWT(token, pem.EncodeToMemory(&block))
|
||||
return Verify(token, pem.EncodeToMemory(&block))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,14 +25,14 @@ var (
|
|||
)
|
||||
|
||||
func initConfig() {
|
||||
logging.LogInit(*debugMode)
|
||||
config.MustLoadConfig(cfgFile)
|
||||
logging.Load(*debugMode)
|
||||
config.MustLoad(cfgFile)
|
||||
if cfgDb != "" {
|
||||
config.Cfg.SQLiteFile = cfgDb
|
||||
}
|
||||
|
||||
auth.MustLoadKey()
|
||||
storage.Data = sqlite.MustLoadSQLite(config.Cfg.SQLiteFile)
|
||||
storage.Data = sqlite.MustLoad(config.Cfg.SQLiteFile)
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ func serveAuth(cmd *cobra.Command, args []string) {
|
|||
r.Use(middleware.RealIP)
|
||||
r.Use(middleware.Logger, middleware.CleanPath, middleware.StripSlashes)
|
||||
|
||||
r.Get("/pem", auth.PublicKey)
|
||||
r.Get("/pem", auth.ServePublicKey)
|
||||
r.Post("/register", auth.Register)
|
||||
r.Post("/login", auth.Login)
|
||||
|
||||
|
|
|
|||
|
|
@ -41,14 +41,14 @@ func verifyFunc(cmd *cobra.Command, args []string) {
|
|||
var err error
|
||||
if verifyFile == "" {
|
||||
fmt.Println("No PEM file supplied, assuming local")
|
||||
t, err = auth.VerifyLocalJWT(verifyToken)
|
||||
t, err = auth.VerifyLocal(verifyToken)
|
||||
} else {
|
||||
key, err_k := os.ReadFile(verifyFile)
|
||||
if err_k != nil {
|
||||
slog.Error("error reading file", "error", err, "file", verifyFile)
|
||||
return
|
||||
}
|
||||
t, err = auth.VerifyJWT(verifyToken, key)
|
||||
t, err = auth.Verify(verifyToken, key)
|
||||
}
|
||||
slog.Debug("result", "token", t, "error", err, "ok", err == nil)
|
||||
if err == nil {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ var (
|
|||
Cfg Config
|
||||
)
|
||||
|
||||
func LoadConfig(filename string) error {
|
||||
func Load(filename string) error {
|
||||
data, err := os.ReadFile(filename)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -42,8 +42,8 @@ func LoadConfig(filename string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func MustLoadConfig(filename string) {
|
||||
err := LoadConfig(filename)
|
||||
func MustLoad(filename string) {
|
||||
err := Load(filename)
|
||||
if err != nil {
|
||||
slog.Error("error initially loading config", "error", err)
|
||||
os.Exit(1)
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ import (
|
|||
"github.com/go-chi/chi/middleware"
|
||||
)
|
||||
|
||||
// LogInit makes slog output to both os.Stdout and a file if needed, and sets slog.LevelDebug if enabled.
|
||||
func LogInit(debugMode bool) {
|
||||
// Load makes slog output to both os.Stdout and a file if needed, and sets slog.LevelDebug if enabled.
|
||||
func Load(debugMode bool) {
|
||||
var w io.Writer
|
||||
if config.Cfg.LogToFile {
|
||||
f, err := os.OpenFile(config.Cfg.LogFile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ type SQLiteStorage struct {
|
|||
db *sql.DB
|
||||
}
|
||||
|
||||
func (s SQLiteStorage) AddUser(email, password string) error {
|
||||
user, err := storage.NewUser(email, password)
|
||||
func (s SQLiteStorage) Add(email, password string) error {
|
||||
user, err := storage.New(email, password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -53,12 +53,12 @@ func (s SQLiteStorage) ByEmail(email string) (storage.User, bool) {
|
|||
return user, err == nil
|
||||
}
|
||||
|
||||
func (s SQLiteStorage) EmailExists(email string) bool {
|
||||
func (s SQLiteStorage) Taken(email string) bool {
|
||||
_, ok := s.ByEmail(email)
|
||||
return ok
|
||||
}
|
||||
|
||||
func MustLoadSQLite(dataFile string) SQLiteStorage {
|
||||
func MustLoad(dataFile string) SQLiteStorage {
|
||||
if _, err := os.Stat(dataFile); errors.Is(err, os.ErrNotExist) {
|
||||
os.Create(dataFile)
|
||||
slog.Debug("created sqlite3 database file", "file", dataFile)
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
package storage
|
||||
|
||||
// Storage is an arbitrary storage interface
|
||||
// Storage is an interface for arbitrary storage
|
||||
type Storage interface {
|
||||
AddUser(email, password string) error
|
||||
ById(uuid string) (User, bool)
|
||||
ByEmail(uuid string) (User, bool)
|
||||
EmailExists(email string) bool
|
||||
Add(email, password string) error // Add inserts a user into data
|
||||
ById(uuid string) (User, bool) // ById retrieves a user by their UUID
|
||||
ByEmail(email string) (User, bool) // ByEmail retrieves a user by their email
|
||||
Taken(email string) bool // Taken checks whether an email is taken
|
||||
}
|
||||
|
||||
// Data stores active information for the app
|
||||
// It should be populated at app startup
|
||||
// Data stores active information for the app.
|
||||
// It should be populated on startup
|
||||
var Data Storage
|
||||
|
|
|
|||
|
|
@ -13,12 +13,14 @@ type User struct {
|
|||
Hash []byte // bcrypt hash of password
|
||||
}
|
||||
|
||||
func (u User) PasswordFits(password string) bool {
|
||||
// Fits checks whether the password is correct
|
||||
func (u User) Fits(password string) bool {
|
||||
err := bcrypt.CompareHashAndPassword(u.Hash, []byte(password))
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func NewUser(email, password string) (User, error) {
|
||||
// New Creates a new User
|
||||
func New(email, password string) (User, error) {
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(password), 14)
|
||||
if err != nil {
|
||||
slog.Error("error creating a new user", "error", err)
|
||||
|
|
|
|||
Loading…
Reference in a new issue