if a user provides the env admin token, a token will generate with god permissions
This commit is contained in:
parent
8f10fbfba1
commit
615f1184ab
@ -17,6 +17,7 @@ const (
|
||||
ErrJwtClaimsMissing = "claims missing on token"
|
||||
ErrJwtExpired = "auth token has expired"
|
||||
ErrJwtScopeMissing = "required scope is missing"
|
||||
ErrUserNotFound = "requested user does not exist"
|
||||
)
|
||||
|
||||
type JwtToken struct {
|
||||
@ -86,6 +87,24 @@ func (h *Handler) generateJwt(username string) (string, error) {
|
||||
return tokenString, nil
|
||||
}
|
||||
|
||||
func (h *Handler) generateAdminJwt(username string) (string, error) {
|
||||
secret := []byte(h.Config.JwtSecret)
|
||||
|
||||
token := jwt.New(jwt.SigningMethodHS256)
|
||||
claims := token.Claims.(jwt.MapClaims)
|
||||
claims["exp"] = time.Now().Add(10 * time.Minute)
|
||||
claims["authorized"] = true
|
||||
claims["username"] = username
|
||||
claims["scopes"] = domain.ScopeAll
|
||||
|
||||
tokenString, err := token.SignedString(secret)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return tokenString, nil
|
||||
}
|
||||
|
||||
func (h *Handler) AuthRegister(c echo.Context) error {
|
||||
username := c.QueryParam("username")
|
||||
_, err := h.userRepo.GetByName(username)
|
||||
@ -124,30 +143,44 @@ func (h *Handler) AuthLogin(c echo.Context) error {
|
||||
username := c.QueryParam("username")
|
||||
password := c.QueryParam("password")
|
||||
|
||||
// check if the user exists
|
||||
err := h.UserService.DoesUserExist(username)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusInternalServerError, err)
|
||||
// Check to see if they are trying to login with the admin token
|
||||
if username == "" {
|
||||
if h.Config.AdminToken != password {
|
||||
return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)
|
||||
}
|
||||
|
||||
// make sure the hash matches
|
||||
err = h.UserService.DoesPasswordMatchHash(username, password)
|
||||
token, err := h.generateAdminJwt("admin")
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusInternalServerError, err)
|
||||
}
|
||||
|
||||
token, err := h.generateJwt(username)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusInternalServerError, err)
|
||||
return h.InternalServerErrorResponse(c, err.Error())
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, token)
|
||||
}
|
||||
|
||||
func (h *Handler) AddScope(c echo.Context) error {
|
||||
|
||||
// check if the user exists
|
||||
err := h.UserService.DoesUserExist(username)
|
||||
if err != nil {
|
||||
return h.InternalServerErrorResponse(c, err.Error())
|
||||
}
|
||||
|
||||
// make sure the hash matches
|
||||
err = h.UserService.DoesPasswordMatchHash(username, password)
|
||||
if err != nil {
|
||||
return h.InternalServerErrorResponse(c, err.Error())
|
||||
}
|
||||
|
||||
token, err := h.generateJwt(username)
|
||||
if err != nil {
|
||||
return h.InternalServerErrorResponse(c, err.Error())
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, token)
|
||||
}
|
||||
|
||||
//func (h *Handler) AddScope(c echo.Context) error {
|
||||
//
|
||||
//}
|
||||
|
||||
func (h *Handler) RefreshJwtToken(c echo.Context) error {
|
||||
return nil
|
||||
}
|
||||
|
@ -65,3 +65,10 @@ func (h *Handler) ReturnUnauthorizedResponse(c echo.Context, message string) err
|
||||
Message: message,
|
||||
})
|
||||
}
|
||||
|
||||
func (h *Handler) InternalServerErrorResponse(c echo.Context, message string) error {
|
||||
return c.JSON(http.StatusServiceUnavailable, domain.ErrorResponse{
|
||||
HttpCode: http.StatusInternalServerError,
|
||||
Message: message,
|
||||
})
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user