Basic JWT is now working #12
@ -22,7 +22,7 @@ func generateJwt() (string, error) {
|
|||||||
//TODO use env here
|
//TODO use env here
|
||||||
secret := []byte("ThisIsABadSecretDontReallyUseThis")
|
secret := []byte("ThisIsABadSecretDontReallyUseThis")
|
||||||
|
|
||||||
token := jwt.New(jwt.SigningMethodEdDSA)
|
token := jwt.New(jwt.SigningMethodHS256)
|
||||||
claims := token.Claims.(jwt.MapClaims)
|
claims := token.Claims.(jwt.MapClaims)
|
||||||
claims["exp"] = time.Now().Add(10 * time.Minute)
|
claims["exp"] = time.Now().Add(10 * time.Minute)
|
||||||
claims["authorized"] = true
|
claims["authorized"] = true
|
||||||
|
@ -36,18 +36,19 @@ func (us UserService) DoesUserExist(username string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (us UserService) DoesPasswordMatchHash(username, password string) error {
|
func (us UserService) DoesPasswordMatchHash(username, password string) error {
|
||||||
passwordBytes := []byte(password)
|
//passwordBytes := []byte(password)
|
||||||
hash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
|
//hash, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
|
||||||
if err != nil {
|
//if err != nil {
|
||||||
return err
|
// return err
|
||||||
}
|
//}
|
||||||
|
|
||||||
model, err := us.GetUser(username)
|
model, err := us.GetUser(username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if model.Hash != string(hash) {
|
err = bcrypt.CompareHashAndPassword([]byte(model.Hash), []byte(password))
|
||||||
|
if err != nil {
|
||||||
return errors.New(ErrInvalidPassword)
|
return errors.New(ErrInvalidPassword)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -83,7 +84,7 @@ func (us UserService) CheckPasswordForRequirements(password string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (us UserService) checkPasswordLength(password string) error {
|
func (us UserService) checkPasswordLength(password string) error {
|
||||||
if len(password) <= 8 {
|
if len(password) < 8 {
|
||||||
return errors.New(ErrPasswordNotLongEnough)
|
return errors.New(ErrPasswordNotLongEnough)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
###
|
###
|
||||||
POST http://localhost:1323/api/v1/register?username=test&password=test
|
POST http://localhost:1323/api/v1/register?username=test&password=test1234!
|
||||||
###
|
###
|
||||||
POST http://localhost:1323/api/v1/login?username=test&password=test
|
POST http://localhost:1323/api/v1/login?username=test&password=test1234!
|
||||||
###
|
###
|
||||||
GET http://localhost:1323/api/v1/demo/hello
|
GET http://localhost:1323/api/v1/demo/hello
|
||||||
###
|
###
|
||||||
|
Loading…
Reference in New Issue
Block a user