From 94f3ff9a261abf6cdafab239d6839892bb525d98 Mon Sep 17 00:00:00 2001 From: ashley zomo Date: Fri, 9 Dec 2022 13:04:03 -0600 Subject: [PATCH] updated login tokens --- endpoints/authorization.go | 2 +- endpoints/login.go | 2 +- storage/api.go | 39 ++++++++++++++++++++++++++------------ storage/storage.go | 6 +----- 4 files changed, 30 insertions(+), 19 deletions(-) diff --git a/endpoints/authorization.go b/endpoints/authorization.go index d763105..6ffdc2f 100644 --- a/endpoints/authorization.go +++ b/endpoints/authorization.go @@ -24,7 +24,7 @@ func getAuthorization(c *gin.Context) (AuthorizationScope, string) { return AuthorizationScopeNone, "" } if headerSpl[0] == "Bearer" { - if storage.CheckLoginToken(headerSpl[1]) { + if storage.CheckLoginToken(headerSpl[1], c.ClientIP()) { return AuthorizationScopeUser, headerSpl[1] } } diff --git a/endpoints/login.go b/endpoints/login.go index b63d43a..c9cd7b2 100644 --- a/endpoints/login.go +++ b/endpoints/login.go @@ -19,7 +19,7 @@ func login(c *gin.Context) { return } - loggedIn, token := storage.CheckLogin(loginBody.Username, loginBody.Password) + loggedIn, token := storage.CheckLogin(loginBody.Username, loginBody.Password, c.ClientIP()) if loggedIn { c.JSON(200, gin.H{ diff --git a/storage/api.go b/storage/api.go index 7c006e0..fc32919 100644 --- a/storage/api.go +++ b/storage/api.go @@ -25,7 +25,7 @@ func UpdatePassword(password string) { } } -func CheckLogin(username string, password string) (bool, string) { +func CheckLogin(username string, password string, ip string) (bool, string) { if username == "" || password == "" { return false, "" } @@ -49,18 +49,35 @@ func CheckLogin(username string, password string) (bool, string) { return false, "" } - return true, createLoginToken() + return true, createLoginToken(ip) } -func createLoginToken() string { +type loginToken struct { + Token []byte `json:"token"` + IP string `jsong:"ip"` + End string `json:"end"` +} + +func createLoginToken(ip string) string { token := util.GeneratePassword(32) + tokenHash, err := bcrypt.GenerateFromPassword([]byte(token), bcrypt.DefaultCost) + if err != nil { + panic(err) + } + + tokenData := loginToken{ + Token: tokenHash, + IP: ip, + End: token[len(token) - 4:], + } + member := redis.Z{ Score: float64(time.Now().Unix() + 4 * 60 * 60), - Member: token, + Member: tokenData, } - err := client.ZAdd(ctx, "loginTokens", member).Err() + err = client.ZAdd(ctx, "loginTokens", member).Err() if err != nil { panic(err) } @@ -68,7 +85,7 @@ func createLoginToken() string { return token } -func CheckLoginToken(token string) bool { +func CheckLoginToken(token string, ip string) bool { expired, err := client.ZRangeByScore(ctx, "loginTokens", &redis.ZRangeBy{ Min: "-inf", @@ -83,18 +100,16 @@ func CheckLoginToken(token string) bool { client.ZRem(ctx, "loginTokens", e) } - current, err := client.ZRangeByScore(ctx, "loginTokens", &redis.ZRangeBy{ - Min: fmt.Sprintf("%d", time.Now().Unix()), - Max: "inf", - }).Result() + current := make([]loginToken, 0) + err = client.ZRange(ctx, "loginTokens", 0, -1).ScanSlice(current) if err != nil { panic(err) } for _, c := range current { - fmt.Println(c) - if c == token { + err = bcrypt.CompareHashAndPassword([]byte(c.Token), []byte(token)) + if err == nil && ip == c.IP { return true } } diff --git a/storage/storage.go b/storage/storage.go index 45da3a9..445b1f2 100644 --- a/storage/storage.go +++ b/storage/storage.go @@ -54,11 +54,7 @@ func Init() { } username := redisUri.User.Username() - pass, passSet := redisUri.User.Password() - - if !passSet { - panic("pass not set") - } + pass, _ := redisUri.User.Password() client = redis.NewClient(&redis.Options{ Addr: redisUri.Host,