updated login tokens

endpoints/authorization.go

@@ -24,7 +24,7 @@ func getAuthorization(c *gin.Context) (AuthorizationScope, string) {
 		return AuthorizationScopeNone, ""
 	}
 	if headerSpl[0] == "Bearer" {
-		if storage.CheckLoginToken(headerSpl[1]) {
+		if storage.CheckLoginToken(headerSpl[1], c.ClientIP()) {
 			return AuthorizationScopeUser, headerSpl[1]
 		}
 	}

endpoints/login.go

@@ -19,7 +19,7 @@ func login(c *gin.Context) {
 		return
 	}
 
-	loggedIn, token := storage.CheckLogin(loginBody.Username, loginBody.Password)
+	loggedIn, token := storage.CheckLogin(loginBody.Username, loginBody.Password, c.ClientIP())
 
 	if loggedIn {
 		c.JSON(200, gin.H{

storage/api.go

@@ -25,7 +25,7 @@ func UpdatePassword(password string) {
 	}
 }
 
-func CheckLogin(username string, password string) (bool, string) {
+func CheckLogin(username string, password string, ip string) (bool, string) {
 	if username == "" || password == "" {
 		return false, ""
 	}
@@ -49,18 +49,35 @@ func CheckLogin(username string, password string) (bool, string) {
 		return false, ""
 	}
 	
-	return true, createLoginToken()
+	return true, createLoginToken(ip)
 }
 
-func createLoginToken() string {
+type loginToken struct {
+	Token []byte `json:"token"`
+	IP string `jsong:"ip"`
+	End string `json:"end"`
+}
+
+func createLoginToken(ip string) string {
 	token := util.GeneratePassword(32)
 
+	tokenHash, err := bcrypt.GenerateFromPassword([]byte(token), bcrypt.DefaultCost)
+	if err != nil {
+		panic(err)
+	}
+
+	tokenData := loginToken{
+		Token: tokenHash,
+		IP: ip,
+		End: token[len(token) - 4:],
+	}
+
 	member := redis.Z{
 		Score: float64(time.Now().Unix() + 4 * 60 * 60),
-		Member: token,
+		Member: tokenData,
 	}
 
-	err := client.ZAdd(ctx, "loginTokens", member).Err()
+	err = client.ZAdd(ctx, "loginTokens", member).Err()
 	if err != nil {
 		panic(err)
 	}
@@ -68,7 +85,7 @@ func createLoginToken() string {
 	return token
 }
 
-func CheckLoginToken(token string) bool {
+func CheckLoginToken(token string, ip string) bool {
 
 	expired, err := client.ZRangeByScore(ctx, "loginTokens", &redis.ZRangeBy{
 		Min: "-inf",
@@ -83,18 +100,16 @@ func CheckLoginToken(token string) bool {
 		client.ZRem(ctx, "loginTokens", e)
 	}
 
-	current, err := client.ZRangeByScore(ctx, "loginTokens", &redis.ZRangeBy{
+	current := make([]loginToken, 0)
-		Min: fmt.Sprintf("%d", time.Now().Unix()),
+	err = client.ZRange(ctx, "loginTokens", 0, -1).ScanSlice(current)
-		Max: "inf",
-	}).Result()
 
 	if err != nil {
 		panic(err)
 	}
 
 	for _, c := range current {
-		fmt.Println(c)
+		err = bcrypt.CompareHashAndPassword([]byte(c.Token), []byte(token))
-		if c == token {
+		if err == nil && ip == c.IP {
 			return true
 		}
 	}

storage/storage.go

@@ -54,11 +54,7 @@ func Init() {
 	}
 
 	username := redisUri.User.Username()
-	pass, passSet := redisUri.User.Password()
+	pass, _ := redisUri.User.Password()
-
-	if !passSet {
-		panic("pass not set")
-	}
 
 	client = redis.NewClient(&redis.Options{
 		Addr:     redisUri.Host,