feat: persist encrypted env
This commit is contained in:
Lakhan Samani
@@ -17,7 +17,7 @@ import (
|
||||
)
|
||||
|
||||
func CreateAuthToken(user db.User, tokenType enum.TokenType, roles []string) (string, int64, error) {
|
||||
t := jwt.New(jwt.GetSigningMethod(constants.JWT_TYPE))
|
||||
t := jwt.New(jwt.GetSigningMethod(constants.EnvData.JWT_TYPE))
|
||||
expiryBound := time.Hour
|
||||
if tokenType == enum.RefreshToken {
|
||||
// expires in 1 year
|
||||
@@ -32,11 +32,11 @@ func CreateAuthToken(user db.User, tokenType enum.TokenType, roles []string) (st
|
||||
json.Unmarshal(userBytes, &userMap)
|
||||
|
||||
customClaims := jwt.MapClaims{
|
||||
"exp": expiresAt,
|
||||
"iat": time.Now().Unix(),
|
||||
"token_type": tokenType.String(),
|
||||
"allowed_roles": strings.Split(user.Roles, ","),
|
||||
constants.JWT_ROLE_CLAIM: roles,
|
||||
"exp": expiresAt,
|
||||
"iat": time.Now().Unix(),
|
||||
"token_type": tokenType.String(),
|
||||
"allowed_roles": strings.Split(user.Roles, ","),
|
||||
constants.EnvData.JWT_ROLE_CLAIM: roles,
|
||||
}
|
||||
|
||||
for k, v := range userMap {
|
||||
@@ -77,7 +77,7 @@ func CreateAuthToken(user db.User, tokenType enum.TokenType, roles []string) (st
|
||||
|
||||
t.Claims = customClaims
|
||||
|
||||
token, err := t.SignedString([]byte(constants.JWT_SECRET))
|
||||
token, err := t.SignedString([]byte(constants.EnvData.JWT_SECRET))
|
||||
if err != nil {
|
||||
return "", 0, err
|
||||
}
|
||||
@@ -89,7 +89,6 @@ func GetAuthToken(gc *gin.Context) (string, error) {
|
||||
token, err := GetCookie(gc)
|
||||
if err != nil || token == "" {
|
||||
// try to check in auth header for cookie
|
||||
log.Println("cookie not found checking headers")
|
||||
auth := gc.Request.Header.Get("Authorization")
|
||||
if auth == "" {
|
||||
return "", fmt.Errorf(`unauthorized`)
|
||||
@@ -105,7 +104,7 @@ func VerifyAuthToken(token string) (map[string]interface{}, error) {
|
||||
claims := jwt.MapClaims{}
|
||||
|
||||
_, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(constants.JWT_SECRET), nil
|
||||
return []byte(constants.EnvData.JWT_SECRET), nil
|
||||
})
|
||||
if err != nil {
|
||||
return res, err
|
||||
@@ -126,7 +125,7 @@ func VerifyAuthToken(token string) (map[string]interface{}, error) {
|
||||
}
|
||||
|
||||
func CreateAdminAuthToken(tokenType enum.TokenType, c *gin.Context) (string, int64, error) {
|
||||
t := jwt.New(jwt.GetSigningMethod(constants.JWT_TYPE))
|
||||
t := jwt.New(jwt.GetSigningMethod(constants.EnvData.JWT_TYPE))
|
||||
expiryBound := time.Hour
|
||||
if tokenType == enum.RefreshToken {
|
||||
// expires in 1 year
|
||||
@@ -146,9 +145,23 @@ func CreateAdminAuthToken(tokenType enum.TokenType, c *gin.Context) (string, int
|
||||
|
||||
t.Claims = customClaims
|
||||
|
||||
token, err := t.SignedString([]byte(constants.JWT_SECRET))
|
||||
token, err := t.SignedString([]byte(constants.EnvData.JWT_SECRET))
|
||||
if err != nil {
|
||||
return "", 0, err
|
||||
}
|
||||
return token, expiresAt, nil
|
||||
}
|
||||
|
||||
func GetAdminAuthToken(gc *gin.Context) (string, error) {
|
||||
token, err := GetAdminCookie(gc)
|
||||
if err != nil || token == "" {
|
||||
// try to check in auth header for cookie
|
||||
auth := gc.Request.Header.Get("Authorization")
|
||||
if auth == "" {
|
||||
return "", fmt.Errorf(`unauthorized`)
|
||||
}
|
||||
|
||||
token = strings.TrimPrefix(auth, "Bearer ")
|
||||
}
|
||||
return token, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user