Asara/sudoscientist-go-backend
Archived
1
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity

Update auth to return better errors, remove returning the token data as a blob

Browse source
This commit is contained in:
Amarpreet Minhas 2020-01-21 23:49:07 -05:00
parent 4457885685
commit 38bd348737
1 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
packages/auth/auth.go
View file

@ -122,8 +122,8 @@ func register(w http.ResponseWriter, r *http.Request) {
err := json.NewDecoder(r.Body).Decode(creds) err := json.NewDecoder(r.Body).Decode(creds)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusBadRequest)
returnMessage.Message = "unexpected error. please contact the administrator" returnMessage.Message = "bad data provided"
render.JSON(w, r, returnMessage) render.JSON(w, r, returnMessage)
return return
} }
@ -194,15 +194,20 @@ func register(w http.ResponseWriter, r *http.Request) {
} }
func signin(w http.ResponseWriter, r *http.Request) { func signin(w http.ResponseWriter, r *http.Request) {
returnMessage := ReturnMessage{}
creds := &UserCredentials{} creds := &UserCredentials{}
err := json.NewDecoder(r.Body).Decode(creds) err := json.NewDecoder(r.Body).Decode(creds)
if err != nil { if err != nil {
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
returnMessage.Message = "bad data provided"
render.JSON(w, r, returnMessage)
return return
} }
verified, ok := checkPassword(w, *creds) verify_pw, ok := checkPassword(w, *creds)
if !ok { if !ok {
render.JSON(w, r, verified) w.WriteHeader(http.StatusBadRequest)
returnMessage.Message = verify_pw
render.JSON(w, r, returnMessage)
return return
} }
expirationTime := time.Now().Add(24 * time.Hour) expirationTime := time.Now().Add(24 * time.Hour)
@ -218,9 +223,9 @@ func signin(w http.ResponseWriter, r *http.Request) {
}, },
} }
_, tokenString, _ := TokenAuth.Encode(claims) _, tokenString, _ := TokenAuth.Encode(claims)
token := setCookies(w, tokenString, expirationTime) setCookies(w, tokenString, expirationTime)
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
render.JSON(w, r, token) render.JSON(w, r, returnMessage)
} }
func refresh(w http.ResponseWriter, r *http.Request) { func refresh(w http.ResponseWriter, r *http.Request) {
@ -233,8 +238,8 @@ func refresh(w http.ResponseWriter, r *http.Request) {
err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified) err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
returnMessage.Message = "unexpected error refreshing your token, please try again later"
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
returnMessage.Message = "unexpected error refreshing your token, please try again later"
render.JSON(w, r, returnMessage) render.JSON(w, r, returnMessage)
return return
} }
@ -247,18 +252,19 @@ func refresh(w http.ResponseWriter, r *http.Request) {
}, },
} }
_, tokenString, _ := TokenAuth.Encode(newClaims) _, tokenString, _ := TokenAuth.Encode(newClaims)
token := setCookies(w, tokenString, expirationTime) setCookies(w, tokenString, expirationTime)
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
render.JSON(w, r, token) returnMessage.Message = "jwt refreshed"
render.JSON(w, r, returnMessage)
} }
func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string { func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) {
splitToken := strings.Split(jwt, ".") splitToken := strings.Split(jwt, ".")
dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true} dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
http.SetCookie(w, &dataCookie) http.SetCookie(w, &dataCookie)
signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true} signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
http.SetCookie(w, &signatureCookie) http.SetCookie(w, &signatureCookie)
return strings.Join(splitToken[:2], ".") return
} }
func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) { func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) {