Update auth to return better errors, remove returning the token data as a blob
This commit is contained in:
parent
4457885685
commit
38bd348737
1 changed files with 17 additions and 11 deletions
|
|
@ -122,8 +122,8 @@ func register(w http.ResponseWriter, r *http.Request) {
|
|||
err := json.NewDecoder(r.Body).Decode(creds)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
returnMessage.Message = "unexpected error. please contact the administrator"
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
returnMessage.Message = "bad data provided"
|
||||
render.JSON(w, r, returnMessage)
|
||||
return
|
||||
}
|
||||
|
|
@ -194,15 +194,20 @@ func register(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
func signin(w http.ResponseWriter, r *http.Request) {
|
||||
returnMessage := ReturnMessage{}
|
||||
creds := &UserCredentials{}
|
||||
err := json.NewDecoder(r.Body).Decode(creds)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
returnMessage.Message = "bad data provided"
|
||||
render.JSON(w, r, returnMessage)
|
||||
return
|
||||
}
|
||||
verified, ok := checkPassword(w, *creds)
|
||||
verify_pw, ok := checkPassword(w, *creds)
|
||||
if !ok {
|
||||
render.JSON(w, r, verified)
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
returnMessage.Message = verify_pw
|
||||
render.JSON(w, r, returnMessage)
|
||||
return
|
||||
}
|
||||
expirationTime := time.Now().Add(24 * time.Hour)
|
||||
|
|
@ -218,9 +223,9 @@ func signin(w http.ResponseWriter, r *http.Request) {
|
|||
},
|
||||
}
|
||||
_, tokenString, _ := TokenAuth.Encode(claims)
|
||||
token := setCookies(w, tokenString, expirationTime)
|
||||
setCookies(w, tokenString, expirationTime)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
render.JSON(w, r, token)
|
||||
render.JSON(w, r, returnMessage)
|
||||
}
|
||||
|
||||
func refresh(w http.ResponseWriter, r *http.Request) {
|
||||
|
|
@ -233,8 +238,8 @@ func refresh(w http.ResponseWriter, r *http.Request) {
|
|||
err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
returnMessage.Message = "unexpected error refreshing your token, please try again later"
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
returnMessage.Message = "unexpected error refreshing your token, please try again later"
|
||||
render.JSON(w, r, returnMessage)
|
||||
return
|
||||
}
|
||||
|
|
@ -247,18 +252,19 @@ func refresh(w http.ResponseWriter, r *http.Request) {
|
|||
},
|
||||
}
|
||||
_, tokenString, _ := TokenAuth.Encode(newClaims)
|
||||
token := setCookies(w, tokenString, expirationTime)
|
||||
setCookies(w, tokenString, expirationTime)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
render.JSON(w, r, token)
|
||||
returnMessage.Message = "jwt refreshed"
|
||||
render.JSON(w, r, returnMessage)
|
||||
}
|
||||
|
||||
func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string {
|
||||
func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) {
|
||||
splitToken := strings.Split(jwt, ".")
|
||||
dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
|
||||
http.SetCookie(w, &dataCookie)
|
||||
signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
|
||||
http.SetCookie(w, &signatureCookie)
|
||||
return strings.Join(splitToken[:2], ".")
|
||||
return
|
||||
}
|
||||
|
||||
func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) {
|
||||
|
|
|
|||
Reference in a new issue