diff --git a/main.go b/main.go index 47035df..8af50a6 100644 --- a/main.go +++ b/main.go @@ -55,9 +55,9 @@ func Routes() *chi.Mux { // enable cors testing // LOCK THIS DOWN FOR PRODUCTION cors := cors.New(cors.Options{ - AllowedOrigins: []string{"*"}, - AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"}, - AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"}, + AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, AllowCredentials: true, MaxAge: 360, }) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index e5abb11..a73e6a6 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -4,6 +4,7 @@ import ( "database/sql" "encoding/json" "fmt" + "git.minhas.io/asara/sudoscientist-go-backend/packages/middleware" "git.minhas.io/asara/sudoscientist-go-backend/packages/users" "github.com/badoux/checkmail" "github.com/dgrijalva/jwt-go" @@ -54,7 +55,7 @@ func Routes() *chi.Mux { r.Post("/signin", signin) r.Post("/register", register) r.Group(func(r chi.Router) { - r.Use(jwtauth.Verifier(TokenAuth)) + r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie)) r.Use(jwtauth.Authenticator) r.Post("/refresh", refresh) }) diff --git a/packages/blog/blog.go b/packages/blog/blog.go index d8a2c23..640e30b 100644 --- a/packages/blog/blog.go +++ b/packages/blog/blog.go @@ -4,6 +4,7 @@ import ( "database/sql" "encoding/json" "fmt" + "git.minhas.io/asara/sudoscientist-go-backend/packages/middleware" "github.com/go-chi/chi" "github.com/go-chi/jwtauth" "github.com/go-chi/render" @@ -79,13 +80,13 @@ func Init() { func Routes() *chi.Mux { r := chi.NewRouter() r.Group(func(r chi.Router) { - r.Use(jwtauth.Verifier(TokenAuth)) + r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie)) r.Use(jwtauth.Authenticator) r.Post("/", createBlogPost) r.Patch("/by-id/{id}", updateBlogPostById) + r.Get("/by-slug/{slug}", getBlogPostBySlug) }) r.Get("/", getBlogPosts) - r.Get("/by-slug/{slug}", getBlogPostBySlug) r.Get("/by-id/{id}", getBlogPostById) r.Get("/by-tag/{tag}", getBlogPostsByTag) r.Get("/by-author/{author}", getBlogPostsByAuthor) diff --git a/packages/middleware/auth_middleware.go b/packages/middleware/auth_middleware.go new file mode 100644 index 0000000..2d62a95 --- /dev/null +++ b/packages/middleware/auth_middleware.go @@ -0,0 +1,19 @@ +package auth_middleware + +import ( + "fmt" + "net/http" +) + +func TokenFromSplitCookie(r *http.Request) string { + dataCookie, err := r.Cookie("DataCookie") + if err != nil { + return "" + } + signatureCookie, err := r.Cookie("SignatureCookie") + if err != nil { + return "" + } + cookie := dataCookie.Value + "." + signatureCookie.Value + return cookie +} diff --git a/packages/users/users.go b/packages/users/users.go index 581ae46..a1aa6c6 100644 --- a/packages/users/users.go +++ b/packages/users/users.go @@ -4,6 +4,7 @@ import ( "database/sql" "encoding/json" "fmt" + "git.minhas.io/asara/sudoscientist-go-backend/packages/middleware" "github.com/go-chi/chi" "github.com/go-chi/jwtauth" "github.com/go-chi/render" @@ -36,7 +37,7 @@ func Init() { func Routes() *chi.Mux { r := chi.NewRouter() r.Group(func(r chi.Router) { - r.Use(jwtauth.Verifier(TokenAuth)) + r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie)) r.Use(jwtauth.Authenticator) r.Put("/{username}", updateUser) })