Wrap up split cookie auth

2019-10-05 22:35:14 -04:00 · 2019-10-05 22:35:14 -04:00 · 681b0df9f5
commit 681b0df9f5
parent 0ce261d9bd
5 changed files with 29 additions and 7 deletions
--- a/main.go
+++ b/main.go
@ -55,9 +55,9 @@ func Routes() *chi.Mux {
 	// enable cors testing
 	// LOCK THIS DOWN FOR PRODUCTION
 	cors := cors.New(cors.Options{
-        AllowedOrigins:   []string{"*"},
+		AllowedOrigins:   []string{"*"},
-        AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"},
+		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"},
-        AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
+		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
 		AllowCredentials: true,
 		MaxAge:           360,
 	})
--- a/packages/auth/auth.go
+++ b/packages/auth/auth.go
@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
 	"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"
 	"git.minhas.io/asara/sudoscientist-go-backend/packages/users"
 	"github.com/badoux/checkmail"
 	"github.com/dgrijalva/jwt-go"
@ -54,7 +55,7 @@ func Routes() *chi.Mux {
 	r.Post("/signin", signin)
 	r.Post("/register", register)
 	r.Group(func(r chi.Router) {
-		r.Use(jwtauth.Verifier(TokenAuth))
+		r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie))
 		r.Use(jwtauth.Authenticator)
 		r.Post("/refresh", refresh)
 	})
--- a/packages/blog/blog.go
+++ b/packages/blog/blog.go
@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
 	"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"
 	"github.com/go-chi/chi"
 	"github.com/go-chi/jwtauth"
 	"github.com/go-chi/render"
@ -79,13 +80,13 @@ func Init() {
 func Routes() *chi.Mux {
 	r := chi.NewRouter()
 	r.Group(func(r chi.Router) {
-		r.Use(jwtauth.Verifier(TokenAuth))
+		r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie))
 		r.Use(jwtauth.Authenticator)
 		r.Post("/", createBlogPost)
 		r.Patch("/by-id/{id}", updateBlogPostById)
 		r.Get("/by-slug/{slug}", getBlogPostBySlug)
 	})
 	r.Get("/", getBlogPosts)
 	r.Get("/by-slug/{slug}", getBlogPostBySlug)
 	r.Get("/by-id/{id}", getBlogPostById)
 	r.Get("/by-tag/{tag}", getBlogPostsByTag)
 	r.Get("/by-author/{author}", getBlogPostsByAuthor)
--- a/packages/middleware/auth_middleware.go
+++ b/packages/middleware/auth_middleware.go
@ -0,0 +1,19 @@
 package auth_middleware
 import (
 	"fmt"
 	"net/http"
 )
 func TokenFromSplitCookie(r *http.Request) string {
 	dataCookie, err := r.Cookie("DataCookie")
 	if err != nil {
 		return ""
 	}
 	signatureCookie, err := r.Cookie("SignatureCookie")
 	if err != nil {
 		return ""
 	}
 	cookie := dataCookie.Value + "." + signatureCookie.Value
 	return cookie
 }
--- a/packages/users/users.go
+++ b/packages/users/users.go
@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
 	"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"
 	"github.com/go-chi/chi"
 	"github.com/go-chi/jwtauth"
 	"github.com/go-chi/render"
@ -36,7 +37,7 @@ func Init() {
 func Routes() *chi.Mux {
 	r := chi.NewRouter()
 	r.Group(func(r chi.Router) {
-		r.Use(jwtauth.Verifier(TokenAuth))
+		r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie))
 		r.Use(jwtauth.Authenticator)
 		r.Put("/{username}", updateUser)
 	})