From 8a897dc16f2aed6a901c2e3b85122597e810e240 Mon Sep 17 00:00:00 2001
From: Asara <amarpreet@minhas.io>
Date: Sat, 5 Oct 2019 20:21:48 -0400
Subject: [PATCH] Implement split tokens that work with curl

---
 packages/auth/auth.go | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/packages/auth/auth.go b/packages/auth/auth.go
index f00c447..1f88f6b 100644
--- a/packages/auth/auth.go
+++ b/packages/auth/auth.go
@@ -12,6 +12,7 @@ import (
 	"github.com/go-chi/render"
 	"golang.org/x/crypto/bcrypt"
 	"net/http"
+	"strings"
 	"time"
 )
 
@@ -41,8 +42,7 @@ type Claims struct {
 }
 
 type JWT struct {
-	JWT      string `json:"jwt"`
-	Username string `json:"username"`
+	JWT string `json:"jwt"`
 }
 
 func Init() {
@@ -114,9 +114,8 @@ func register(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 	_, tokenString, _ := TokenAuth.Encode(claims)
-	token := JWT{
-		JWT: tokenString,
-	}
+	token := setCookies(w, tokenString, expirationTime)
+	w.WriteHeader(http.StatusOK)
 	render.JSON(w, r, token)
 }
 
@@ -141,7 +140,6 @@ func signin(w http.ResponseWriter, r *http.Request) {
 	if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil {
 		w.WriteHeader(http.StatusUnauthorized)
 	}
-	w.WriteHeader(http.StatusOK)
 	expirationTime := time.Now().Add(5 * time.Hour)
 	claims := &Claims{
 		Username: creds.Username,
@@ -150,10 +148,8 @@ func signin(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 	_, tokenString, _ := TokenAuth.Encode(claims)
-	token := JWT{
-		JWT:      tokenString,
-		Username: creds.Username,
-	}
+	token := setCookies(w, tokenString, expirationTime)
+	w.WriteHeader(http.StatusOK)
 	render.JSON(w, r, token)
 }
 
@@ -168,8 +164,16 @@ func refresh(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 	_, tokenString, _ := TokenAuth.Encode(newClaims)
-	token := JWT{
-		JWT: tokenString,
-	}
+	token := setCookies(w, tokenString, expirationTime)
+	w.WriteHeader(http.StatusOK)
 	render.JSON(w, r, token)
 }
+
+func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string {
+	splitToken := strings.Split(jwt, ".")
+	dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/"}
+	http.SetCookie(w, &dataCookie)
+	signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/"}
+	http.SetCookie(w, &signatureCookie)
+	return strings.Join(splitToken[:2], ".")
+}