Split out url auth with email token

This commit is contained in:
Amarpreet Minhas 2020-01-20 20:06:32 -05:00
parent cc7225527e
commit d27a499c07
3 changed files with 23 additions and 5 deletions

View file

@ -81,7 +81,7 @@ Install steps are for Debian 9 (stretch)
[For more information on Postal](https://github.com/postalhq/postal) [For more information on Postal](https://github.com/postalhq/postal)
``` ```
cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend
for i in settings/*; do source $i; done for i in settings/*.env; do source $i; done
export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db) export DB_HOST=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" sudosci-db)
PSQL_QUERY_STRING="postgres://${DB_USER}:${DB_PW}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSL}" PSQL_QUERY_STRING="postgres://${DB_USER}:${DB_PW}@${DB_HOST}:${DB_PORT}/${DB_NAME}?sslmode=${DB_SSL}"
migrate -path migrations/ -database ${PSQL_QUERY_STRING} up migrate -path migrations/ -database ${PSQL_QUERY_STRING} up

View file

@ -34,7 +34,7 @@ func Init() {
if postal_api, ok := os.LookupEnv("POSTAL_API"); ok { if postal_api, ok := os.LookupEnv("POSTAL_API"); ok {
if email_src, ok := os.LookupEnv("POSTAL_SRC_EMAIL"); ok { if email_src, ok := os.LookupEnv("POSTAL_SRC_EMAIL"); ok {
if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok { if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok {
EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil) EmailAuth = jwtauth.New("HS256", []byte(email_auth), nil)
PostalKey = postal_key PostalKey = postal_key
PostalAPI = postal_api PostalAPI = postal_api
PostalEmail = email_src PostalEmail = email_src
@ -63,8 +63,8 @@ type UserCredentials struct {
type Claims struct { type Claims struct {
Username string `json:"username", db:"username"` Username string `json:"username", db:"username"`
Admin string `json:"admin", db:"admin"` Admin bool `json:"admin", db:"admin"`
Verified string `json:"verified", db:"verified"` Verified bool `json:"verified", db:"verified"`
jwt.StandardClaims jwt.StandardClaims
} }
@ -81,6 +81,11 @@ type ComposedEmail struct {
func Routes() *chi.Mux { func Routes() *chi.Mux {
r := chi.NewRouter() r := chi.NewRouter()
r.Group(func(r chi.Router) {
r.Use(jwtauth.Verify(EmailAuth, auth_middleware.TokenFromUrl))
r.Use(jwtauth.Authenticator)
r.Get("/verify/{token}", verify)
})
r.Post("/signin", signin) r.Post("/signin", signin)
r.Post("/register", register) r.Post("/register", register)
r.Group(func(r chi.Router) { r.Group(func(r chi.Router) {
@ -91,6 +96,11 @@ func Routes() *chi.Mux {
return r return r
} }
func verify(w http.ResponseWriter, r *http.Request) {
token := chi.URLParam(r, "token")
fmt.Println(token)
}
func register(w http.ResponseWriter, r *http.Request) { func register(w http.ResponseWriter, r *http.Request) {
returnMessage := ReturnMessage{} returnMessage := ReturnMessage{}
creds := &SignUpCredentials{} creds := &SignUpCredentials{}
@ -142,6 +152,8 @@ func register(w http.ResponseWriter, r *http.Request) {
expirationTime := time.Now().Add(24 * time.Hour) expirationTime := time.Now().Add(24 * time.Hour)
claims := &Claims{ claims := &Claims{
Username: creds.Username, Username: creds.Username,
Admin: false,
Verified: false,
StandardClaims: jwt.StandardClaims{ StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(), ExpiresAt: expirationTime.Unix(),
}, },
@ -200,7 +212,7 @@ func refresh(w http.ResponseWriter, r *http.Request) {
returnMessage := ReturnMessage{} returnMessage := ReturnMessage{}
_, claims, _ := jwtauth.FromContext(r.Context()) _, claims, _ := jwtauth.FromContext(r.Context())
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
expirationTime := time.Now().Add(5 * time.Hour) expirationTime := time.Now().Add(24 * time.Hour)
user_claims := &Claims{} user_claims := &Claims{}
user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", claims["username"].(string)) user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", claims["username"].(string))
err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified) err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified)

View file

@ -2,6 +2,7 @@ package auth_middleware
import ( import (
"net/http" "net/http"
"path"
) )
func TokenFromSplitCookie(r *http.Request) string { func TokenFromSplitCookie(r *http.Request) string {
@ -16,3 +17,8 @@ func TokenFromSplitCookie(r *http.Request) string {
cookie := dataCookie.Value + "." + signatureCookie.Value cookie := dataCookie.Value + "." + signatureCookie.Value
return cookie return cookie
} }
func TokenFromUrl(r *http.Request) string {
_, token := path.Split(r.URL.Path)
return token
}