Update jwtauth and remove jwt-go since it has vulns
This commit is contained in:
parent
cb75af9997
commit
f1987e310a
2 changed files with 19 additions and 24 deletions
5
main.go
5
main.go
|
|
@ -1,6 +1,7 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"compress/flate"
|
||||
"fmt"
|
||||
_ "github.com/lib/pq"
|
||||
"log"
|
||||
|
|
@ -61,11 +62,13 @@ func Routes() *chi.Mux {
|
|||
MaxAge: 360,
|
||||
})
|
||||
|
||||
compressor := middleware.NewCompressor(flate.DefaultCompression)
|
||||
|
||||
router.Use(
|
||||
compressor.Handler,
|
||||
cors.Handler,
|
||||
render.SetContentType(render.ContentTypeJSON),
|
||||
middleware.Logger,
|
||||
middleware.DefaultCompress,
|
||||
middleware.RedirectSlashes,
|
||||
middleware.Recoverer,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ import (
|
|||
"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"
|
||||
"git.minhas.io/asara/sudoscientist-go-backend/packages/users"
|
||||
"github.com/badoux/checkmail"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/go-chi/jwtauth"
|
||||
"github.com/go-chi/render"
|
||||
|
|
@ -66,7 +65,6 @@ type Claims struct {
|
|||
Username string `json:"username", db:"username"`
|
||||
Admin bool `json:"admin", db:"admin"`
|
||||
Verified bool `json:"verified", db:"verified"`
|
||||
jwt.StandardClaims
|
||||
}
|
||||
|
||||
type JWT struct {
|
||||
|
|
@ -175,14 +173,12 @@ func register(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
users.CreateProfile(creds.Username, creds.Email)
|
||||
expirationTime := time.Now().Add(24 * time.Hour)
|
||||
claims := &Claims{
|
||||
Username: creds.Username,
|
||||
Admin: false,
|
||||
Verified: false,
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
ExpiresAt: expirationTime.Unix(),
|
||||
},
|
||||
claims := map[string]interface{}{
|
||||
"username": creds.Username,
|
||||
"admin": false,
|
||||
"verified": false,
|
||||
}
|
||||
jwtauth.SetExpiry(claims, expirationTime)
|
||||
if PostalEnabled {
|
||||
_, emailToken, _ := EmailAuth.Encode(claims)
|
||||
returnMessage, ok := sendEmailToken(w, emailToken, creds.Username, creds.Email)
|
||||
|
|
@ -227,14 +223,12 @@ func signin(w http.ResponseWriter, r *http.Request) {
|
|||
user_claims := &Claims{}
|
||||
user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", creds.Username)
|
||||
err = user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified)
|
||||
claims := &Claims{
|
||||
Username: user_claims.Username,
|
||||
Admin: user_claims.Admin,
|
||||
Verified: user_claims.Verified,
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
ExpiresAt: expirationTime.Unix(),
|
||||
},
|
||||
claims := map[string]interface{}{
|
||||
"username": user_claims.Username,
|
||||
"admin": user_claims.Admin,
|
||||
"verified": user_claims.Verified,
|
||||
}
|
||||
jwtauth.SetExpiry(claims, expirationTime)
|
||||
_, tokenString, _ := TokenAuth.Encode(claims)
|
||||
setCookies(w, tokenString, expirationTime)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
|
@ -258,14 +252,12 @@ func refresh(w http.ResponseWriter, r *http.Request) {
|
|||
render.JSON(w, r, returnMessage)
|
||||
return
|
||||
}
|
||||
newClaims := &Claims{
|
||||
Username: user_claims.Username,
|
||||
Admin: user_claims.Admin,
|
||||
Verified: user_claims.Verified,
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
ExpiresAt: expirationTime.Unix(),
|
||||
},
|
||||
newClaims := map[string]interface{}{
|
||||
"username": user_claims.Username,
|
||||
"admin": user_claims.Admin,
|
||||
"verified": user_claims.Verified,
|
||||
}
|
||||
jwtauth.SetExpiry(newClaims, expirationTime)
|
||||
_, tokenString, _ := TokenAuth.Encode(newClaims)
|
||||
setCookies(w, tokenString, expirationTime)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
|
|
|||
Reference in a new issue