Update jwtauth and remove jwt-go since it has vulns

This commit is contained in:
Amarpreet Minhas 2021-01-16 19:26:19 -05:00
parent cb75af9997
commit f1987e310a
2 changed files with 19 additions and 24 deletions

View file

@ -1,6 +1,7 @@
package main
import (
"compress/flate"
"fmt"
_ "github.com/lib/pq"
"log"
@ -61,11 +62,13 @@ func Routes() *chi.Mux {
MaxAge: 360,
})
compressor := middleware.NewCompressor(flate.DefaultCompression)
router.Use(
compressor.Handler,
cors.Handler,
render.SetContentType(render.ContentTypeJSON),
middleware.Logger,
middleware.DefaultCompress,
middleware.RedirectSlashes,
middleware.Recoverer,
)

View file

@ -8,7 +8,6 @@ import (
"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"
"git.minhas.io/asara/sudoscientist-go-backend/packages/users"
"github.com/badoux/checkmail"
"github.com/dgrijalva/jwt-go"
"github.com/go-chi/chi"
"github.com/go-chi/jwtauth"
"github.com/go-chi/render"
@ -66,7 +65,6 @@ type Claims struct {
Username string `json:"username", db:"username"`
Admin bool `json:"admin", db:"admin"`
Verified bool `json:"verified", db:"verified"`
jwt.StandardClaims
}
type JWT struct {
@ -175,14 +173,12 @@ func register(w http.ResponseWriter, r *http.Request) {
}
users.CreateProfile(creds.Username, creds.Email)
expirationTime := time.Now().Add(24 * time.Hour)
claims := &Claims{
Username: creds.Username,
Admin: false,
Verified: false,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
claims := map[string]interface{}{
"username": creds.Username,
"admin": false,
"verified": false,
}
jwtauth.SetExpiry(claims, expirationTime)
if PostalEnabled {
_, emailToken, _ := EmailAuth.Encode(claims)
returnMessage, ok := sendEmailToken(w, emailToken, creds.Username, creds.Email)
@ -227,14 +223,12 @@ func signin(w http.ResponseWriter, r *http.Request) {
user_claims := &Claims{}
user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", creds.Username)
err = user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified)
claims := &Claims{
Username: user_claims.Username,
Admin: user_claims.Admin,
Verified: user_claims.Verified,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
claims := map[string]interface{}{
"username": user_claims.Username,
"admin": user_claims.Admin,
"verified": user_claims.Verified,
}
jwtauth.SetExpiry(claims, expirationTime)
_, tokenString, _ := TokenAuth.Encode(claims)
setCookies(w, tokenString, expirationTime)
w.WriteHeader(http.StatusOK)
@ -258,14 +252,12 @@ func refresh(w http.ResponseWriter, r *http.Request) {
render.JSON(w, r, returnMessage)
return
}
newClaims := &Claims{
Username: user_claims.Username,
Admin: user_claims.Admin,
Verified: user_claims.Verified,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
newClaims := map[string]interface{}{
"username": user_claims.Username,
"admin": user_claims.Admin,
"verified": user_claims.Verified,
}
jwtauth.SetExpiry(newClaims, expirationTime)
_, tokenString, _ := TokenAuth.Encode(newClaims)
setCookies(w, tokenString, expirationTime)
w.WriteHeader(http.StatusOK)