From f1987e310a5930a70f26838c45a164e41f43755d Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 16 Jan 2021 19:26:19 -0500 Subject: [PATCH] Update jwtauth and remove jwt-go since it has vulns --- main.go | 5 ++++- packages/auth/auth.go | 38 +++++++++++++++----------------------- 2 files changed, 19 insertions(+), 24 deletions(-) diff --git a/main.go b/main.go index 2c0deda..a5c885b 100644 --- a/main.go +++ b/main.go @@ -1,6 +1,7 @@ package main import ( + "compress/flate" "fmt" _ "github.com/lib/pq" "log" @@ -61,11 +62,13 @@ func Routes() *chi.Mux { MaxAge: 360, }) + compressor := middleware.NewCompressor(flate.DefaultCompression) + router.Use( + compressor.Handler, cors.Handler, render.SetContentType(render.ContentTypeJSON), middleware.Logger, - middleware.DefaultCompress, middleware.RedirectSlashes, middleware.Recoverer, ) diff --git a/packages/auth/auth.go b/packages/auth/auth.go index 1734276..dbc402b 100644 --- a/packages/auth/auth.go +++ b/packages/auth/auth.go @@ -8,7 +8,6 @@ import ( "git.minhas.io/asara/sudoscientist-go-backend/packages/middleware" "git.minhas.io/asara/sudoscientist-go-backend/packages/users" "github.com/badoux/checkmail" - "github.com/dgrijalva/jwt-go" "github.com/go-chi/chi" "github.com/go-chi/jwtauth" "github.com/go-chi/render" @@ -66,7 +65,6 @@ type Claims struct { Username string `json:"username", db:"username"` Admin bool `json:"admin", db:"admin"` Verified bool `json:"verified", db:"verified"` - jwt.StandardClaims } type JWT struct { @@ -175,14 +173,12 @@ func register(w http.ResponseWriter, r *http.Request) { } users.CreateProfile(creds.Username, creds.Email) expirationTime := time.Now().Add(24 * time.Hour) - claims := &Claims{ - Username: creds.Username, - Admin: false, - Verified: false, - StandardClaims: jwt.StandardClaims{ - ExpiresAt: expirationTime.Unix(), - }, + claims := map[string]interface{}{ + "username": creds.Username, + "admin": false, + "verified": false, } + jwtauth.SetExpiry(claims, expirationTime) if PostalEnabled { _, emailToken, _ := EmailAuth.Encode(claims) returnMessage, ok := sendEmailToken(w, emailToken, creds.Username, creds.Email) @@ -227,14 +223,12 @@ func signin(w http.ResponseWriter, r *http.Request) { user_claims := &Claims{} user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", creds.Username) err = user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified) - claims := &Claims{ - Username: user_claims.Username, - Admin: user_claims.Admin, - Verified: user_claims.Verified, - StandardClaims: jwt.StandardClaims{ - ExpiresAt: expirationTime.Unix(), - }, + claims := map[string]interface{}{ + "username": user_claims.Username, + "admin": user_claims.Admin, + "verified": user_claims.Verified, } + jwtauth.SetExpiry(claims, expirationTime) _, tokenString, _ := TokenAuth.Encode(claims) setCookies(w, tokenString, expirationTime) w.WriteHeader(http.StatusOK) @@ -258,14 +252,12 @@ func refresh(w http.ResponseWriter, r *http.Request) { render.JSON(w, r, returnMessage) return } - newClaims := &Claims{ - Username: user_claims.Username, - Admin: user_claims.Admin, - Verified: user_claims.Verified, - StandardClaims: jwt.StandardClaims{ - ExpiresAt: expirationTime.Unix(), - }, + newClaims := map[string]interface{}{ + "username": user_claims.Username, + "admin": user_claims.Admin, + "verified": user_claims.Verified, } + jwtauth.SetExpiry(newClaims, expirationTime) _, tokenString, _ := TokenAuth.Encode(newClaims) setCookies(w, tokenString, expirationTime) w.WriteHeader(http.StatusOK) -- 2.45.2