nihonium/nyanimedb
1
0
Fork 1
Code Issues 11 Pull requests Releases Packages 3 Activity Actions

feat: xsrf_token set
All checks were successful
Build and Deploy Go App / build (push) Successful in 6m9s
Details
Build and Deploy Go App / deploy (push) Successful in 34s
Details

Browse source
This commit is contained in:
nihonium 2025-12-04 06:29:20 +03:00
parent 31e55c0539
commit b79a6b9117
Signed by: nihonium
GPG key ID: 0251623741027CFC
5 changed files with 117 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

38
modules/auth/handlers/handlers.go
View file

@ -2,6 +2,8 @@ package handlers
import (
"context"
"crypto/rand"
"encoding/base64"
"fmt"
"net/http"
auth "nyanimedb/auth"
@ -15,15 +17,13 @@ import (
log "github.com/sirupsen/logrus"
)
var accessSecret = []byte("my_access_secret_key")
var refreshSecret = []byte("my_refresh_secret_key")
type Server struct {
db *sqlc.Queries
db *sqlc.Queries
JwtPrivateKey string
}
func NewServer(db *sqlc.Queries) Server {
return Server{db: db}
func NewServer(db *sqlc.Queries, JwtPrivatekey string) Server {
return Server{db: db, JwtPrivateKey: JwtPrivatekey}
}
func parseInt64(s string) (int32, error) {
@ -47,15 +47,15 @@ func CheckPassword(password, hash string) (bool, error) {
return argon2id.ComparePasswordAndHash(password, hash)
}
func generateTokens(userID string) (accessToken string, refreshToken string, err error) {
func (s Server) generateTokens(userID string) (accessToken string, refreshToken string, csrfToken string, err error) {
accessClaims := jwt.MapClaims{
"user_id": userID,
"exp": time.Now().Add(15 * time.Minute).Unix(),
}
at := jwt.NewWithClaims(jwt.SigningMethodHS256, accessClaims)
accessToken, err = at.SignedString(accessSecret)
accessToken, err = at.SignedString(s.JwtPrivateKey)
if err != nil {
return "", "", err
return "", "", "", err
}
refreshClaims := jwt.MapClaims{
@ -63,12 +63,19 @@ func generateTokens(userID string) (accessToken string, refreshToken string, err
"exp": time.Now().Add(7 * 24 * time.Hour).Unix(),
}
rt := jwt.NewWithClaims(jwt.SigningMethodHS256, refreshClaims)
refreshToken, err = rt.SignedString(refreshSecret)
refreshToken, err = rt.SignedString(s.JwtPrivateKey)
if err != nil {
return "", "", err
return "", "", "", err
}
return accessToken, refreshToken, nil
csrfBytes := make([]byte, 32)
_, err = rand.Read(csrfBytes)
if err != nil {
return "", "", "", err
}
csrfToken = base64.RawURLEncoding.EncodeToString(csrfBytes)
return accessToken, refreshToken, csrfToken, nil
}
func (s Server) PostAuthSignUp(ctx context.Context, req auth.PostAuthSignUpRequestObject) (auth.PostAuthSignUpResponseObject, error) {
@ -118,7 +125,7 @@ func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInReque
}, nil
}
accessToken, refreshToken, err := generateTokens(req.Body.Nickname)
accessToken, refreshToken, csrfToken, err := s.generateTokens(req.Body.Nickname)
if err != nil {
log.Errorf("failed to generate tokens for user %s: %v", req.Body.Nickname, err)
// TODO: return 500
@ -126,8 +133,9 @@ func (s Server) PostAuthSignIn(ctx context.Context, req auth.PostAuthSignInReque
// TODO: check cookie settings carefully
ginCtx.SetSameSite(http.SameSiteStrictMode)
ginCtx.SetCookie("access_token", accessToken, 604800, "/auth", "", false, true)
ginCtx.SetCookie("refresh_token", refreshToken, 604800, "/api", "", false, true)
ginCtx.SetCookie("access_token", accessToken, 900, "/api", "", false, true)
ginCtx.SetCookie("refresh_token", refreshToken, 1209600, "/auth", "", false, true)
ginCtx.SetCookie("xsrf_token", csrfToken, 1209600, "/api", "", false, false)
result := auth.PostAuthSignIn200JSONResponse{
UserId: user.ID,