diff --git a/internal/api/auth.go b/internal/api/auth.go index 85a037b..657dc8d 100644 --- a/internal/api/auth.go +++ b/internal/api/auth.go @@ -247,7 +247,8 @@ func RefreshToken(s storage.Store) http.HandlerFunc { uuid := claims["uuid"].(string) //Check from tokens db table - if !s.Tokens().Any(uuid) { + _, tokenExist := s.Tokens().Any(uuid) + if !tokenExist { userid := claims["user_id"].(float64) s.Tokens().Delete(int(userid)) RespondWithError(w, http.StatusUnauthorized, InvalidToken) diff --git a/internal/api/login.go b/internal/api/login.go index 8c3586c..d5fc156 100644 --- a/internal/api/login.go +++ b/internal/api/login.go @@ -69,15 +69,28 @@ func FindLoginsByID(s storage.Store) http.HandlerFunc { // Create ... func CreateLogin(s storage.Store) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - var loginDTO model.LoginDTO + type Payload struct { + Data string `json:"data"` + } + var payload Payload decoder := json.NewDecoder(r.Body) - if err := decoder.Decode(&loginDTO); err != nil { + if err := decoder.Decode(&payload); err != nil { RespondWithError(w, http.StatusBadRequest, InvalidRequestPayload) return } defer r.Body.Close() + var loginDTO model.LoginDTO + + key := r.Context().Value("transmissionKey").(string) + err := app.DecryptJSON(key, []byte(payload.Data), &loginDTO) + if err != nil { + RespondWithError(w, http.StatusInternalServerError, err.Error()) + return + } + + fmt.Println(loginDTO) schema := r.Context().Value("schema").(string) createdLogin, err := app.CreateLogin(s, &loginDTO, schema) if err != nil { diff --git a/internal/app/crypto.go b/internal/app/crypto.go index 3957ee9..59bd45d 100644 --- a/internal/app/crypto.go +++ b/internal/app/crypto.go @@ -2,21 +2,18 @@ package app import ( "encoding/json" - "log" openssl "github.com/Luzifer/go-openssl/v4" - "github.com/spf13/viper" ) // DecryptJSON ... -func DecryptJSON(encrypted []byte, v interface{}) error { +func DecryptJSON(key string, encrypted []byte, v interface{}) error { - // 1. Get a openssl object and secret key from configs + // 1. Get a openssl object o := openssl.New() - secret := viper.GetString("server.aesKey") // 2. Decrypt string - dec, err := o.DecryptBytes(secret, encrypted, openssl.BytesToKeyMD5) + dec, err := o.DecryptBytes(key, encrypted, openssl.BytesToKeyMD5) if err != nil { return err } @@ -30,11 +27,10 @@ func DecryptJSON(encrypted []byte, v interface{}) error { } // EncryptJSON ... -func EncryptJSON(v interface{}) ([]byte, error) { +func EncryptJSON(key string, v interface{}) ([]byte, error) { - // 1. Get a openssl object and secret key from configs + // 1. Get a openssl object o := openssl.New() - secret := viper.GetString("server.aesKey") // 2. Marshall to text text, err := json.Marshal(v) @@ -43,10 +39,10 @@ func EncryptJSON(v interface{}) ([]byte, error) { } // 3. Encrypt it - enc, err := o.EncryptBytes(secret, text, openssl.BytesToKeyMD5) + enc, err := o.EncryptBytes(key, text, openssl.BytesToKeyMD5) if err != nil { return nil, err } - log.Println(string(enc)) + return enc, nil } diff --git a/internal/router/auth.go b/internal/router/auth.go index 94aea4c..d4467cb 100644 --- a/internal/router/auth.go +++ b/internal/router/auth.go @@ -42,7 +42,9 @@ func Auth(s storage.Store) negroni.HandlerFunc { uuid, _ := claims["uuid"].(string) //check from db - if !s.Tokens().Any(uuid) { + tokenRow, tokenExist := s.Tokens().Any(uuid) + + if !tokenExist { userid, _ := strconv.Atoi(fmt.Sprintf("%.f", claims["user_id"])) s.Tokens().Delete(userid) w.WriteHeader(http.StatusUnauthorized) @@ -52,16 +54,18 @@ func Auth(s storage.Store) negroni.HandlerFunc { ctxAuthorized := claims["authorized"].(bool) ctxUserID := claims["user_id"].(float64) ctxSchema := fmt.Sprintf("user%v", claims["user_id"]) + ctxTransmissionKey := tokenRow.TransmissionKey ctx := r.Context() ctxWithID := context.WithValue(ctx, "id", ctxUserID) ctxWithAuthorized := context.WithValue(ctxWithID, "authorized", ctxAuthorized) ctxWithSchema := context.WithValue(ctxWithAuthorized, "schema", ctxSchema) + ctxWithTransmissionKey := context.WithValue(ctxWithSchema, "transmissionKey", ctxTransmissionKey) // These context variables can be accesable with // ctxAuthorized := r.Context().Value("authorized").(bool) // ctxID := r.Context().Value("id").(float64) - next(w, r.WithContext(ctxWithSchema)) + next(w, r.WithContext(ctxWithTransmissionKey)) }) } diff --git a/internal/storage/repository.go b/internal/storage/repository.go index 1f0b98b..80e0bf2 100644 --- a/internal/storage/repository.go +++ b/internal/storage/repository.go @@ -95,7 +95,7 @@ type EmailRepository interface { // TokenRepository ... // TODO: Add explanation to functions in TokenRepository type TokenRepository interface { - Any(uuid string) bool + Any(uuid string) (model.Token, bool) Save(userid int, uuid uuid.UUID, tkn string, expriydate time.Time, transmissionKey string) Delete(userid int) DeleteByUUID(uuid string) diff --git a/internal/storage/token/token_repository.go b/internal/storage/token/token_repository.go index 1ffd2ef..ee35726 100644 --- a/internal/storage/token/token_repository.go +++ b/internal/storage/token/token_repository.go @@ -18,16 +18,15 @@ func NewRepository(db *gorm.DB) *Repository { return &Repository{db: db} } -func (p *Repository) Any(uuid string) bool { +func (p *Repository) Any(uuid string) (model.Token, bool) { - var token model.Token + token := model.Token{} if !p.db.Where("uuid = ?", uuid).First(&token).RecordNotFound() { - return true + return token, true } - return false - + return token, false } func (p *Repository) Save(userid int, uid uuid.UUID, tkn string, expriydate time.Time, transmissionKey string) {