current

usermanager.go

@@ -5,7 +5,9 @@ import (
   "time"
   "strconv"
   "git.mmnx.de/Moe/databaseutils"
+  "git.mmnx.de/Moe/configutils"
   "github.com/dgrijalva/jwt-go"
+  "github.com/kataras/iris"
   "fmt"
 )
 
@@ -29,7 +31,7 @@ type User struct {
 
 
 func (user *User) Login(username string, password string) (string, error) {
-  hmacSampleSecret := []byte("ayyLMAO") // crypto key for JWT encryption, TODO: move this to some config
+  hmacSampleSecret := []byte(configutils.Conf.CryptoKey) // crypto key for JWT encryption
   row, err := databaseutils.DBUtil.GetRow("*", "users", "username", username) // get user
 
   if err != nil {
@@ -40,10 +42,16 @@ func (user *User) Login(username string, password string) (string, error) {
   }
 
   if password == row[2] {
+    expire, err := time.ParseDuration("168h") // 7 days
+    if(err != nil) {
+      return "", errors.New("the hell?")
+    }
+
     token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
       "username": username,
       "userid": row[0],
       "nbf": time.Now().Unix(),
+      "exp": time.Now().Add(expire).Unix(),
       "token": "nigger", // TODO db based tokens
     })
 
@@ -59,6 +67,7 @@ func (user *User) Login(username string, password string) (string, error) {
 
     return tokenString, nil
   } else {
+
     return "", errors.New(ERR_PASSWORD_MISMATCH)
   }
 }
@@ -72,8 +81,8 @@ func searchUser(userID int) int {
     return -1
 }
 
-func VerifyUserLoggedIn(tokenString string) (bool, error) {
-  hmacSampleSecret := []byte("ayyLMAO") // crypto key for JWT encryption, TODO: move this to some config
+func VerifyUserLoggedIn(tokenString string) (bool, int, error) { // TODO renew JWT from time to time preventing expiry
+  hmacSampleSecret := []byte(configutils.Conf.CryptoKey) // crypto key for JWT encryption
 
   token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
     if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
@@ -87,14 +96,31 @@ func VerifyUserLoggedIn(tokenString string) (bool, error) {
       intUserID, _ := strconv.Atoi(userID) // convert to int ... god i love scripting languages
       sliceID := searchUser(intUserID) // verify that user has a session on the server
       if sliceID != -1 { // searchUser returns -1 if there's no such user
-        return true, nil
+        return true, intUserID, nil
       } else {
-        return false, errors.New(ERR_SESSION_TIMED_OUT) // Session probably expired - may also be faked? TODO more checks?
+        return false, -1, errors.New(ERR_SESSION_TIMED_OUT) // Session probably expired - may also be faked? TODO more checks?
       }
     } else {
-        return false, errors.New("Unknown error") // This should never happen, prolly can't convert something in claims then..
+        return false, -1, errors.New("Unknown error") // This should never happen, prolly can't convert something in claims then..
     }
   } else {
-    return false, errors.New(ERR_INVALID_TOKEN) // Token is invalid, expired or whatever, TODO switch with ERR_SESSION_TIMED_OUT when database based session system
+    return false, -1, errors.New(ERR_INVALID_TOKEN) // Token is invalid, expired or whatever, TODO switch with ERR_SESSION_TIMED_OUT when database based session system
+  }
+}
+
+func AuthHandler(ctx *iris.Context) {
+  tokenString := ctx.GetCookie("token")
+  isAuthed, userID, err := VerifyUserLoggedIn(tokenString)
+
+  ctx.Set("userID", userID)
+
+  if err != nil {
+    ctx.Write(err.Error()) // TODO template compatible error handling
+  }
+
+  if isAuthed {
+    ctx.Next()
+  } else {
+    //ctx.Redirect("/login") // TODO redirect after x second when templates are ready
   }
 }