dispatch/server/auth.go

127 lines
2.4 KiB
Go
Raw Normal View History

package server
import (
"crypto/rand"
"fmt"
"io/ioutil"
"log"
"net/http"
2016-01-19 19:31:22 +00:00
"time"
2016-03-01 00:51:26 +00:00
"github.com/dgrijalva/jwt-go"
"github.com/khlieng/dispatch/storage"
)
const (
cookieName = "dispatch"
)
var (
hmacKey []byte
)
func initAuth() {
var err error
hmacKey, err = getHMACKey()
if err != nil {
log.Fatal(err)
}
}
func getHMACKey() ([]byte, error) {
key, err := ioutil.ReadFile(storage.Path.HMACKey())
if err != nil {
key = make([]byte, 32)
rand.Read(key)
err = ioutil.WriteFile(storage.Path.HMACKey(), key, 0600)
if err != nil {
return nil, err
}
}
return key, nil
}
func handleAuth(w http.ResponseWriter, r *http.Request) *Session {
var session *Session
cookie, err := r.Cookie(cookieName)
if err != nil {
authLog(r, "No cookie set")
session = newUser(w, r)
} else {
token, err := parseToken(cookie.Value)
if err == nil && token.Valid {
claims := token.Claims.(jwt.MapClaims)
userID := uint64(claims["UserID"].(float64))
log.Println(r.RemoteAddr, "[Auth] GET", r.URL.Path, "| Valid token | User ID:", userID)
session = sessions.get(userID)
if session == nil {
// A previous anonymous session has been cleaned up, create a new one
session = newUser(w, r)
}
} else {
if err != nil {
authLog(r, "Invalid token: "+err.Error())
} else {
authLog(r, "Invalid token")
}
session = newUser(w, r)
}
}
return session
}
func newUser(w http.ResponseWriter, r *http.Request) *Session {
2016-01-17 20:15:29 +00:00
user, err := storage.NewUser()
if err != nil {
return nil
}
log.Println(r.RemoteAddr, "[Auth] Create session | User ID:", user.ID)
session := NewSession(user)
sessions.set(user.ID, session)
go session.run()
token := jwt.New(jwt.SigningMethodHS256)
claims := token.Claims.(jwt.MapClaims)
claims["UserID"] = user.ID
tokenString, err := token.SignedString(hmacKey)
if err != nil {
return nil
}
http.SetCookie(w, &http.Cookie{
Name: cookieName,
Value: tokenString,
Path: "/",
2016-01-19 19:31:22 +00:00
Expires: time.Now().AddDate(0, 1, 0),
HttpOnly: true,
Secure: r.TLS != nil,
})
return session
}
func parseToken(cookie string) (*jwt.Token, error) {
return jwt.Parse(cookie, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return hmacKey, nil
})
}
func authLog(r *http.Request, s string) {
log.Println(r.RemoteAddr, "[Auth] GET", r.URL.Path, "|", s)
}