aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth/auth.go27
-rw-r--r--auth/controller.go49
-rw-r--r--go.mod4
-rw-r--r--go.sum4
-rw-r--r--openbills.toml4
5 files changed, 81 insertions, 7 deletions
diff --git a/auth/auth.go b/auth/auth.go
new file mode 100644
index 0000000..6797c91
--- /dev/null
+++ b/auth/auth.go
@@ -0,0 +1,27 @@
+/* openbills - Server for web based Libre Billing Software
+ * Copyright (C) 2023 Vidhu Kant Sharma <vidhukant@vidhukant.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package auth
+
+import (
+ "github.com/golang-jwt/jwt/v5"
+)
+
+type AuthClaims struct {
+ jwt.RegisteredClaims
+ UserID uint `json:"userid"`
+}
diff --git a/auth/controller.go b/auth/controller.go
index 901d204..93211dd 100644
--- a/auth/controller.go
+++ b/auth/controller.go
@@ -18,16 +18,23 @@
package auth
import (
- "vidhukant.com/openbills/user"
- "golang.org/x/crypto/bcrypt"
- "github.com/spf13/viper"
"github.com/gin-gonic/gin"
+ "github.com/golang-jwt/jwt/v5"
+ "github.com/spf13/viper"
+ "golang.org/x/crypto/bcrypt"
+ "vidhukant.com/openbills/user"
"net/http"
+ "time"
)
-var COST int
+var (
+ COST int
+ AUTH_KEY, REFRESH_KEY []byte
+)
func init() {
COST = viper.GetInt("cryptography.password_hashing_cost")
+ AUTH_KEY = []byte(viper.GetString("cryptography.auth_key"))
+ REFRESH_KEY = []byte(viper.GetString("cryptography.refresh_key"))
}
func handleSignUp (ctx *gin.Context) {
@@ -74,7 +81,41 @@ func handleSignIn (ctx *gin.Context) {
return
}
+ authToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
+ AuthClaims {
+ jwt.RegisteredClaims {
+ IssuedAt: jwt.NewNumericDate(time.Now()),
+ ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 2)),
+ },
+ u.ID,
+ },
+ ).SignedString(AUTH_KEY)
+ if err != nil {
+ // TODO: handle potential errors
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
+
+ refreshToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256,
+ AuthClaims {
+ jwt.RegisteredClaims {
+ IssuedAt: jwt.NewNumericDate(time.Now()),
+ ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 6)),
+ },
+ u.ID,
+ },
+ ).SignedString(REFRESH_KEY)
+ if err != nil {
+ // TODO: handle potential errors
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
+
ctx.JSON(http.StatusOK, gin.H{
+ "auth_token": authToken,
+ "refresh_token": refreshToken,
"message": "success",
"data": u,
})
diff --git a/go.mod b/go.mod
index bc5c009..576ab67 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,10 @@ go 1.21.0
require (
github.com/gin-gonic/gin v1.9.1
+ github.com/golang-jwt/jwt/v4 v4.5.0
+ github.com/golang-jwt/jwt/v5 v5.0.0
github.com/spf13/viper v1.16.0
+ golang.org/x/crypto v0.9.0
gorm.io/driver/mysql v1.5.1
gorm.io/gorm v1.25.4
)
@@ -40,7 +43,6 @@ require (
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.11 // indirect
golang.org/x/arch v0.3.0 // indirect
- golang.org/x/crypto v0.9.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
diff --git a/go.sum b/go.sum
index 9f2d670..f4b69b3 100644
--- a/go.sum
+++ b/go.sum
@@ -86,6 +86,10 @@ github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ
github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
diff --git a/openbills.toml b/openbills.toml
index 9a9bc70..6733c5a 100644
--- a/openbills.toml
+++ b/openbills.toml
@@ -23,5 +23,5 @@ max_username_length = 32
[cryptography]
password_hashing_cost = 14
-auth_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm"
-refresh_secret = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm"
+auth_key = "22ELiOfHn19s0z1WWgsOT9RupghRYrXm"
+refresh_key = "22ELjsdlfkjalsdfjalsdjflajsdfljaiOfHn19s0z1WWgsOT9RupghRYrXm"