diff --git a/controllers/nodeHttpController.go b/controllers/nodeHttpController.go index 11ffa8da..ed3a5e06 100644 --- a/controllers/nodeHttpController.go +++ b/controllers/nodeHttpController.go @@ -6,6 +6,7 @@ import ( "net/http" "strings" "time" + "github.com/gorilla/mux" "github.com/gravitl/netmaker/database" "github.com/gravitl/netmaker/functions" @@ -194,17 +195,6 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha macaddress = "mastermac" isAuthorized = true r.Header.Set("ismasterkey", "yes") - } else { - r.Header.Set("ismasterkey", "") - mac, _, err := functions.VerifyToken(authToken) - if err != nil { - errorResponse = models.ErrorResponse{ - Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.", - } - returnErrorResponse(w, r, errorResponse) - return - } - macaddress = mac } if !isadmin && params["network"] != "" { if functions.SliceContains(networks, params["network"]) { diff --git a/functions/jwt.go b/functions/jwt.go index 225232bf..cd7b3f15 100644 --- a/functions/jwt.go +++ b/functions/jwt.go @@ -1,87 +1,92 @@ package functions import ( - "time" - "github.com/gravitl/netmaker/models" - "github.com/gravitl/netmaker/servercfg" - "github.com/dgrijalva/jwt-go" + "errors" + "time" + + "github.com/dgrijalva/jwt-go" + "github.com/gravitl/netmaker/models" + "github.com/gravitl/netmaker/servercfg" ) var jwtSecretKey = []byte("(BytesOverTheWire)") // CreateJWT func will used to create the JWT while signing in and signing out func CreateJWT(macaddress string, network string) (response string, err error) { - expirationTime := time.Now().Add(5 * time.Minute) - claims := &models.Claims{ - MacAddress: macaddress, - Network: network, - StandardClaims: jwt.StandardClaims{ - ExpiresAt: expirationTime.Unix(), - }, - } + expirationTime := time.Now().Add(5 * time.Minute) + claims := &models.Claims{ + MacAddress: macaddress, + Network: network, + StandardClaims: jwt.StandardClaims{ + ExpiresAt: expirationTime.Unix(), + }, + } - token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - tokenString, err := token.SignedString(jwtSecretKey) - if err == nil { - return tokenString, nil - } - return "", err + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + tokenString, err := token.SignedString(jwtSecretKey) + if err == nil { + return tokenString, nil + } + return "", err } func CreateUserJWT(username string, networks []string, isadmin bool) (response string, err error) { - expirationTime := time.Now().Add(60 * time.Minute) - claims := &models.UserClaims{ - UserName: username, - Networks: networks, - IsAdmin: isadmin, - StandardClaims: jwt.StandardClaims{ - ExpiresAt: expirationTime.Unix(), - }, - } + expirationTime := time.Now().Add(1 * time.Minute) + claims := &models.UserClaims{ + UserName: username, + Networks: networks, + IsAdmin: isadmin, + StandardClaims: jwt.StandardClaims{ + ExpiresAt: expirationTime.Unix(), + }, + } - token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - tokenString, err := token.SignedString(jwtSecretKey) - if err == nil { - return tokenString, nil - } - return "", err + token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) + tokenString, err := token.SignedString(jwtSecretKey) + if err == nil { + return tokenString, nil + } + return "", err } // VerifyToken func will used to Verify the JWT Token while using APIS func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) { - claims := &models.UserClaims{} + claims := &models.UserClaims{} - if tokenString == servercfg.GetMasterKey() { - return "masteradministrator", nil, true, nil - } + if tokenString == servercfg.GetMasterKey() { + return "masteradministrator", nil, true, nil + } - token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) { - return jwtSecretKey, nil - }) + token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) { + return jwtSecretKey, nil + }) - if token != nil { - return claims.UserName, claims.Networks, claims.IsAdmin, nil - } - return "", nil, false, err + if token != nil && token.Valid { + // check that user exists + if user, err := GetUser(claims.UserName); user.UserName != "" && err == nil { + return claims.UserName, claims.Networks, claims.IsAdmin, nil + } + err = errors.New("user does not exist") + } + return "", nil, false, err } -// VerifyToken func will used to Verify the JWT Token while using APIS +// GRPC [nodes] Only func VerifyToken(tokenString string) (macaddress string, network string, err error) { - claims := &models.Claims{} + claims := &models.Claims{} - //this may be a stupid way of serving up a master key - //TODO: look into a different method. Encryption? - if tokenString == servercfg.GetMasterKey() { - return "mastermac", "", nil - } + //this may be a stupid way of serving up a master key + //TODO: look into a different method. Encryption? + if tokenString == servercfg.GetMasterKey() { + return "mastermac", "", nil + } - token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) { - return jwtSecretKey, nil - }) + token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) { + return jwtSecretKey, nil + }) - if token != nil { - return claims.MacAddress, claims.Network, nil - } - return "", "", err + if token != nil { + return claims.MacAddress, claims.Network, nil + } + return "", "", err } - diff --git a/models/names.go b/models/names.go index a0e80857..56b1086a 100644 --- a/models/names.go +++ b/models/names.go @@ -5,7 +5,7 @@ import ( "time" ) -// 5-7 chars only +// 4-7 chars only var NAMES = []string{ "logic", "warrant", @@ -32,7 +32,6 @@ var NAMES = []string{ "python", "mohawk", "arctic", - "linear", "rival", "vibes", "delay", @@ -65,7 +64,6 @@ var NAMES = []string{ "clutch", "shark", "leader", - "smelly", "young", "robot", "squish", @@ -73,7 +71,7 @@ var NAMES = []string{ "rocket", "space", "queen", - "royal", + "royalty", "flush", "earth", "planet", @@ -92,31 +90,71 @@ var NAMES = []string{ "goose", "pepper", "melissa", + "alex", + "elon", + "yeet", + "meh", + "walrus", + "avatar", + "chicken", + "proton", + "mohawk", + "tattoo", + "zebra", + "star", + "butter", + "tango", + "homie", + "rambo", + "cosmo", + "bubbles", + "hulk", + "pluto", + "scooby", + "thanos", + "yoda", + "draco", + "goofy", + "ditto", + "puff", + "duck", + "mouse", + "akita", + "water", + "hound", + "baby", + "spider", + "squid", + "roach", + "crab", + "cougar", + "cyborg", + "android", + "being", + "ninja", + "unicorn", + "zombie", + "warrior", + "zamboni", + "life", + "marine", + "node", + "mother", + "father", + "tesla", } // must be 4 chars or less var SMALL_NAMES = []string{ "ace", - "tank", - "alex", - "dude", + "odd", + "hot", + "ill", "root", "sudo", - "mars", - "meow", - "elon", - "musk", "moon", "beef", - "tack", - "matt", - "soon", - "man", - "sup", - "yo", "bro", - "john", - "drop", "dank", "red", "gold", @@ -128,7 +166,6 @@ var SMALL_NAMES = []string{ "lil", "mom", "bot", - "farm", "evil", "good", "holy", @@ -137,48 +174,60 @@ var SMALL_NAMES = []string{ "sad", "mad", "chad", - "hat", "pre", "post", "foot", "soft", "hard", - "bob", - "tree", "lite", - "fish", "dark", "true", - "cat", - "dog", - "wow", - "yay", - "yeet", - "zoo", "toy", - "boy", "soy", "rude", "nice", - "cow", - "meh", - "shoe", - "sock", - "toe", - "nail", - "hair", - "nose", - "ear", - "tear", - "lad", - "taco", - "star", - "sun", - "ship", - "pack", - "mule", - "drag", - "king", + "fun", + "fat", + "pro", + "sly", + "tan", + "pet", + "fine", + "main", + "last", + "wide", + "free", + "open", + "poor", + "rich", + "next", + "real", + "long", + "huge", + "wild", + "sick", + "weak", + "firm", + "pink", + "okay", + "dull", + "loud", + "lazy", + "dumb", + "tidy", + "idle", + "bony", + "cute", + "oily", + "lame", + "mega", + "limp", + "wavy", + "edgy", + "nosy", + "zany", + "base", + "cold", } func GenerateNodeName() string {