mirror of
https://github.com/nicksherron/bashhub-server.git
synced 2025-09-14 16:24:28 +08:00
jwt secret refactor
This commit is contained in:
nicksherron
parent
21351444c8
commit
21537c1d0b
2 changed files with 31 additions and 4 deletions
|
|
@ -94,15 +94,38 @@ func dbInit() {
|
|||
gormdb.AutoMigrate(&User{})
|
||||
gormdb.AutoMigrate(&Command{})
|
||||
gormdb.AutoMigrate(&System{})
|
||||
gormdb.AutoMigrate(&Config{})
|
||||
|
||||
//TODO: ensure these are the most efficient indexes
|
||||
gormdb.Model(&User{}).AddIndex("idx_user", "username")
|
||||
gormdb.Model(&System{}).AddIndex("idx_mac", "mac")
|
||||
gormdb.Model(&Command{}).AddIndex("idx_user_command_created", "user_id, created, command")
|
||||
gormdb.Model(&Command{}).AddIndex("idx_user_uuid", "user_id, uuid")
|
||||
gormdb.Model(&Config{}).AddUniqueIndex("idx_config_id", "id")
|
||||
|
||||
// Just need gorm for migration and index creation.
|
||||
gormdb.Close()
|
||||
}
|
||||
|
||||
func (c Config) getSecret() string {
|
||||
var err error
|
||||
if connectionLimit != 1 {
|
||||
_, err = db.Exec(`INSERT INTO configs ("id","created" "secret")
|
||||
VALUES (1, now(), SELECT md5(random()::text))
|
||||
ON conflict do nothing;`)
|
||||
|
||||
} else {
|
||||
_, err = db.Exec(`INSERT INTO configs ("id","created" ,"secret")
|
||||
VALUES (1, current_timestamp, lower(hex(randomblob(16))))
|
||||
ON conflict do nothing;`)
|
||||
}
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
err = db.QueryRow(`SELECT "secret" from configs where "id" = 1 `).Scan(&c.Secret)
|
||||
return c.Secret
|
||||
}
|
||||
|
||||
func hashAndSalt(password string) string {
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.MinCost)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -94,16 +94,20 @@ type Status struct {
|
|||
SessionTotalCommands int `json:"sessionTotalCommands"`
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
Secret string
|
||||
ID int
|
||||
Created time.Duration
|
||||
}
|
||||
|
||||
var (
|
||||
// Addr is the listen and server address for our server (gin)
|
||||
Addr string
|
||||
// LogFile is the log file location for http logging. Default is stderr.
|
||||
LogFile string
|
||||
config Config
|
||||
)
|
||||
|
||||
//TODO: Figure out a better way to do this.
|
||||
const secret = "bashub-server-secret"
|
||||
|
||||
func getLog() *os.File {
|
||||
|
||||
if LogFile != "" {
|
||||
|
|
@ -147,7 +151,7 @@ func Run() {
|
|||
// the jwt middleware
|
||||
authMiddleware, err := jwt.New(&jwt.GinJWTMiddleware{
|
||||
Realm: "bashhub-server zone",
|
||||
Key: []byte(secret),
|
||||
Key: []byte(config.getSecret()),
|
||||
Timeout: 10000 * time.Hour,
|
||||
MaxRefresh: 10000 * time.Hour,
|
||||
IdentityKey: "username",
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue