mirror of
https://github.com/nicksherron/bashhub-server.git
synced 2025-10-07 19:35:46 +08:00
jwt secret refactor
This commit is contained in:
parent
21351444c8
commit
21537c1d0b
2 changed files with 31 additions and 4 deletions
|
@ -94,15 +94,38 @@ func dbInit() {
|
||||||
gormdb.AutoMigrate(&User{})
|
gormdb.AutoMigrate(&User{})
|
||||||
gormdb.AutoMigrate(&Command{})
|
gormdb.AutoMigrate(&Command{})
|
||||||
gormdb.AutoMigrate(&System{})
|
gormdb.AutoMigrate(&System{})
|
||||||
|
gormdb.AutoMigrate(&Config{})
|
||||||
|
|
||||||
//TODO: ensure these are the most efficient indexes
|
//TODO: ensure these are the most efficient indexes
|
||||||
gormdb.Model(&User{}).AddIndex("idx_user", "username")
|
gormdb.Model(&User{}).AddIndex("idx_user", "username")
|
||||||
gormdb.Model(&System{}).AddIndex("idx_mac", "mac")
|
gormdb.Model(&System{}).AddIndex("idx_mac", "mac")
|
||||||
gormdb.Model(&Command{}).AddIndex("idx_user_command_created", "user_id, created, command")
|
gormdb.Model(&Command{}).AddIndex("idx_user_command_created", "user_id, created, command")
|
||||||
gormdb.Model(&Command{}).AddIndex("idx_user_uuid", "user_id, uuid")
|
gormdb.Model(&Command{}).AddIndex("idx_user_uuid", "user_id, uuid")
|
||||||
|
gormdb.Model(&Config{}).AddUniqueIndex("idx_config_id", "id")
|
||||||
|
|
||||||
// Just need gorm for migration and index creation.
|
// Just need gorm for migration and index creation.
|
||||||
gormdb.Close()
|
gormdb.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c Config) getSecret() string {
|
||||||
|
var err error
|
||||||
|
if connectionLimit != 1 {
|
||||||
|
_, err = db.Exec(`INSERT INTO configs ("id","created" "secret")
|
||||||
|
VALUES (1, now(), SELECT md5(random()::text))
|
||||||
|
ON conflict do nothing;`)
|
||||||
|
|
||||||
|
} else {
|
||||||
|
_, err = db.Exec(`INSERT INTO configs ("id","created" ,"secret")
|
||||||
|
VALUES (1, current_timestamp, lower(hex(randomblob(16))))
|
||||||
|
ON conflict do nothing;`)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
err = db.QueryRow(`SELECT "secret" from configs where "id" = 1 `).Scan(&c.Secret)
|
||||||
|
return c.Secret
|
||||||
|
}
|
||||||
|
|
||||||
func hashAndSalt(password string) string {
|
func hashAndSalt(password string) string {
|
||||||
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.MinCost)
|
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.MinCost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -94,16 +94,20 @@ type Status struct {
|
||||||
SessionTotalCommands int `json:"sessionTotalCommands"`
|
SessionTotalCommands int `json:"sessionTotalCommands"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
Secret string
|
||||||
|
ID int
|
||||||
|
Created time.Duration
|
||||||
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// Addr is the listen and server address for our server (gin)
|
// Addr is the listen and server address for our server (gin)
|
||||||
Addr string
|
Addr string
|
||||||
// LogFile is the log file location for http logging. Default is stderr.
|
// LogFile is the log file location for http logging. Default is stderr.
|
||||||
LogFile string
|
LogFile string
|
||||||
|
config Config
|
||||||
)
|
)
|
||||||
|
|
||||||
//TODO: Figure out a better way to do this.
|
|
||||||
const secret = "bashub-server-secret"
|
|
||||||
|
|
||||||
func getLog() *os.File {
|
func getLog() *os.File {
|
||||||
|
|
||||||
if LogFile != "" {
|
if LogFile != "" {
|
||||||
|
@ -147,7 +151,7 @@ func Run() {
|
||||||
// the jwt middleware
|
// the jwt middleware
|
||||||
authMiddleware, err := jwt.New(&jwt.GinJWTMiddleware{
|
authMiddleware, err := jwt.New(&jwt.GinJWTMiddleware{
|
||||||
Realm: "bashhub-server zone",
|
Realm: "bashhub-server zone",
|
||||||
Key: []byte(secret),
|
Key: []byte(config.getSecret()),
|
||||||
Timeout: 10000 * time.Hour,
|
Timeout: 10000 * time.Hour,
|
||||||
MaxRefresh: 10000 * time.Hour,
|
MaxRefresh: 10000 * time.Hour,
|
||||||
IdentityKey: "username",
|
IdentityKey: "username",
|
||||||
|
|
Loading…
Add table
Reference in a new issue