From e241972dd0b0796f2874cc788cca876a668da205 Mon Sep 17 00:00:00 2001 From: Akash Date: Mon, 22 Apr 2024 12:17:47 +0530 Subject: [PATCH 1/2] jwt changes --- auth/auth.go | 3 ++- config/config.go | 16 +++++++++++++++- deploy.sh | 2 +- routers/middleware/auth.go | 13 ++++++++++--- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 12a68c7..db904de 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -22,7 +22,8 @@ type Claims struct { // GenerateToken creates a JWT token for authenticated users. func GenerateToken(username string, id uuid.UUID) (string, error) { jwtSecret := config.GetJWTSecret() - expirationTime := time.Now().Add(10 * time.Hour) + // expiry time is 1 week + expirationTime := time.Now().Add(7 * 24 * time.Hour) claims := &Claims{ StandardClaims: jwt.StandardClaims{ ExpiresAt: expirationTime.Unix(), diff --git a/config/config.go b/config/config.go index bb66622..6b8f5b9 100644 --- a/config/config.go +++ b/config/config.go @@ -1,6 +1,7 @@ package config import ( + "fmt" "osvauld/infra/logger" "github.com/spf13/viper" @@ -34,10 +35,23 @@ func SetupConfig() error { return err } + err = ValidateJWTSecret() + if err != nil { + return err + } + return nil } func GetJWTSecret() string { - jwtSecret := viper.GetString("SECRET") + jwtSecret := viper.GetString("AUTH_SECRET") return jwtSecret } + +func ValidateJWTSecret() error { + jwtSecret := GetJWTSecret() + if len(jwtSecret) < 32 { + return fmt.Errorf("JWT secret must be at least 32 characters") + } + return nil +} diff --git a/deploy.sh b/deploy.sh index 61a1e82..fbad3f5 100755 --- a/deploy.sh +++ b/deploy.sh @@ -8,7 +8,6 @@ ssh ubuntu@3.110.128.10 << 'EOF' git pull - sudo docker stop osvauld_backend sudo docker rm osvauld_backend @@ -26,5 +25,6 @@ ssh ubuntu@3.110.128.10 << 'EOF' -e MASTER_DB_PASSWORD=$MASTER_DB_PASSWORD \ -e MASTER_DB_PORT=$MASTER_DB_PORT \ -e MASTER_SSL_MODE=require \ + -e AUTH_SECRET=$AUTH_SECRET \ osvauld_be:latest EOF \ No newline at end of file diff --git a/routers/middleware/auth.go b/routers/middleware/auth.go index fcb231d..89ddadd 100644 --- a/routers/middleware/auth.go +++ b/routers/middleware/auth.go @@ -1,6 +1,7 @@ package middleware import ( + "errors" "net/http" "strings" @@ -29,9 +30,15 @@ func JWTAuthMiddleware() gin.HandlerFunc { claims := &auth.Claims{} - token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) { - return []byte(config.GetJWTSecret()), nil // Ensure your auth package has GetJWTSecret() method that returns the secret key - }) + keyFunc := func(token *jwt.Token) (interface{}, error) { + _, ok := token.Method.(*jwt.SigningMethodHMAC) + if !ok { + return nil, errors.New("invalid token") + } + return []byte(config.GetJWTSecret()), nil + } + + token, err := jwt.ParseWithClaims(tokenString, claims, keyFunc) if err != nil { logger.Errorf(err.Error()) From 115b36d7a621486191f998854d56264ecd7d5426 Mon Sep 17 00:00:00 2001 From: Akash Date: Mon, 22 Apr 2024 12:45:37 +0530 Subject: [PATCH 2/2] changed example env file --- app.env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.env.example b/app.env.example index 691d653..d8a9f2d 100644 --- a/app.env.example +++ b/app.env.example @@ -1,4 +1,4 @@ -SECRET=h9wt*pasj6796j##w(w8=xaje8tpi6h*r&hzgrz065u&ed+k2) +AUTH_SECRET=6M6H5u8DJnWxg33bgcpGaLs6k4pAE7x9 DEBUG=True ALLOWED_HOSTS=0.0.0.0 SERVER_HOST=0.0.0.0