add token generation, validation
This commit is contained in:
parent
6fadf63c4f
commit
7ba061682c
1
go.mod
1
go.mod
@ -3,6 +3,7 @@ module guildgate
|
|||||||
go 1.14
|
go 1.14
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
github.com/dgrijalva/jwt-go v3.2.0+incompatible
|
||||||
github.com/go-ldap/ldap v3.0.3+incompatible
|
github.com/go-ldap/ldap v3.0.3+incompatible
|
||||||
github.com/gorilla/securecookie v1.1.1
|
github.com/gorilla/securecookie v1.1.1
|
||||||
github.com/spf13/viper v1.7.1
|
github.com/spf13/viper v1.7.1
|
||||||
|
1
go.sum
1
go.sum
@ -36,6 +36,7 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
|
|||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
|
||||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||||
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
|
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
|
||||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||||
|
37
main.go
37
main.go
@ -43,9 +43,13 @@ func signupPage(res http.ResponseWriter, req *http.Request) {
|
|||||||
secret := req.FormValue("secret")
|
secret := req.FormValue("secret")
|
||||||
|
|
||||||
if Conf.Secret != "" && Conf.Secret != secret {
|
if Conf.Secret != "" && Conf.Secret != secret {
|
||||||
log.Printf("Bad secret entered\n")
|
//Checking it as a token
|
||||||
res.Write([]byte("Get a load of this guy, not knowing the secret code"))
|
err := validateToken(secret)
|
||||||
return
|
if err != nil {
|
||||||
|
log.Printf("Bad secret entered: %v\n", err)
|
||||||
|
res.Write([]byte("Get a load of this guy, not knowing the secret code"))
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
//insert into LDAP
|
//insert into LDAP
|
||||||
log.Printf("Attempting to create account for %v", username)
|
log.Printf("Attempting to create account for %v", username)
|
||||||
@ -101,6 +105,32 @@ func logoutPage(res http.ResponseWriter, req *http.Request) {
|
|||||||
http.Redirect(res, req, "/", 302)
|
http.Redirect(res, req, "/", 302)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func tokenPage(res http.ResponseWriter, req *http.Request) {
|
||||||
|
u := getUserName(req)
|
||||||
|
if u == "" {
|
||||||
|
http.Redirect(res, req, "/", 302)
|
||||||
|
}
|
||||||
|
token, err := generateToken(u)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Error generating token: %v", err)
|
||||||
|
tpl.ExecuteTemplate(res, "error", nil)
|
||||||
|
}
|
||||||
|
data := struct {
|
||||||
|
Title string
|
||||||
|
Username string
|
||||||
|
ShowLogin bool
|
||||||
|
ShowLogout bool
|
||||||
|
Token string
|
||||||
|
}{
|
||||||
|
"Token Generation",
|
||||||
|
u,
|
||||||
|
false,
|
||||||
|
true,
|
||||||
|
token,
|
||||||
|
}
|
||||||
|
tpl.ExecuteTemplate(res, "token", data)
|
||||||
|
}
|
||||||
|
|
||||||
func homePage(res http.ResponseWriter, req *http.Request) {
|
func homePage(res http.ResponseWriter, req *http.Request) {
|
||||||
u := getUserName(req)
|
u := getUserName(req)
|
||||||
uname := "Unregistered"
|
uname := "Unregistered"
|
||||||
@ -128,6 +158,7 @@ func main() {
|
|||||||
http.HandleFunc("/register", signupPage)
|
http.HandleFunc("/register", signupPage)
|
||||||
http.HandleFunc("/login", loginPage)
|
http.HandleFunc("/login", loginPage)
|
||||||
http.HandleFunc("/logout", logoutPage)
|
http.HandleFunc("/logout", logoutPage)
|
||||||
|
http.HandleFunc("/token", tokenPage)
|
||||||
http.HandleFunc("/", homePage)
|
http.HandleFunc("/", homePage)
|
||||||
log.Printf("Registering templates from %v/\n", Conf.TplPath)
|
log.Printf("Registering templates from %v/\n", Conf.TplPath)
|
||||||
tpl = template.Must(template.ParseGlob(Conf.TplPath + "/*.html"))
|
tpl = template.Must(template.ParseGlob(Conf.TplPath + "/*.html"))
|
||||||
|
5
templates/error.html
Normal file
5
templates/error.html
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
{{ define "error" }}
|
||||||
|
{{ template "header" .}}
|
||||||
|
An error occured. Please let the admin know.
|
||||||
|
{{template "footer" .}}
|
||||||
|
{{ end }}
|
11
templates/token.html
Normal file
11
templates/token.html
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{{ define "token" }}
|
||||||
|
{{ template "header" .}}
|
||||||
|
<p>The following token has been generated and can be used to register an account on this website.</p>
|
||||||
|
<p>It is valid for 24 hours.</p>
|
||||||
|
|
||||||
|
<p>To Use: Paste the following string into the "Secret" box during registration</p>
|
||||||
|
<textarea id="token_area" name="generated_token" rows="4" cols="50">
|
||||||
|
{{ .Token }}
|
||||||
|
</textarea>
|
||||||
|
{{template "footer" .}}
|
||||||
|
{{ end }}
|
53
token.go
Normal file
53
token.go
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"log"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/dgrijalva/jwt-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
type tokenClaim struct {
|
||||||
|
Sponsor string `json:"sponsor_username"`
|
||||||
|
jwt.StandardClaims
|
||||||
|
}
|
||||||
|
|
||||||
|
func generateToken(sponsor string) (string, error) {
|
||||||
|
claim := tokenClaim{
|
||||||
|
Sponsor: sponsor,
|
||||||
|
StandardClaims: jwt.StandardClaims{
|
||||||
|
ExpiresAt: time.Now().UTC().Unix() + 86400,
|
||||||
|
Issuer: "GuildGate",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
|
||||||
|
signedToken, err := token.SignedString([]byte(Conf.Secret))
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
} else {
|
||||||
|
return signedToken, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func validateToken(tok string) error {
|
||||||
|
token, err := jwt.ParseWithClaims(
|
||||||
|
tok,
|
||||||
|
&tokenClaim{},
|
||||||
|
func(token *jwt.Token) (interface{}, error) {
|
||||||
|
return []byte(Conf.Secret), nil
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
claims, ok := token.Claims.(*tokenClaim)
|
||||||
|
if !ok {
|
||||||
|
return errors.New("Invalid token sponsor passed")
|
||||||
|
}
|
||||||
|
if claims.ExpiresAt < time.Now().UTC().Unix() {
|
||||||
|
return errors.New("Token has expired")
|
||||||
|
}
|
||||||
|
log.Printf("Valid token received; sponsored by %v\n", claims.Sponsor)
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user