add token generation, validation

2020-09-17 17:36:39 -04:00 · 2020-09-17 17:36:39 -04:00 · 7ba061682c
commit 7ba061682c
parent 6fadf63c4f
6 changed files with 105 additions and 3 deletions
--- a/go.mod
+++ b/go.mod
@ -3,6 +3,7 @@ module guildgate
 go 1.14
 require (
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-ldap/ldap v3.0.3+incompatible
 	github.com/gorilla/securecookie v1.1.1
 	github.com/spf13/viper v1.7.1
--- a/go.sum
+++ b/go.sum
@ -36,6 +36,7 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
--- a/main.go
+++ b/main.go
@ -43,9 +43,13 @@ func signupPage(res http.ResponseWriter, req *http.Request) {
 	secret := req.FormValue("secret")
 	if Conf.Secret != "" && Conf.Secret != secret {
-		log.Printf("Bad secret entered\n")
+		//Checking it as a token
-		res.Write([]byte("Get a load of this guy, not knowing the secret code"))
+		err := validateToken(secret)
-		return
+		if err != nil {
 			log.Printf("Bad secret entered: %v\n", err)
 			res.Write([]byte("Get a load of this guy, not knowing the secret code"))
 			return
 		}
 	}
 	//insert into LDAP
 	log.Printf("Attempting to create account for %v", username)
@ -101,6 +105,32 @@ func logoutPage(res http.ResponseWriter, req *http.Request) {
 	http.Redirect(res, req, "/", 302)
 }
 func tokenPage(res http.ResponseWriter, req *http.Request) {
 	u := getUserName(req)
 	if u == "" {
 		http.Redirect(res, req, "/", 302)
 	}
 	token, err := generateToken(u)
 	if err != nil {
 		log.Printf("Error generating token: %v", err)
 		tpl.ExecuteTemplate(res, "error", nil)
 	}
 	data := struct {
 		Title      string
 		Username   string
 		ShowLogin  bool
 		ShowLogout bool
 		Token      string
 	}{
 		"Token Generation",
 		u,
 		false,
 		true,
 		token,
 	}
 	tpl.ExecuteTemplate(res, "token", data)
 }
 func homePage(res http.ResponseWriter, req *http.Request) {
 	u := getUserName(req)
 	uname := "Unregistered"
@ -128,6 +158,7 @@ func main() {
 	http.HandleFunc("/register", signupPage)
 	http.HandleFunc("/login", loginPage)
 	http.HandleFunc("/logout", logoutPage)
 	http.HandleFunc("/token", tokenPage)
 	http.HandleFunc("/", homePage)
 	log.Printf("Registering templates from %v/\n", Conf.TplPath)
 	tpl = template.Must(template.ParseGlob(Conf.TplPath + "/*.html"))
--- a/templates/error.html
+++ b/templates/error.html
@ -0,0 +1,5 @@
 {{ define "error" }}
 {{ template "header" .}}
 An error occured. Please let the admin know.
 {{template "footer" .}}
 {{ end }}
--- a/templates/token.html
+++ b/templates/token.html
@ -0,0 +1,11 @@
 {{ define "token" }}
 {{ template "header" .}}
 <p>The following token has been generated and can be used to register an account on this website.</p>
 <p>It is valid for 24 hours.</p>
 <p>To Use: Paste the following string into the "Secret" box during registration</p>
 <textarea id="token_area" name="generated_token" rows="4" cols="50">
 {{ .Token }}
 </textarea>
 {{template "footer" .}}
 {{ end }}
--- a/token.go
+++ b/token.go
@ -0,0 +1,53 @@
 package main
 import (
 	"errors"
 	"log"
 	"time"
 	"github.com/dgrijalva/jwt-go"
 )
 type tokenClaim struct {
 	Sponsor string `json:"sponsor_username"`
 	jwt.StandardClaims
 }
 func generateToken(sponsor string) (string, error) {
 	claim := tokenClaim{
 		Sponsor: sponsor,
 		StandardClaims: jwt.StandardClaims{
 			ExpiresAt: time.Now().UTC().Unix() + 86400,
 			Issuer:    "GuildGate",
 		},
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
 	signedToken, err := token.SignedString([]byte(Conf.Secret))
 	if err != nil {
 		return "", err
 	} else {
 		return signedToken, nil
 	}
 }
 func validateToken(tok string) error {
 	token, err := jwt.ParseWithClaims(
 		tok,
 		&tokenClaim{},
 		func(token *jwt.Token) (interface{}, error) {
 			return []byte(Conf.Secret), nil
 		},
 	)
 	if err != nil {
 		return err
 	}
 	claims, ok := token.Claims.(*tokenClaim)
 	if !ok {
 		return errors.New("Invalid token sponsor passed")
 	}
 	if claims.ExpiresAt < time.Now().UTC().Unix() {
 		return errors.New("Token has expired")
 	}
 	log.Printf("Valid token received; sponsored by %v\n", claims.Sponsor)
 	return nil
 }