diff options
| author | nsfisis <nsfisis@gmail.com> | 2024-08-10 00:56:26 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2024-08-10 00:56:26 +0900 |
| commit | a8f2594e8dcb741fb942092cbc53d64cf93132ef (patch) | |
| tree | c694b162e9c33d9f805b3c473a9d042f27ac63b7 /backend | |
| parent | 01fafac46390e540f4d8766d53177a69da7e64ae (diff) | |
| parent | c04691e046910f0e419370472abcf0a3c615d6b7 (diff) | |
| download | phperkaigi-2025-albatross-a8f2594e8dcb741fb942092cbc53d64cf93132ef.tar.gz phperkaigi-2025-albatross-a8f2594e8dcb741fb942092cbc53d64cf93132ef.tar.zst phperkaigi-2025-albatross-a8f2594e8dcb741fb942092cbc53d64cf93132ef.zip | |
Merge branch 'feat/security'
Diffstat (limited to 'backend')
| -rw-r--r-- | backend/auth/jwt.go | 20 | ||||
| -rw-r--r-- | backend/main.go | 4 |
2 files changed, 18 insertions, 6 deletions
diff --git a/backend/auth/jwt.go b/backend/auth/jwt.go index 510656b..13af837 100644 --- a/backend/auth/jwt.go +++ b/backend/auth/jwt.go @@ -2,6 +2,7 @@ package auth import ( "errors" + "os" "time" "github.com/golang-jwt/jwt/v5" @@ -9,6 +10,17 @@ import ( "github.com/nsfisis/iosdc-japan-2024-albatross/backend/db" ) +var ( + jwtSecret []byte +) + +func init() { + jwtSecret = []byte(os.Getenv("ALBATROSS_JWT_SECRET")) + if len(jwtSecret) == 0 { + panic("ALBATROSS_JWT_SECRET is not set") + } +} + type JWTClaims struct { UserID int `json:"user_id"` Username string `json:"username"` @@ -30,7 +42,7 @@ func NewJWT(user *db.User) (string, error) { }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func NewAnonymousJWT() (string, error) { @@ -38,7 +50,7 @@ func NewAnonymousJWT() (string, error) { ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 5)), } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func NewShortLivedJWT(claims *JWTClaims) (string, error) { @@ -53,13 +65,13 @@ func NewShortLivedJWT(claims *JWTClaims) (string, error) { }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, newClaims) - return token.SignedString([]byte("TODO")) + return token.SignedString(jwtSecret) } func ParseJWT(token string) (*JWTClaims, error) { claims := new(JWTClaims) t, err := jwt.ParseWithClaims(token, claims, func(*jwt.Token) (interface{}, error) { - return []byte("TODO"), nil + return jwtSecret, nil }) if err != nil { return nil, err diff --git a/backend/main.go b/backend/main.go index c01394b..3296957 100644 --- a/backend/main.go +++ b/backend/main.go @@ -89,10 +89,10 @@ func main() { // For local dev: This is never used in production because the reverse // proxy sends /login and /logout to the app server. - e.GET("/login", func(c echo.Context) error { + e.GET("/iosdc-japan/2024/code-battle/login", func(c echo.Context) error { return c.Redirect(http.StatusPermanentRedirect, "http://localhost:5173/iosdc-japan/2024/code-battle/login") }) - e.POST("/logout", func(c echo.Context) error { + e.POST("/iosdc-japan/2024/code-battle/logout", func(c echo.Context) error { return c.Redirect(http.StatusPermanentRedirect, "http://localhost:5173/iosdc-japan/2024/code-battle/logout") }) |