Updates on auth and db

Former-commit-id: cdcfc50a4a7274482826520644019d54c37a7753 [formerly 376d2422063755c75d5b5c8e21bf8617ca3a9baf] [formerly ea860508c1603296e0439a583ca0573609be3511 [formerly 6312c60b2e]] Former-commit-id: d64b8b836568b150853288a69f870662e92db1e0 [formerly b85b1a09bbf87c1b5f2af07659121ef51a74f05e] Former-commit-id: ee164251a6143567da3f970e347ede0d6de1d350
2025-11-26 14:25:26 +08:00 · 2017-07-03 08:59:49 +01:00
parent 15f997faf0
commit f247a5560f
10 changed files with 303 additions and 272 deletions
--- a/auth.go
+++ b/auth.go
@@ -1,36 +1,56 @@
 package filemanager

 import (
+	"encoding/json"
+	"math/rand"
 	"net/http"
 	"time"

+	"golang.org/x/crypto/bcrypt"
+
 	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/dgrijalva/jwt-go/request"
 )

-/* Set up a global string for our secret */
-var key = []byte("secret")
-
 type claims struct {
 	*User
 	jwt.StandardClaims
 }

-func getTokenHandler(c *requestContext, w http.ResponseWriter, r *http.Request) (int, error) {
-	// TODO: get user and password info from the request
-	// check if the password is correct for that user using a DB or JSOn
-	// or something.
+// authHandler proccesses the authentication for the user.
+func authHandler(c *requestContext, w http.ResponseWriter, r *http.Request) (int, error) {
+	// Receive the credentials from the request and unmarshal them.
+	var cred User
+	if r.Body == nil {
+		return http.StatusForbidden, nil
+	}
+
+	err := json.NewDecoder(r.Body).Decode(&cred)
+	if err != nil {
+		return http.StatusForbidden, nil
+	}
+
+	// Checks if the user exists.
+	u, ok := c.fm.Users[cred.Username]
+	if !ok {
+		return http.StatusForbidden, nil
+	}
+
+	// Checks if the password is correct.
+	if !checkPasswordHash(cred.Password, u.Password) {
+		return http.StatusForbidden, nil
+	}

 	claims := claims{
-		c.fm.User,
+		c.fm.Users["admin"],
 		jwt.StandardClaims{
-			ExpiresAt: time.Now().Add(time.Minute * 5).Unix(),
-			Issuer:    "test",
+			ExpiresAt: time.Now().Add(time.Hour * 24).Unix(),
+			Issuer:    "File Manager",
 		},
 	}

 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	string, err := token.SignedString(key)
+	string, err := token.SignedString(c.fm.key)

 	if err != nil {
 		return http.StatusInternalServerError, err
@@ -40,15 +60,80 @@ func getTokenHandler(c *requestContext, w http.ResponseWriter, r *http.Request)
 	return 0, nil
 }

-func validAuth(c *requestContext, r *http.Request) (bool, *User) {
-	token, err := request.ParseFromRequestWithClaims(r, request.AuthorizationHeaderExtractor, &claims{},
-		func(token *jwt.Token) (interface{}, error) {
-			return key, nil
-		})
-
-	if err == nil && token.Valid {
-		return true, c.fm.User
+// renewAuthHandler is used when the front-end already has a JWT token
+// and is checking if it is up to date. If so, updates its info.
+func renewAuthHandler(c *requestContext, w http.ResponseWriter, r *http.Request) (int, error) {
+	ok, u := validateAuth(c, r)
+	if !ok {
+		return http.StatusForbidden, nil
 	}

-	return false, nil
+	claims := claims{
+		u,
+		jwt.StandardClaims{
+			ExpiresAt: time.Now().Add(time.Hour * 24).Unix(),
+			Issuer:    "File Manager",
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	string, err := token.SignedString(c.fm.key)
+	if err != nil {
+		return http.StatusInternalServerError, err
+	}
+
+	w.Write([]byte(string))
+	return 0, nil
+}
+
+// validateAuth is used to validate the authentication and returns the
+// User if it is valid.
+func validateAuth(c *requestContext, r *http.Request) (bool, *User) {
+	keyFunc := func(token *jwt.Token) (interface{}, error) {
+		return c.fm.key, nil
+	}
+
+	var claims claims
+	token, err := request.ParseFromRequestWithClaims(r,
+		request.AuthorizationHeaderExtractor,
+		&claims,
+		keyFunc,
+	)
+
+	if err != nil || !token.Valid {
+		return false, nil
+	}
+
+	u, ok := c.fm.Users[claims.User.Username]
+	if !ok {
+		return false, nil
+	}
+
+	c.us = u
+	return true, u
+}
+
+// hashPassword generates an hash from a password using bcrypt.
+func hashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	return string(bytes), err
+}
+
+// checkPasswordHash compares a password with an hash to check if they match.
+func checkPasswordHash(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}
+
+const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+
+// randomString creates a string with a defined length using the above charset.
+func randomString(length int) string {
+	seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
+
+	b := make([]byte, length)
+	for i := range b {
+		b[i] = charset[seededRand.Intn(len(charset))]
+	}
+	return string(b)
 }