From 7fa4c70b01d135e034b89bc9703764f393c1e20a Mon Sep 17 00:00:00 2001 From: MrMelon54 Date: Thu, 15 Feb 2024 15:23:10 +0000 Subject: [PATCH] Use JWT as login cookie --- server/login.go | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/server/login.go b/server/login.go index 8636ce6..75d2552 100644 --- a/server/login.go +++ b/server/login.go @@ -13,6 +13,9 @@ import ( "github.com/1f349/lavender/database" "github.com/1f349/lavender/issuer" "github.com/1f349/lavender/pages" + "github.com/1f349/mjwt/auth" + "github.com/1f349/mjwt/claims" + "github.com/golang-jwt/jwt/v4" "github.com/google/uuid" "github.com/julienschmidt/httprouter" "golang.org/x/oauth2" @@ -135,7 +138,7 @@ func (h *HttpServer) loginCallback(rw http.ResponseWriter, req *http.Request, _ return } - if h.setLoginDataCookie(rw, auth.ID) { + if h.setLoginDataCookie(rw, auth) { http.Error(rw, "Failed to save login cookie", http.StatusInternalServerError) return } @@ -145,15 +148,18 @@ func (h *HttpServer) loginCallback(rw http.ResponseWriter, req *http.Request, _ h.SafeRedirect(rw, req) } -func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) bool { - encData, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, h.signingKey.PublicKey(), []byte(userId), []byte("lavender-login-data")) +const oneYear = 365 * 24 * time.Hour + +func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, authData UserAuth) bool { + ps := claims.NewPermStorage() + gen, err := h.signingKey.GenerateJwt(authData.ID, uuid.NewString(), jwt.ClaimStrings{h.conf.BaseUrl}, oneYear, auth.AccessTokenClaims{Perms: ps}) if err != nil { + http.Error(rw, "Failed to generate cookie token", http.StatusInternalServerError) return true } - http.SetCookie(rw, &http.Cookie{ Name: "lavender-login-data", - Value: hex.EncodeToString(encData), + Value: gen, Path: "/", Expires: time.Now().AddDate(0, 3, 0), Secure: true,