Use JWT as login cookie

This commit is contained in:
Melon 2024-02-15 15:23:10 +00:00
parent ca80b26f92
commit 7fa4c70b01
Signed by: melon
GPG Key ID: 6C9D970C50D26A25

View File

@ -13,6 +13,9 @@ import (
"github.com/1f349/lavender/database" "github.com/1f349/lavender/database"
"github.com/1f349/lavender/issuer" "github.com/1f349/lavender/issuer"
"github.com/1f349/lavender/pages" "github.com/1f349/lavender/pages"
"github.com/1f349/mjwt/auth"
"github.com/1f349/mjwt/claims"
"github.com/golang-jwt/jwt/v4"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/julienschmidt/httprouter" "github.com/julienschmidt/httprouter"
"golang.org/x/oauth2" "golang.org/x/oauth2"
@ -135,7 +138,7 @@ func (h *HttpServer) loginCallback(rw http.ResponseWriter, req *http.Request, _
return return
} }
if h.setLoginDataCookie(rw, auth.ID) { if h.setLoginDataCookie(rw, auth) {
http.Error(rw, "Failed to save login cookie", http.StatusInternalServerError) http.Error(rw, "Failed to save login cookie", http.StatusInternalServerError)
return return
} }
@ -145,15 +148,18 @@ func (h *HttpServer) loginCallback(rw http.ResponseWriter, req *http.Request, _
h.SafeRedirect(rw, req) h.SafeRedirect(rw, req)
} }
func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) bool { const oneYear = 365 * 24 * time.Hour
encData, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, h.signingKey.PublicKey(), []byte(userId), []byte("lavender-login-data"))
func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, authData UserAuth) bool {
ps := claims.NewPermStorage()
gen, err := h.signingKey.GenerateJwt(authData.ID, uuid.NewString(), jwt.ClaimStrings{h.conf.BaseUrl}, oneYear, auth.AccessTokenClaims{Perms: ps})
if err != nil { if err != nil {
http.Error(rw, "Failed to generate cookie token", http.StatusInternalServerError)
return true return true
} }
http.SetCookie(rw, &http.Cookie{ http.SetCookie(rw, &http.Cookie{
Name: "lavender-login-data", Name: "lavender-login-data",
Value: hex.EncodeToString(encData), Value: gen,
Path: "/", Path: "/",
Expires: time.Now().AddDate(0, 3, 0), Expires: time.Now().AddDate(0, 3, 0),
Secure: true, Secure: true,