x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

fix: refactor random
All checks were successful
Build Docker Image / Explore-Gitea-Actions (push) Successful in 45s
Details
Build and Push Docker Image / Explore-Gitea-Actions (push) Successful in 1m11s
Details

Browse Source
This commit was merged in pull request #179.
This commit is contained in:
Tim Wundenberg
2024-09-13 17:06:29 +02:00
parent 63ddf77d6a
commit 1476aa9842
2 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
service/auth.go
View File

@@ -5,7 +5,6 @@ import (
"crypto/rand"
"crypto/subtle"
"database/sql"
"encoding/base64"
"errors"
"log/slog"
"net/http"
@@ -547,13 +546,11 @@ func HandleResetPasswordComp(db *sql.DB) http.HandlerFunc {
return
}
var b []byte = make([]byte, 32)
_, err := rand.Reader.Read(b)
token, err := utils.RandomToken()
if err != nil {
utils.LogError("Could not generate token", err)
return
}
token := base64.StdEncoding.EncodeToString(b)
res, err := db.Exec(`
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
@@ -598,13 +595,11 @@ func sendVerificationEmail(db *sql.DB, userId string, email string) {
}
if token == "" {
var b []byte = make([]byte, 32)
_, err = rand.Reader.Read(b)
token, err := utils.RandomToken()
if err != nil {
utils.LogError("Could not generate token", err)
return
}
token = base64.StdEncoding.EncodeToString(b)
_, err = db.Exec("INSERT INTO user_token (user_uuid, type, token, created_at) VALUES (?, 'email_verify', ?, datetime())", userId, token)
if err != nil {
@@ -623,14 +618,12 @@ func sendVerificationEmail(db *sql.DB, userId string, email string) {
}
func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) bool {
var session_id_bytes []byte = make([]byte, 32)
_, err := rand.Reader.Read(session_id_bytes)
sessionId, err := utils.RandomToken()
if err != nil {
utils.LogError("Could not generate session ID", err)
auth.Error("Internal Server Error").Render(r.Context(), w)
return false
}
session_id := base64.StdEncoding.EncodeToString(session_id_bytes)
// Delete old inactive sessions
_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
@@ -638,7 +631,7 @@ func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
utils.LogError("Could not delete old sessions", err)
}
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", session_id, user_uuid)
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid)
if err != nil {
utils.LogError("Could not insert session", err)
auth.Error("Internal Server Error").Render(r.Context(), w)
@@ -647,7 +640,7 @@ func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
cookie := http.Cookie{
Name: "id",
Value: session_id,
Value: sessionId,
MaxAge: 60 * 60 * 8, // 8 hours
Secure: true,
HttpOnly: true,