fix: refactor random #179
@@ -5,7 +5,6 @@ import (
|
||||
"crypto/rand"
|
||||
"crypto/subtle"
|
||||
"database/sql"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
@@ -547,13 +546,11 @@ func HandleResetPasswordComp(db *sql.DB) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
var b []byte = make([]byte, 32)
|
||||
_, err := rand.Reader.Read(b)
|
||||
token, err := utils.RandomToken()
|
||||
if err != nil {
|
||||
utils.LogError("Could not generate token", err)
|
||||
return
|
||||
}
|
||||
token := base64.StdEncoding.EncodeToString(b)
|
||||
|
||||
res, err := db.Exec(`
|
||||
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
|
||||
@@ -598,13 +595,11 @@ func sendVerificationEmail(db *sql.DB, userId string, email string) {
|
||||
}
|
||||
|
||||
if token == "" {
|
||||
var b []byte = make([]byte, 32)
|
||||
_, err = rand.Reader.Read(b)
|
||||
token, err := utils.RandomToken()
|
||||
if err != nil {
|
||||
utils.LogError("Could not generate token", err)
|
||||
return
|
||||
}
|
||||
token = base64.StdEncoding.EncodeToString(b)
|
||||
|
||||
_, err = db.Exec("INSERT INTO user_token (user_uuid, type, token, created_at) VALUES (?, 'email_verify', ?, datetime())", userId, token)
|
||||
if err != nil {
|
||||
@@ -623,14 +618,12 @@ func sendVerificationEmail(db *sql.DB, userId string, email string) {
|
||||
}
|
||||
|
||||
func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) bool {
|
||||
var session_id_bytes []byte = make([]byte, 32)
|
||||
_, err := rand.Reader.Read(session_id_bytes)
|
||||
sessionId, err := utils.RandomToken()
|
||||
if err != nil {
|
||||
utils.LogError("Could not generate session ID", err)
|
||||
auth.Error("Internal Server Error").Render(r.Context(), w)
|
||||
return false
|
||||
}
|
||||
session_id := base64.StdEncoding.EncodeToString(session_id_bytes)
|
||||
|
||||
// Delete old inactive sessions
|
||||
_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
|
||||
@@ -638,7 +631,7 @@ func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
|
||||
utils.LogError("Could not delete old sessions", err)
|
||||
}
|
||||
|
||||
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", session_id, user_uuid)
|
||||
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid)
|
||||
if err != nil {
|
||||
utils.LogError("Could not insert session", err)
|
||||
auth.Error("Internal Server Error").Render(r.Context(), w)
|
||||
@@ -647,7 +640,7 @@ func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
|
||||
|
||||
cookie := http.Cookie{
|
||||
Name: "id",
|
||||
Value: session_id,
|
||||
Value: sessionId,
|
||||
MaxAge: 60 * 60 * 8, // 8 hours
|
||||
Secure: true,
|
||||
HttpOnly: true,
|
||||
|
||||
16
utils/ctypto.go
Normal file
16
utils/ctypto.go
Normal file
@@ -0,0 +1,16 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
)
|
||||
|
||||
func RandomToken() (string, error) {
|
||||
b := make([]byte, 32)
|
||||
_, err := rand.Read(b)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return base64.StdEncoding.EncodeToString(b), nil
|
||||
}
|
||||
Reference in New Issue
Block a user