fix: refactor random #179
@@ -5,7 +5,6 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/subtle"
|
"crypto/subtle"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
"encoding/base64"
|
|
||||||
"errors"
|
"errors"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
"net/http"
|
"net/http"
|
||||||
@@ -547,13 +546,11 @@ func HandleResetPasswordComp(db *sql.DB) http.HandlerFunc {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var b []byte = make([]byte, 32)
|
token, err := utils.RandomToken()
|
||||||
_, err := rand.Reader.Read(b)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.LogError("Could not generate token", err)
|
utils.LogError("Could not generate token", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
token := base64.StdEncoding.EncodeToString(b)
|
|
||||||
|
|
||||||
res, err := db.Exec(`
|
res, err := db.Exec(`
|
||||||
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
|
INSERT INTO user_token (user_uuid, type, token, created_at, expires_at)
|
||||||
@@ -598,13 +595,11 @@ func sendVerificationEmail(db *sql.DB, userId string, email string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if token == "" {
|
if token == "" {
|
||||||
var b []byte = make([]byte, 32)
|
token, err := utils.RandomToken()
|
||||||
_, err = rand.Reader.Read(b)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.LogError("Could not generate token", err)
|
utils.LogError("Could not generate token", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
token = base64.StdEncoding.EncodeToString(b)
|
|
||||||
|
|
||||||
_, err = db.Exec("INSERT INTO user_token (user_uuid, type, token, created_at) VALUES (?, 'email_verify', ?, datetime())", userId, token)
|
_, err = db.Exec("INSERT INTO user_token (user_uuid, type, token, created_at) VALUES (?, 'email_verify', ?, datetime())", userId, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -623,14 +618,12 @@ func sendVerificationEmail(db *sql.DB, userId string, email string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) bool {
|
func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) bool {
|
||||||
var session_id_bytes []byte = make([]byte, 32)
|
sessionId, err := utils.RandomToken()
|
||||||
_, err := rand.Reader.Read(session_id_bytes)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.LogError("Could not generate session ID", err)
|
utils.LogError("Could not generate session ID", err)
|
||||||
auth.Error("Internal Server Error").Render(r.Context(), w)
|
auth.Error("Internal Server Error").Render(r.Context(), w)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
session_id := base64.StdEncoding.EncodeToString(session_id_bytes)
|
|
||||||
|
|
||||||
// Delete old inactive sessions
|
// Delete old inactive sessions
|
||||||
_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
|
_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
|
||||||
@@ -638,7 +631,7 @@ func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
|
|||||||
utils.LogError("Could not delete old sessions", err)
|
utils.LogError("Could not delete old sessions", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", session_id, user_uuid)
|
_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.LogError("Could not insert session", err)
|
utils.LogError("Could not insert session", err)
|
||||||
auth.Error("Internal Server Error").Render(r.Context(), w)
|
auth.Error("Internal Server Error").Render(r.Context(), w)
|
||||||
@@ -647,7 +640,7 @@ func tryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
|
|||||||
|
|
||||||
cookie := http.Cookie{
|
cookie := http.Cookie{
|
||||||
Name: "id",
|
Name: "id",
|
||||||
Value: session_id,
|
Value: sessionId,
|
||||||
MaxAge: 60 * 60 * 8, // 8 hours
|
MaxAge: 60 * 60 * 8, // 8 hours
|
||||||
Secure: true,
|
Secure: true,
|
||||||
HttpOnly: true,
|
HttpOnly: true,
|
||||||
|
|||||||
16
utils/ctypto.go
Normal file
16
utils/ctypto.go
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
package utils
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
|
)
|
||||||
|
|
||||||
|
func RandomToken() (string, error) {
|
||||||
|
b := make([]byte, 32)
|
||||||
|
_, err := rand.Read(b)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return base64.StdEncoding.EncodeToString(b), nil
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user