Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #777 from gravitl/hotfix_v0.9.4
added hotfix
  • Loading branch information
0xdcarns committed Feb 16, 2022
2 parents 44688fe + faefa0f commit e9bce26
Show file tree
Hide file tree
Showing 4 changed files with 67 additions and 2 deletions.
20 changes: 19 additions & 1 deletion logic/jwts.go
Expand Up @@ -5,11 +5,29 @@ import (
"time"

"github.com/golang-jwt/jwt/v4"
"github.com/gravitl/netmaker/logger"
"github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/servercfg"
)

var jwtSecretKey = []byte("(BytesOverTheWire)")
var jwtSecretKey []byte

// SetJWTSecret - sets the jwt secret on server startup
func SetJWTSecret() {
currentSecret, jwtErr := FetchJWTSecret()
if jwtErr != nil {
newString, err := GenerateRandomString(64)
if err != nil {
logger.FatalLog("something went wrong when generating the auth secret")
}
jwtSecretKey = []byte(newString) // 512 bit random password
if err := StoreJWTSecret(string(jwtSecretKey)); err != nil {
logger.FatalLog("something went wrong when configuring JWT authentication")
}
} else {
jwtSecretKey = []byte(currentSecret)
}
}

// CreateJWT func will used to create the JWT while signing in and signing out
func CreateJWT(macaddress string, network string) (response string, err error) {
Expand Down
29 changes: 29 additions & 0 deletions logic/serverconf.go
Expand Up @@ -43,3 +43,32 @@ func FetchPrivKey(serverID string) (string, error) {
func RemovePrivKey(serverID string) error {
return database.DeleteRecord(database.SERVERCONF_TABLE_NAME, serverID)
}

// FetchJWTSecret - fetches jwt secret from db
func FetchJWTSecret() (string, error) {
var dbData string
var err error
var fetchedData = serverData{}
dbData, err = database.FetchRecord(database.SERVERCONF_TABLE_NAME, "nm-jwt-secret")
if err != nil {
return "", err
}
err = json.Unmarshal([]byte(dbData), &fetchedData)
if err != nil {
return "", err
}
return fetchedData.PrivateKey, nil
}

// StoreJWTSecret - stores server jwt secret if needed
func StoreJWTSecret(privateKey string) error {
var newData = serverData{}
var err error
var data []byte
newData.PrivateKey = privateKey
data, err = json.Marshal(&newData)
if err != nil {
return err
}
return database.Insert("nm-jwt-secret", string(data), database.SERVERCONF_TABLE_NAME)
}
19 changes: 18 additions & 1 deletion logic/util.go
Expand Up @@ -2,8 +2,10 @@
package logic

import (
crand "crypto/rand"
"encoding/base64"
"encoding/json"
"math/big"
"math/rand"
"strconv"
"strings"
Expand Down Expand Up @@ -278,7 +280,7 @@ func GetPeersList(networkName string, excludeRelayed bool, relayedNodeAddr strin

// RandomString - returns a random string in a charset
func RandomString(length int) string {
const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789"

var seededRand *rand.Rand = rand.New(rand.NewSource(time.Now().UnixNano()))

Expand All @@ -289,6 +291,21 @@ func RandomString(length int) string {
return string(b)
}

// GenerateRandomString - generates random string of n length
func GenerateRandomString(n int) (string, error) {
const chars = "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
ret := make([]byte, n)
for i := range ret {
num, err := crand.Int(crand.Reader, big.NewInt(int64(len(chars))))
if err != nil {
return "", err
}
ret[i] = chars[num.Int64()]
}

return string(ret), nil
}

// == Private Methods ==

func getNetworkEgressAndNodes(networkName string) ([]models.Node, []models.Node, error) {
Expand Down
1 change: 1 addition & 0 deletions main.go
Expand Up @@ -41,6 +41,7 @@ func initialize() { // Client Mode Prereq Check
logger.FatalLog("Error connecting to database")
}
logger.Log(0, "database successfully connected")
logic.SetJWTSecret()

var authProvider = auth.InitializeAuthProvider()
if authProvider != "" {
Expand Down

0 comments on commit e9bce26

Please sign in to comment.