-
Notifications
You must be signed in to change notification settings - Fork 44
/
token.go
152 lines (124 loc) · 3.49 KB
/
token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
// Copyright 2015 mokey Authors. All rights reserved.
// Use of this source code is governed by a BSD style
// license that can be found in the LICENSE file.
package model
import (
"crypto/hmac"
"crypto/rand"
"crypto/sha256"
"database/sql"
"encoding/base64"
"fmt"
"strings"
"time"
"github.com/spf13/viper"
)
type Token struct {
UserName string `db:"user_name"`
Email string `db:"email"`
Token string `db:"token"`
Attempts int `db:"attempts"`
CreatedAt *time.Time `db:"created_at"`
}
func (db *DB) RandToken() (string, error) {
b := make([]byte, 16)
_, err := rand.Read(b)
if err != nil {
return "", nil
}
return base64.RawURLEncoding.EncodeToString(b), nil
}
func (db *DB) computeMAC(salt, message, key []byte) string {
h := hmac.New(sha256.New, key)
h.Write(message)
h.Write(salt)
return base64.RawURLEncoding.EncodeToString(h.Sum(nil))
}
func (db *DB) checkMAC(salt, message, messageMAC, key []byte) bool {
mac := hmac.New(sha256.New, key)
mac.Write(message)
mac.Write(salt)
expectedMAC := mac.Sum(nil)
return hmac.Equal(messageMAC, expectedMAC)
}
func (db *DB) SignToken(salt, token string) string {
mac := db.computeMAC([]byte(salt), []byte(token), []byte(viper.GetString("auth_key")))
return fmt.Sprintf("%s.%s", token, mac)
}
func (db *DB) VerifyToken(salt, signedToken string) (string, bool) {
parts := strings.SplitN(signedToken, ".", 2)
if len(parts) != 2 {
return "", false
}
token, b64mac := parts[0], parts[1]
if len(token) != 22 || len(b64mac) == 0 {
return "", false
}
mac, err := base64.RawURLEncoding.DecodeString(b64mac)
if err != nil {
return "", false
}
if db.checkMAC([]byte(salt), []byte(token), mac, []byte(viper.GetString("auth_key"))) {
return token, true
}
return "", false
}
func (db *DB) FetchTokenByUser(uid string, maxAge int) (*Token, error) {
t := Token{}
err := db.Get(&t, "select user_name,token,attempts,email,created_at from token where user_name = ? and timestampdiff(SECOND, created_at, now()) <= ?", uid, maxAge)
if err == sql.ErrNoRows {
return nil, ErrNotFound
} else if err != nil {
return nil, err
}
return &t, nil
}
func (db *DB) FetchToken(token string, maxAge int) (*Token, error) {
t := Token{}
err := db.Get(&t, "select user_name,token,attempts,email from token where token = ? and timestampdiff(SECOND, created_at, now()) <= ?", token, maxAge)
if err == sql.ErrNoRows {
return nil, ErrNotFound
} else if err != nil {
return nil, err
}
return &t, nil
}
func (db *DB) CreateToken(uid, email string) (*Token, error) {
tok, err := db.RandToken()
if err != nil {
return nil, err
}
t := Token{UserName: uid, Email: email, Token: tok}
_, err = db.NamedExec("replace into token (user_name,email,token,attempts,created_at) values (:user_name, :email, :token, 0, now())", t)
if err != nil {
return nil, err
}
return &t, nil
}
func (db *DB) IncrementToken(token string) error {
_, err := db.Exec("update token set attempts = attempts + 1 where token = ?", token)
if err == sql.ErrNoRows {
return ErrNotFound
} else if err != nil {
return err
}
return nil
}
func (db *DB) DestroyToken(token string) error {
_, err := db.Exec("delete from token where token = ?", token)
if err == sql.ErrNoRows {
return ErrNotFound
} else if err != nil {
return err
}
return nil
}
func (db *DB) DestroyTokenByUser(uid string) error {
_, err := db.Exec("delete from token where user_name = ?", uid)
if err == sql.ErrNoRows {
return ErrNotFound
} else if err != nil {
return err
}
return nil
}