scottk/databunker
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/databunker.git synced 2025-10-30 17:37:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

use hashed value when saving xtoken to database

Browse Source
This commit is contained in:
stremovsky
2019-12-26 22:52:29 +02:00
parent 20f3fe8dac
commit b4cec00cf5
1 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/xtokens_db.go
View File

@@ -32,7 +32,7 @@ func (dbobj dbcon) createRootXtoken() (string, error) {
return "", err
}
bdoc := bson.M{}
bdoc["xtoken"] = rootToken
bdoc["xtoken"] = hashString(dbobj.hash, rootToken)
bdoc["type"] = "root"
_, err = dbobj.createRecord(TblName.Xtokens, bdoc)
if err != nil {
@@ -41,13 +41,13 @@ func (dbobj dbcon) createRootXtoken() (string, error) {
return rootToken, nil
}
func (dbobj dbcon) generateUserLoginXtoken(userXTOKEN string) (string, error) {
if isValidUUID(userXTOKEN) == false {
func (dbobj dbcon) generateUserLoginXtoken(userTOKEN string) (string, error) {
if isValidUUID(userTOKEN) == false {
return "", errors.New("bad token format")
}
// check if user record exists
record, err := dbobj.lookupUserRecord(userXTOKEN)
record, err := dbobj.lookupUserRecord(userTOKEN)
if record == nil || err != nil {
// not found
return "", errors.New("not found")
@@ -60,8 +60,8 @@ func (dbobj dbcon) generateUserLoginXtoken(userXTOKEN string) (string, error) {
// by default login token for 30 minutes only
expired := int32(time.Now().Unix()) + 10*60
bdoc := bson.M{}
bdoc["token"] = userXTOKEN
bdoc["xtoken"] = tokenUUID
bdoc["token"] = userTOKEN
bdoc["xtoken"] = hashString(dbobj.hash, tokenUUID)
bdoc["type"] = "login"
bdoc["endtime"] = expired
_, err = dbobj.createRecord(TblName.Xtokens, bdoc)
@@ -76,18 +76,18 @@ func (dbobj dbcon) checkXtoken(xtokenUUID string) bool {
if isValidUUID(xtokenUUID) == false {
return false
}
if len(rootXTOKEN) > 0 && rootXTOKEN == xtokenUUID {
xtokenHashed := hashString(dbobj.hash, xtokenUUID)
if len(rootXTOKEN) > 0 && rootXTOKEN == xtokenHashed {
fmt.Println("It is a root token")
return true
}
record, err := dbobj.getRecord(TblName.Xtokens, "xtoken", xtokenUUID)
record, err := dbobj.getRecord(TblName.Xtokens, "xtoken", xtokenHashed)
if record == nil || err != nil {
return false
}
tokenType := record["type"].(string)
if tokenType == "root" {
rootXTOKEN = xtokenUUID
rootXTOKEN = xtokenHashed
return true
}
return false
@@ -98,13 +98,14 @@ func (dbobj dbcon) checkUserAuthXToken(xtokenUUID string) (tokenAuthResult, erro
if isValidUUID(xtokenUUID) == false {
return result, errors.New("failed to authenticate")
}
if len(rootXTOKEN) > 0 && rootXTOKEN == xtokenUUID {
xtokenHashed := hashString(dbobj.hash, xtokenUUID)
if len(rootXTOKEN) > 0 && rootXTOKEN == xtokenHashed {
//fmt.Println("It is a root token")
result.ttype = "root"
result.name = "root"
return result, nil
}
record, err := dbobj.getRecord(TblName.Xtokens, "xtoken", xtokenUUID)
record, err := dbobj.getRecord(TblName.Xtokens, "xtoken", xtokenHashed)
if record == nil || err != nil {
return result, errors.New("failed to authenticate")
}
@@ -112,12 +113,12 @@ func (dbobj dbcon) checkUserAuthXToken(xtokenUUID string) (tokenAuthResult, erro
fmt.Printf("token type: %s\n", tokenType)
if tokenType == "root" {
// we have this admin user
rootXTOKEN = xtokenUUID
rootXTOKEN = xtokenHashed
result.ttype = "root"
result.name = "root"
return result, nil
}
result.name = xtokenUUID
result.name = xtokenHashed
// tokenType = temp
now := int32(time.Now().Unix())
if now > record["endtime"].(int32) {