Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-06-01 04:34:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

Switch to asymetric keys for jwt signing

Browse Source
This commit is contained in:
Zoe Roux 2024-09-03 14:23:52 +02:00
parent e197062f64
commit caa4cf4c8d
No known key found for this signature in database
2 changed files with 31 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
auth/config.go
View File

@ -3,7 +3,9 @@ package main
import ( import (
"context" "context"
"crypto/rand" "crypto/rand"
"encoding/base64" "crypto/rsa"
"crypto/x509"
"encoding/pem"
"time" "time"
"github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5"
@ -11,14 +13,15 @@ import (
) )
type Configuration struct { type Configuration struct {
JwtSecret []byte JwtPrivateKey *rsa.PrivateKey
Issuer string JwtPublicKey *rsa.PublicKey
DefaultClaims jwt.MapClaims Issuer string
DefaultClaims jwt.MapClaims
ExpirationDelay time.Duration ExpirationDelay time.Duration
} }
const ( const (
JwtSecret = "jwt_secret" JwtPrivateKey = "jwt_private_key"
) )
func LoadConfiguration(db *dbc.Queries) (*Configuration, error) { func LoadConfiguration(db *dbc.Queries) (*Configuration, error) {
@ -32,22 +35,34 @@ func LoadConfiguration(db *dbc.Queries) (*Configuration, error) {
for _, conf := range confs { for _, conf := range confs {
switch conf.Key { switch conf.Key {
case JwtSecret: case JwtPrivateKey:
secret, err := base64.StdEncoding.DecodeString(conf.Value) block, _ := pem.Decode([]byte(conf.Value))
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil { if err != nil {
return nil, err return nil, err
} }
ret.JwtSecret = secret ret.JwtPrivateKey = key
ret.JwtPublicKey = &key.PublicKey
} }
} }
if ret.JwtSecret == nil { if ret.JwtPrivateKey == nil {
ret.JwtSecret = make([]byte, 128) ret.JwtPrivateKey, err = rsa.GenerateKey(rand.Reader, 4096)
rand.Read(ret.JwtSecret) if err != nil {
return nil, err
}
ret.JwtPublicKey = &ret.JwtPrivateKey.PublicKey
pemd := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(ret.JwtPrivateKey),
},
)
_, err := db.SaveConfig(ctx, dbc.SaveConfigParams{ _, err := db.SaveConfig(ctx, dbc.SaveConfigParams{
Key: JwtSecret, Key: JwtPrivateKey,
Value: base64.StdEncoding.EncodeToString(ret.JwtSecret), Value: string(pemd),
}) })
if err != nil { if err != nil {
return nil, err return nil, err

6
auth/session.go
View File

@ -100,7 +100,6 @@ type Jwt struct {
// @Summary Get JWT // @Summary Get JWT
// @Description Convert a session token to a short lived JWT. // @Description Convert a session token to a short lived JWT.
// @Tags sessions // @Tags sessions
// @Accept json
// @Produce json // @Produce json
// @Security Token // @Security Token
// @Success 200 {object} Jwt // @Success 200 {object} Jwt
@ -129,6 +128,7 @@ func (h *Handler) CreateJwt(c echo.Context) error {
claims := maps.Clone(session.User.Claims) claims := maps.Clone(session.User.Claims)
claims["sub"] = session.User.Id.String() claims["sub"] = session.User.Id.String()
claims["sid"] = session.Id.String()
claims["iss"] = h.config.Issuer claims["iss"] = h.config.Issuer
claims["exp"] = &jwt.NumericDate{ claims["exp"] = &jwt.NumericDate{
Time: time.Now().UTC().Add(time.Hour), Time: time.Now().UTC().Add(time.Hour),
@ -136,8 +136,8 @@ func (h *Handler) CreateJwt(c echo.Context) error {
claims["iss"] = &jwt.NumericDate{ claims["iss"] = &jwt.NumericDate{
Time: time.Now().UTC(), Time: time.Now().UTC(),
} }
jwt := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) jwt := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
t, err := jwt.SignedString(h.config.JwtSecret) t, err := jwt.SignedString(h.config.JwtPrivateKey)
if err != nil { if err != nil {
return err return err
} }