Skip to content

Commit 3773076

Browse files
ariebrainwareariebrainware
committed
Fix leak signature key
1 parent 8a10e6c commit 3773076

File tree

4 files changed

+26
-20
lines changed

4 files changed

+26
-20
lines changed

config/config.go

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,12 @@ import (
1515

1616
// Config is a configuration model
1717
type Config struct {
18-
Host string
19-
User string
20-
Password string
21-
Database string
22-
Port int
18+
Host string
19+
User string
20+
Password string
21+
Database string
22+
Port int
23+
JWTSignature string
2324
}
2425

2526
var (

config/config.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,6 @@
33
"User": "postgres",
44
"Password": "",
55
"Database": "paylist",
6-
"Port": 5432
6+
"Port": 5432,
7+
"JWTSignature": "topsecret"
78
}

endpoint/paylist.go

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ import (
1313
"github.com/ariebrainware/paylist-api/util"
1414
)
1515

16+
var conf config.Config
17+
1618
//User stuct for parse token
1719
type User struct {
1820
Username string
@@ -25,11 +27,11 @@ func FetchAllPaylist(c *gin.Context) {
2527
tk := User{}
2628
tokenString := c.Request.Header.Get("Authorization")
2729
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
28-
return []byte("secret"), nil
30+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
2931
})
3032
if err != nil || token == nil {
3133
fmt.Println(err, token)
32-
util.CallServerError(c, "fail to parse the token, make sure token is valid", err)
34+
util.CallServerError(c, "fail to parse the token, make sure token and signature is valid", err)
3335
return
3436
}
3537
username := tk.Username
@@ -48,7 +50,7 @@ func FetchSinglePaylist(c *gin.Context) {
4850
tk := User{}
4951
tokenString := c.Request.Header.Get("Authorization")
5052
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
51-
return []byte("secret"), nil
53+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
5254
})
5355
if err != nil || token == nil {
5456
fmt.Println(err, token)
@@ -72,7 +74,7 @@ func CreateUserPaylist(c *gin.Context) {
7274
// Parse the payload from token
7375
tokenString := c.GetHeader("Authorization")
7476
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
75-
return []byte("secret"), nil
77+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
7678
})
7779
if err != nil || token == nil {
7880
fmt.Println(err, token)
@@ -114,7 +116,7 @@ func UpdateUserPaylist(c *gin.Context) {
114116
// Parse the token payload
115117
tokenString := c.GetHeader("Authorization")
116118
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
117-
return []byte("secret"), nil
119+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
118120
})
119121
if err != nil || token == nil {
120122
fmt.Println(err, token)
@@ -168,7 +170,7 @@ func UpdateUserPaylistStatus(c *gin.Context) {
168170
// Parse the token payload and validate the username is own the paylist
169171
tokenString := c.GetHeader("Authorization")
170172
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
171-
return []byte("secret"), nil
173+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
172174
})
173175
if err != nil || token == nil {
174176
fmt.Println(err, token)
@@ -212,7 +214,7 @@ func DeleteUserPaylist(c *gin.Context) {
212214
// Parse the token payload and validate the username is own the paylist
213215
tokenString := c.GetHeader("Authorization")
214216
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
215-
return []byte("secret"), nil
217+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
216218
})
217219
if err != nil || token == nil {
218220
fmt.Println(err, token)

endpoint/users.go

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ func FetchAllUser(c *gin.Context) {
7676
tk := User{}
7777
tokenString := c.Request.Header.Get("Authorization")
7878
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
79-
return []byte("secret"), nil
79+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
8080
})
8181
if err != nil || token == nil {
8282
fmt.Println(err, token)
@@ -108,12 +108,13 @@ func FetchAllUser(c *gin.Context) {
108108

109109
// UpdateUser function to update user information
110110
func UpdateUser(c *gin.Context) {
111+
111112
var users model.User
112113
ID := c.Param("id")
113114
tk := User{}
114115
tokenString := c.Request.Header.Get("Authorization")
115116
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
116-
return []byte("secret"), nil
117+
return []byte(fmt.Sprint(conf.JWTSignature)), nil
117118
})
118119
if err != nil || token == nil {
119120
fmt.Println(err, token)
@@ -146,12 +147,13 @@ func UpdateUser(c *gin.Context) {
146147
util.CallSuccessOK(c, "User successfully updated!", ID)
147148
}
148149

150+
// AddBalance is a function to add user balance or income
149151
func AddBalance(c *gin.Context) {
150152
var users model.User
151153
tk := User{}
152154
tokenString := c.Request.Header.Get("Authorization")
153155
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
154-
return []byte("secret"), nil
156+
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
155157
})
156158
if err != nil || token == nil {
157159
fmt.Println(err, token)
@@ -185,7 +187,7 @@ func DeleteUser(c *gin.Context) {
185187
tk := User{}
186188
tokenString := c.Request.Header.Get("Authorization")
187189
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
188-
return []byte("secret"), nil
190+
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
189191
})
190192
if err != nil || token == nil {
191193
fmt.Println(err, token)
@@ -214,7 +216,7 @@ func FetchSingleUser(c *gin.Context) {
214216
tk := User{}
215217
tokenString := c.Request.Header.Get("Authorization")
216218
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
217-
return []byte("secret"), nil
219+
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
218220
})
219221
if err != nil || token == nil {
220222
fmt.Println(err, token)
@@ -274,7 +276,7 @@ func Login(c *gin.Context) {
274276
}
275277
//Create JWT token
276278
token := jwt.NewWithClaims(jwt.GetSigningMethod("HS256"), tk)
277-
tokenString, err := token.SignedString([]byte("secret"))
279+
tokenString, err := token.SignedString([]byte(fmt.Sprintf(conf.JWTSignature)))
278280
if err != nil {
279281
util.CallServerError(c, "error create token", err)
280282
c.Abort()
@@ -313,7 +315,7 @@ func Auth(c *gin.Context) {
313315
if jwt.GetSigningMethod("HS256") != token.Method {
314316
return nil, fmt.Errorf("unexpected SigningMethod :%v", token.Header["alg"])
315317
}
316-
return []byte("secret"), nil
318+
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
317319
})
318320
config.DB.Model(&logging).Where("token = ? ", tokenString).Find(&logging)
319321
if logging.Token == "" {

0 commit comments

Comments
 (0)