Skip to content

Commit

Permalink
Merge pull request #33 from ariebrainware/feature/fix_leak_signature_key
Browse files Browse the repository at this point in the history 
Fix leak signature key
  • Loading branch information
@ariebrainware
ariebrainware authored Oct 20, 2019
2 parents 8a10e6c + 3773076 commit a5b5a99
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 20 deletions.
11 changes: 6 additions & 5 deletions config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,12 @@ import (

// Config is a configuration model
type Config struct {
Host string
User string
Password string
Database string
Port int
Host string
User string
Password string
Database string
Port int
JWTSignature string
}

var (
Expand Down
3 changes: 2 additions & 1 deletion config/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"User": "postgres",
"Password": "",
"Database": "paylist",
"Port": 5432
"Port": 5432,
"JWTSignature": "topsecret"
}
16 changes: 9 additions & 7 deletions endpoint/paylist.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ import (
"github.com/ariebrainware/paylist-api/util"
)

var conf config.Config

//User stuct for parse token
type User struct {
Username string
Expand All @@ -25,11 +27,11 @@ func FetchAllPaylist(c *gin.Context) {
tk := User{}
tokenString := c.Request.Header.Get("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
util.CallServerError(c, "fail to parse the token, make sure token is valid", err)
util.CallServerError(c, "fail to parse the token, make sure token and signature is valid", err)
return
}
username := tk.Username
Expand All @@ -48,7 +50,7 @@ func FetchSinglePaylist(c *gin.Context) {
tk := User{}
tokenString := c.Request.Header.Get("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand All @@ -72,7 +74,7 @@ func CreateUserPaylist(c *gin.Context) {
// Parse the payload from token
tokenString := c.GetHeader("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -114,7 +116,7 @@ func UpdateUserPaylist(c *gin.Context) {
// Parse the token payload
tokenString := c.GetHeader("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -168,7 +170,7 @@ func UpdateUserPaylistStatus(c *gin.Context) {
// Parse the token payload and validate the username is own the paylist
tokenString := c.GetHeader("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -212,7 +214,7 @@ func DeleteUserPaylist(c *gin.Context) {
// Parse the token payload and validate the username is own the paylist
tokenString := c.GetHeader("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down
16 changes: 9 additions & 7 deletions endpoint/users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ func FetchAllUser(c *gin.Context) {
tk := User{}
tokenString := c.Request.Header.Get("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -108,12 +108,13 @@ func FetchAllUser(c *gin.Context) {

// UpdateUser function to update user information
func UpdateUser(c *gin.Context) {

var users model.User
ID := c.Param("id")
tk := User{}
tokenString := c.Request.Header.Get("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprint(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -146,12 +147,13 @@ func UpdateUser(c *gin.Context) {
util.CallSuccessOK(c, "User successfully updated!", ID)
}

// AddBalance is a function to add user balance or income
func AddBalance(c *gin.Context) {
var users model.User
tk := User{}
tokenString := c.Request.Header.Get("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -185,7 +187,7 @@ func DeleteUser(c *gin.Context) {
tk := User{}
tokenString := c.Request.Header.Get("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -214,7 +216,7 @@ func FetchSingleUser(c *gin.Context) {
tk := User{}
tokenString := c.Request.Header.Get("Authorization")
token, err := jwt.ParseWithClaims(tokenString, &tk, func(token *jwt.Token) (interface{}, error) {
return []byte("secret"), nil
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
})
if err != nil || token == nil {
fmt.Println(err, token)
Expand Down Expand Up @@ -274,7 +276,7 @@ func Login(c *gin.Context) {
}
//Create JWT token
token := jwt.NewWithClaims(jwt.GetSigningMethod("HS256"), tk)
tokenString, err := token.SignedString([]byte("secret"))
tokenString, err := token.SignedString([]byte(fmt.Sprintf(conf.JWTSignature)))
if err != nil {
util.CallServerError(c, "error create token", err)
c.Abort()
Expand Down Expand Up @@ -313,7 +315,7 @@ func Auth(c *gin.Context) {
if jwt.GetSigningMethod("HS256") != token.Method {
return nil, fmt.Errorf("unexpected SigningMethod :%v", token.Header["alg"])
}
return []byte("secret"), nil
return []byte(fmt.Sprintf(conf.JWTSignature)), nil
})
config.DB.Model(&logging).Where("token = ? ", tokenString).Find(&logging)
if logging.Token == "" {
Expand Down

0 comments on commit a5b5a99

Please sign in to comment.