From 7df43f2cf37705dc940280bf28203b851a386452 Mon Sep 17 00:00:00 2001 From: Florian Beisel Date: Sun, 21 Jan 2024 16:06:36 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fixes=20a=20bug=20not=20using=20?= =?UTF-8?q?the=20JWT=20Key=20correctly?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- auth/auth.go | 19 +++++++++++++++++-- middleware/middleware.go | 3 ++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index f44078d..b0ba1d1 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -1,3 +1,17 @@ +// Copyright 2024 Florian Beisel +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package auth import ( @@ -8,14 +22,15 @@ import ( ) func GenerateToken(username string) (string, error) { + jwtKeyBytes := []byte(config.GlobalConfig.JwtKey) + expirationTime := time.Now().Add(1 * time.Hour) claims := &jwt.StandardClaims{ Subject: username, ExpiresAt: expirationTime.Unix(), } - token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - tokenString, err := token.SignedString(config.GlobalConfig.JwtKey) + tokenString, err := token.SignedString(jwtKeyBytes) return tokenString, err } diff --git a/middleware/middleware.go b/middleware/middleware.go index 0d7da7f..762fc89 100644 --- a/middleware/middleware.go +++ b/middleware/middleware.go @@ -23,7 +23,8 @@ func Authenticate() gin.HandlerFunc { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method") } - return config.GlobalConfig.JwtKey, nil + jwtKeyBytes := []byte(config.GlobalConfig.JwtKey) + return jwtKeyBytes, nil }) if err != nil {