starred/godoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-26 18:58:58 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

v0.26.0

Browse Source
This commit is contained in:
yusing
2026-02-16 08:59:01 +08:00
parent 15b9635ee1
commit e4e6f6b3e8
242 changed files with 3953 additions and 3502 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
internal/auth/userpass.go
View File

@@ -2,22 +2,19 @@ package auth
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"time"
"github.com/golang-jwt/jwt/v5"
"github.com/yusing/godoxy/internal/common"
gperr "github.com/yusing/goutils/errs"
httputils "github.com/yusing/goutils/http"
strutils "github.com/yusing/goutils/strings"
"golang.org/x/crypto/bcrypt"
)
var (
ErrInvalidUsername = gperr.New("invalid username")
ErrInvalidPassword = gperr.New("invalid password")
)
var ErrInvalidUsername = errors.New("invalid username")
type (
UserPassAuth struct {
@@ -27,8 +24,9 @@ type (
tokenTTL time.Duration
}
UserPassClaims struct {
Username string `json:"username"`
jwt.RegisteredClaims
Username string `json:"username"`
}
)
@@ -81,7 +79,7 @@ func (auth *UserPassAuth) CheckToken(r *http.Request) error {
return ErrMissingSessionToken
}
var claims UserPassClaims
token, err := jwt.ParseWithClaims(jwtCookie.Value, &claims, func(t *jwt.Token) (interface{}, error) {
token, err := jwt.ParseWithClaims(jwtCookie.Value, &claims, func(t *jwt.Token) (any, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
}
@@ -94,9 +92,9 @@ func (auth *UserPassAuth) CheckToken(r *http.Request) error {
case !token.Valid:
return ErrInvalidSessionToken
case claims.Username != auth.username:
return ErrUserNotAllowed.Subject(claims.Username)
return fmt.Errorf("%w: %s", ErrUserNotAllowed, claims.Username)
case claims.ExpiresAt.Before(time.Now()):
return gperr.Errorf("token expired on %s", strutils.FormatTime(claims.ExpiresAt.Time))
return fmt.Errorf("token expired on %s", strutils.FormatTime(claims.ExpiresAt.Time))
}
return nil
@@ -139,11 +137,12 @@ func (auth *UserPassAuth) LogoutHandler(w http.ResponseWriter, r *http.Request)
}
func (auth *UserPassAuth) validatePassword(user, pass string) error {
if user != auth.username {
return ErrInvalidUsername.Subject(user)
}
// always perform bcrypt comparison to avoid timing attacks
if err := bcrypt.CompareHashAndPassword(auth.pwdHash, []byte(pass)); err != nil {
return ErrInvalidPassword.With(err).Subject(pass)
return err
}
if user != auth.username {
return ErrInvalidUsername
}
return nil
}