summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--client/src/apiSlice.ts4
-rw-r--r--server/cmd/main.go47
-rw-r--r--server/guests/models.go2
3 files changed, 37 insertions, 16 deletions
diff --git a/client/src/apiSlice.ts b/client/src/apiSlice.ts
index 7842da8..514f8b1 100644
--- a/client/src/apiSlice.ts
+++ b/client/src/apiSlice.ts
@@ -30,11 +30,11 @@ export interface PartyGuest {
export const apiSlice = createApi({
reducerPath: 'api',
baseQuery: fetchBaseQuery({
- baseUrl: 'http://localhost:8080/',
+ baseUrl: 'http://192.168.1.41:8080/',
prepareHeaders: (headers, { getState }) => {
const token = (getState() as RootState).auth.token;
if (token) {
- headers.set('authorization', `Bearer ${token}`);
+ headers.set('authorization', `${token}`);
}
return headers;
},
diff --git a/server/cmd/main.go b/server/cmd/main.go
index 5b81b66..b4b1c6d 100644
--- a/server/cmd/main.go
+++ b/server/cmd/main.go
@@ -2,14 +2,13 @@ package main
import (
"context"
- "crypto/rand"
- "encoding/base64"
"encoding/json"
"fmt"
"log"
"net/http"
"os"
"regexp"
+ "time"
"github.com/golang-jwt/jwt/v5"
"github.com/jackc/pgx/v5/pgxpool"
@@ -60,21 +59,22 @@ func (h *guestHandler) login(w http.ResponseWriter, r *http.Request) {
return
}
+ expirationTime := time.Now().Add(15 * time.Minute)
claims := &guests.Claims{
- Guest: guest,
- RegisteredClaims: jwt.RegisteredClaims{},
+ Credentials: creds,
+ RegisteredClaims: jwt.RegisteredClaims{
+ ExpiresAt: jwt.NewNumericDate(expirationTime),
+ },
}
- key := make([]byte, 32)
- _, err = rand.Read(key)
+ key, err := os.ReadFile("C:\\Users\\mhunt\\skey.pem")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
- secretKey := []byte(base64.StdEncoding.EncodeToString(key))
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
- tokenString, err := token.SignedString(secretKey)
+ tokenString, err := token.SignedString(key)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -92,10 +92,6 @@ func (h *guestHandler) login(w http.ResponseWriter, r *http.Request) {
}
w.WriteHeader(http.StatusOK)
- http.SetCookie(w, &http.Cookie{
- Name: "token",
- Value: tokenString,
- })
w.Write(jsonBytes)
}
@@ -148,6 +144,31 @@ func (h *guestHandler) createGuest(w http.ResponseWriter, r *http.Request) {
}
func (h *guestHandler) updateGuest(w http.ResponseWriter, r *http.Request) {
+ tokenString := r.Header.Get("Authorization")
+ claims := &guests.Claims{}
+
+ key, err := os.ReadFile("C:\\Users\\mhunt\\skey.pem")
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (any, error) {
+ return key, nil
+ })
+ if err != nil {
+ if err == jwt.ErrSignatureInvalid {
+ w.WriteHeader(http.StatusUnauthorized)
+ return
+ }
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+ if !token.Valid {
+ w.WriteHeader(http.StatusUnauthorized)
+ return
+ }
+
matches := guestIdRe.FindStringSubmatch(r.URL.Path)
if len(matches) < 2 {
http.Error(w, "No id found", http.StatusBadRequest)
@@ -155,7 +176,7 @@ func (h *guestHandler) updateGuest(w http.ResponseWriter, r *http.Request) {
}
var guest guests.Guest
- err := json.NewDecoder(r.Body).Decode(&guest)
+ err = json.NewDecoder(r.Body).Decode(&guest)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
diff --git a/server/guests/models.go b/server/guests/models.go
index 5915f81..bcc6a52 100644
--- a/server/guests/models.go
+++ b/server/guests/models.go
@@ -24,7 +24,7 @@ type Credentials struct {
}
type Claims struct {
- Guest Guest `json:"guest"`
+ Credentials Credentials `json:"credentials"`
jwt.RegisteredClaims
}