From 61b03070b43eb2f778d8bb0781b05b33882700c2 Mon Sep 17 00:00:00 2001 From: Donovan Date: Wed, 2 Oct 2024 11:42:33 -0500 Subject: [PATCH] secure jwt --- .gitignore | 2 + core/jwt_claims.go | 2 +- core/secrets.go | 43 +++++++++++++++++++ .../sqlite-init}/json/academicons.json | 0 .../sqlite-init}/json/akar-icons.json | 0 .../sqlite-init}/json/ant-design.json | 0 .../sqlite-init}/json/arcticons.json | 0 .../sqlite-init}/json/basil.json | 0 .../sqlite-init}/json/bitcoin-icons.json | 0 .../sqlite-init}/sqlite_init.go | 0 secure_bytes.sh | 14 ++++++ 11 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 core/secrets.go rename {sqlite-init => core/sqlite-init}/json/academicons.json (100%) rename {sqlite-init => core/sqlite-init}/json/akar-icons.json (100%) rename {sqlite-init => core/sqlite-init}/json/ant-design.json (100%) rename {sqlite-init => core/sqlite-init}/json/arcticons.json (100%) rename {sqlite-init => core/sqlite-init}/json/basil.json (100%) rename {sqlite-init => core/sqlite-init}/json/bitcoin-icons.json (100%) rename {sqlite-init => core/sqlite-init}/sqlite_init.go (100%) create mode 100644 secure_bytes.sh diff --git a/.gitignore b/.gitignore index 54b95df..5e1203b 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ tmp go-nkode *.db-shm *.db-wal +secrets.json +.DS_Store \ No newline at end of file diff --git a/core/jwt_claims.go b/core/jwt_claims.go index 7a451a6..ba85d66 100644 --- a/core/jwt_claims.go +++ b/core/jwt_claims.go @@ -23,7 +23,7 @@ const ( resetNKodeTokenExp = 5 * time.Minute ) -var secret = []byte("your-secret-key") +var secret = GetJwtSecret("./secrets.json") func NewAuthenticationTokens(username string, customerId CustomerId) (AuthenticationTokens, error) { accessClaims := NewAccessClaim(username, customerId) diff --git a/core/secrets.go b/core/secrets.go new file mode 100644 index 0000000..c3204f2 --- /dev/null +++ b/core/secrets.go @@ -0,0 +1,43 @@ +package core + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "log" +) + +type NKodeSecrets struct { + JwtSecret []byte `json:"jwt_secret"` +} + +func ReadSecrets(filePath string) (NKodeSecrets, error) { + // Initialize an empty NKodeSecrets struct + var secrets NKodeSecrets + + // Read the contents of the file + data, err := ioutil.ReadFile(filePath) + if err != nil { + return secrets, fmt.Errorf("error reading secrets file: %w", err) + } + + // Unmarshal JSON data into the NKodeSecrets struct + err = json.Unmarshal(data, &secrets) + if err != nil { + return secrets, fmt.Errorf("error unmarshaling secrets: %w", err) + } + + return secrets, nil +} + +func GetJwtSecret(filePath string) []byte { + secrets, err := ReadSecrets(filePath) + if err != nil { + log.Fatal("can't read secrets: ", err) + } + if secrets.JwtSecret == nil { + log.Fatal("wt secret is nil") + } + return secrets.JwtSecret + +} diff --git a/sqlite-init/json/academicons.json b/core/sqlite-init/json/academicons.json similarity index 100% rename from sqlite-init/json/academicons.json rename to core/sqlite-init/json/academicons.json diff --git a/sqlite-init/json/akar-icons.json b/core/sqlite-init/json/akar-icons.json similarity index 100% rename from sqlite-init/json/akar-icons.json rename to core/sqlite-init/json/akar-icons.json diff --git a/sqlite-init/json/ant-design.json b/core/sqlite-init/json/ant-design.json similarity index 100% rename from sqlite-init/json/ant-design.json rename to core/sqlite-init/json/ant-design.json diff --git a/sqlite-init/json/arcticons.json b/core/sqlite-init/json/arcticons.json similarity index 100% rename from sqlite-init/json/arcticons.json rename to core/sqlite-init/json/arcticons.json diff --git a/sqlite-init/json/basil.json b/core/sqlite-init/json/basil.json similarity index 100% rename from sqlite-init/json/basil.json rename to core/sqlite-init/json/basil.json diff --git a/sqlite-init/json/bitcoin-icons.json b/core/sqlite-init/json/bitcoin-icons.json similarity index 100% rename from sqlite-init/json/bitcoin-icons.json rename to core/sqlite-init/json/bitcoin-icons.json diff --git a/sqlite-init/sqlite_init.go b/core/sqlite-init/sqlite_init.go similarity index 100% rename from sqlite-init/sqlite_init.go rename to core/sqlite-init/sqlite_init.go diff --git a/secure_bytes.sh b/secure_bytes.sh new file mode 100644 index 0000000..1a8bc4d --- /dev/null +++ b/secure_bytes.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Define the number of bytes you want to generate +num_bytes=16 + +# Use dd to read cryptographically secure bytes from /dev/urandom +# and convert them to integers using od +secure_bytes=$(dd if=/dev/urandom bs=1 count=$num_bytes 2>/dev/null | od -An -tu1) + +# Remove leading/trailing spaces and replace spaces with commas +secure_bytes=$(echo $secure_bytes | sed 's/ /,/g') + +# Output the result as a comma-separated list of integers +echo "Cryptographically secure bytes (as integers): $secure_bytes"