refactor jwt secret
This commit is contained in:
@@ -4,6 +4,9 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
|
"go-nkode/util"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -23,7 +26,20 @@ const (
|
|||||||
resetNKodeTokenExp = 5 * time.Minute
|
resetNKodeTokenExp = 5 * time.Minute
|
||||||
)
|
)
|
||||||
|
|
||||||
var secret = GetJwtSecret("./secrets.json")
|
var secret = getJwtSecret()
|
||||||
|
|
||||||
|
func getJwtSecret() []byte {
|
||||||
|
jwtSecret := os.Getenv("JWT_SECRET")
|
||||||
|
if jwtSecret == "" {
|
||||||
|
log.Fatal("No JWT_SECRET found")
|
||||||
|
}
|
||||||
|
|
||||||
|
jwtBytes, err := util.ParseHexString(jwtSecret)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("error parsing jwt secret %v", err)
|
||||||
|
}
|
||||||
|
return jwtBytes
|
||||||
|
}
|
||||||
|
|
||||||
func NewAuthenticationTokens(username string, customerId CustomerId) (AuthenticationTokens, error) {
|
func NewAuthenticationTokens(username string, customerId CustomerId) (AuthenticationTokens, error) {
|
||||||
accessClaims := NewAccessClaim(username, customerId)
|
accessClaims := NewAccessClaim(username, customerId)
|
||||||
|
|||||||
@@ -4,11 +4,11 @@
|
|||||||
num_bytes=16
|
num_bytes=16
|
||||||
|
|
||||||
# Use dd to read cryptographically secure bytes from /dev/urandom
|
# Use dd to read cryptographically secure bytes from /dev/urandom
|
||||||
# and convert them to integers using od
|
# and convert them to hexadecimal using od
|
||||||
secure_bytes=$(dd if=/dev/urandom bs=1 count=$num_bytes 2>/dev/null | od -An -tu1)
|
secure_bytes=$(dd if=/dev/urandom bs=1 count=$num_bytes 2>/dev/null | od -An -tx1)
|
||||||
|
|
||||||
# Remove leading/trailing spaces and replace spaces with commas
|
# Remove leading/trailing spaces and concatenate the hex bytes into a single string
|
||||||
secure_bytes=$(echo $secure_bytes | sed 's/ /,/g')
|
secure_bytes=$(echo $secure_bytes | tr -d ' \n')
|
||||||
|
|
||||||
# Output the result as a comma-separated list of integers
|
# Output the result as a hexadecimal string
|
||||||
echo "Cryptographically secure bytes (as integers): $secure_bytes"
|
echo "Cryptographically secure bytes (as hex): $secure_bytes"
|
||||||
|
|||||||
10
util/util.go
10
util/util.go
@@ -4,6 +4,7 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"go-nkode/hashset"
|
"go-nkode/hashset"
|
||||||
@@ -261,3 +262,12 @@ func GenerateRandomString(length int) string {
|
|||||||
}
|
}
|
||||||
return string(b)
|
return string(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ParseHexString(hexStr string) ([]byte, error) {
|
||||||
|
// Decode the hex string into bytes
|
||||||
|
bytes, err := hex.DecodeString(hexStr)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return bytes, nil
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user