wok-able/auth/auth.go

package auth

import (
	"errors"
	"os"
	"time"

	"github.com/golang-jwt/jwt"
	log "github.com/sirupsen/logrus"
	"golang.org/x/crypto/bcrypt"
)

var secretKey []byte

func Setup() {
	secretKeyString, isSet := os.LookupEnv("SECRET_KEY")
	if !isSet {
		log.Warn("SECRET_KEY not set in environment, using default key")
		secretKeyString = "DebugKey"
	}

	secretKey = []byte(secretKeyString)
}

func makePasswordSalty(password string, salt []byte) []byte {
	passwordBytes := []byte(password)
	passwordBytes = append(passwordBytes, salt...)
	return passwordBytes
}

func HashPassword(password string, salt []byte) (hashedPassword []byte, err error) {
	saltyPassword := makePasswordSalty(password, salt)
	hashedPassword, err = bcrypt.GenerateFromPassword(saltyPassword, bcrypt.DefaultCost)
	return
}

func CheckPassword(password string, salt []byte, hashedPassword []byte) (err error) {
	saltyPassword := makePasswordSalty(password, salt)
	err = bcrypt.CompareHashAndPassword(hashedPassword, saltyPassword)
	return
}

func GenerateJWT(id uint, username string, email string) (jwttoken string, err error) {
	token := jwt.New(jwt.SigningMethodHS256)
	claims := token.Claims.(jwt.MapClaims)

	claims["authorized"] = true
	claims["user_id"] = id
	claims["username"] = username
	claims["email"] = email
	claims["exp"] = time.Now().Add(time.Hour * 2).Unix()

	if jwttoken, err = token.SignedString(secretKey); err != nil {
		log.Errorf("Something Went Wrong: %s", err.Error())
	}
	return
}

func VerifyJWT(jwttoken string) (claims jwt.MapClaims, err error) {
	token, e := jwt.ParseWithClaims(jwttoken, &jwt.MapClaims{}, func(t *jwt.Token) (interface{}, error) {
		return secretKey, nil
	})
	if e != nil || !token.Valid {
		err = errors.New("Unautherized")
		return
	}
	claimsptr := token.Claims.(*jwt.MapClaims)
	claims = *claimsptr
	return
}
bigest part of the api done 3 years ago			`package auth`

			`import (`
some more changes 3 years ago			`"errors"`
bigest part of the api done 3 years ago			`"os"`
			`"time"`

			`"github.com/golang-jwt/jwt"`
			`log "github.com/sirupsen/logrus"`
			`"golang.org/x/crypto/bcrypt"`
			`)`

			`var secretKey []byte`

			`func Setup() {`
			`secretKeyString, isSet := os.LookupEnv("SECRET_KEY")`
			`if !isSet {`
			`log.Warn("SECRET_KEY not set in environment, using default key")`
			`secretKeyString = "DebugKey"`
			`}`

			`secretKey = []byte(secretKeyString)`
			`}`

			`func makePasswordSalty(password string, salt []byte) []byte {`
			`passwordBytes := []byte(password)`
			`passwordBytes = append(passwordBytes, salt...)`
			`return passwordBytes`
			`}`

			`func HashPassword(password string, salt []byte) (hashedPassword []byte, err error) {`
			`saltyPassword := makePasswordSalty(password, salt)`
some more changes 3 years ago			`hashedPassword, err = bcrypt.GenerateFromPassword(saltyPassword, bcrypt.DefaultCost)`
bigest part of the api done 3 years ago			`return`
			`}`

			`func CheckPassword(password string, salt []byte, hashedPassword []byte) (err error) {`
			`saltyPassword := makePasswordSalty(password, salt)`
			`err = bcrypt.CompareHashAndPassword(hashedPassword, saltyPassword)`
			`return`
			`}`

			`func GenerateJWT(id uint, username string, email string) (jwttoken string, err error) {`
			`token := jwt.New(jwt.SigningMethodHS256)`
			`claims := token.Claims.(jwt.MapClaims)`

			`claims["authorized"] = true`
			`claims["user_id"] = id`
			`claims["username"] = username`
			`claims["email"] = email`
			`claims["exp"] = time.Now().Add(time.Hour * 2).Unix()`

			`if jwttoken, err = token.SignedString(secretKey); err != nil {`
			`log.Errorf("Something Went Wrong: %s", err.Error())`
			`}`
			`return`
			`}`
some more changes 3 years ago
			`func VerifyJWT(jwttoken string) (claims jwt.MapClaims, err error) {`
			`token, e := jwt.ParseWithClaims(jwttoken, &jwt.MapClaims{}, func(t *jwt.Token) (interface{}, error) {`
			`return secretKey, nil`
			`})`
			`if e != nil \|\| !token.Valid {`
			`err = errors.New("Unautherized")`
			`return`
			`}`
			`claimsptr := token.Claims.(*jwt.MapClaims)`
			`claims = *claimsptr`
			`return`
			`}`