zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-07 09:41:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

user security bug fixed

Browse Source
This commit is contained in:
worker-9
2021-08-09 16:18:24 -04:00
parent 0bdaaf8b63
commit 31e81342fb
3 changed files with 164 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
controllers/nodeHttpController.go
View File

@@ -6,6 +6,7 @@ import (
"net/http" "net/http"
"strings" "strings"
"time" "time"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/gravitl/netmaker/database" "github.com/gravitl/netmaker/database"
"github.com/gravitl/netmaker/functions" "github.com/gravitl/netmaker/functions"
@@ -194,17 +195,6 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha
macaddress = "mastermac" macaddress = "mastermac"
isAuthorized = true isAuthorized = true
r.Header.Set("ismasterkey", "yes") r.Header.Set("ismasterkey", "yes")
} else {
r.Header.Set("ismasterkey", "")
mac, _, err := functions.VerifyToken(authToken)
if err != nil {
errorResponse = models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
}
returnErrorResponse(w, r, errorResponse)
return
}
macaddress = mac
} }
if !isadmin && params["network"] != "" { if !isadmin && params["network"] != "" {
if functions.SliceContains(networks, params["network"]) { if functions.SliceContains(networks, params["network"]) {

15
functions/jwt.go
View File

@@ -1,10 +1,12 @@
package functions package functions
import ( import (
"errors"
"time" "time"
"github.com/dgrijalva/jwt-go"
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
"github.com/gravitl/netmaker/servercfg" "github.com/gravitl/netmaker/servercfg"
"github.com/dgrijalva/jwt-go"
) )
var jwtSecretKey = []byte("(BytesOverTheWire)") var jwtSecretKey = []byte("(BytesOverTheWire)")
@@ -29,7 +31,7 @@ func CreateJWT(macaddress string, network string) (response string, err error) {
} }
func CreateUserJWT(username string, networks []string, isadmin bool) (response string, err error) { func CreateUserJWT(username string, networks []string, isadmin bool) (response string, err error) {
expirationTime := time.Now().Add(60 * time.Minute) expirationTime := time.Now().Add(1 * time.Minute)
claims := &models.UserClaims{ claims := &models.UserClaims{
UserName: username, UserName: username,
Networks: networks, Networks: networks,
@@ -59,13 +61,17 @@ func VerifyUserToken(tokenString string) (username string, networks []string, is
return jwtSecretKey, nil return jwtSecretKey, nil
}) })
if token != nil { if token != nil && token.Valid {
// check that user exists
if user, err := GetUser(claims.UserName); user.UserName != "" && err == nil {
return claims.UserName, claims.Networks, claims.IsAdmin, nil return claims.UserName, claims.Networks, claims.IsAdmin, nil
} }
err = errors.New("user does not exist")
}
return "", nil, false, err return "", nil, false, err
} }
// VerifyToken func will used to Verify the JWT Token while using APIS // GRPC [nodes] Only
func VerifyToken(tokenString string) (macaddress string, network string, err error) { func VerifyToken(tokenString string) (macaddress string, network string, err error) {
claims := &models.Claims{} claims := &models.Claims{}
@@ -84,4 +90,3 @@ func VerifyToken(tokenString string) (macaddress string, network string, err err
} }
return "", "", err return "", "", err
} }

149
models/names.go
View File

@@ -5,7 +5,7 @@ import (
"time" "time"
) )
// 5-7 chars only // 4-7 chars only
var NAMES = []string{ var NAMES = []string{
"logic", "logic",
"warrant", "warrant",
@@ -32,7 +32,6 @@ var NAMES = []string{
"python", "python",
"mohawk", "mohawk",
"arctic", "arctic",
"linear",
"rival", "rival",
"vibes", "vibes",
"delay", "delay",
@@ -65,7 +64,6 @@ var NAMES = []string{
"clutch", "clutch",
"shark", "shark",
"leader", "leader",
"smelly",
"young", "young",
"robot", "robot",
"squish", "squish",
@@ -73,7 +71,7 @@ var NAMES = []string{
"rocket", "rocket",
"space", "space",
"queen", "queen",
"royal", "royalty",
"flush", "flush",
"earth", "earth",
"planet", "planet",
@@ -92,31 +90,71 @@ var NAMES = []string{
"goose", "goose",
"pepper", "pepper",
"melissa", "melissa",
"alex",
"elon",
"yeet",
"meh",
"walrus",
"avatar",
"chicken",
"proton",
"mohawk",
"tattoo",
"zebra",
"star",
"butter",
"tango",
"homie",
"rambo",
"cosmo",
"bubbles",
"hulk",
"pluto",
"scooby",
"thanos",
"yoda",
"draco",
"goofy",
"ditto",
"puff",
"duck",
"mouse",
"akita",
"water",
"hound",
"baby",
"spider",
"squid",
"roach",
"crab",
"cougar",
"cyborg",
"android",
"being",
"ninja",
"unicorn",
"zombie",
"warrior",
"zamboni",
"life",
"marine",
"node",
"mother",
"father",
"tesla",
} }
// must be 4 chars or less // must be 4 chars or less
var SMALL_NAMES = []string{ var SMALL_NAMES = []string{
"ace", "ace",
"tank", "odd",
"alex", "hot",
"dude", "ill",
"root", "root",
"sudo", "sudo",
"mars",
"meow",
"elon",
"musk",
"moon", "moon",
"beef", "beef",
"tack",
"matt",
"soon",
"man",
"sup",
"yo",
"bro", "bro",
"john",
"drop",
"dank", "dank",
"red", "red",
"gold", "gold",
@@ -128,7 +166,6 @@ var SMALL_NAMES = []string{
"lil", "lil",
"mom", "mom",
"bot", "bot",
"farm",
"evil", "evil",
"good", "good",
"holy", "holy",
@@ -137,48 +174,60 @@ var SMALL_NAMES = []string{
"sad", "sad",
"mad", "mad",
"chad", "chad",
"hat",
"pre", "pre",
"post", "post",
"foot", "foot",
"soft", "soft",
"hard", "hard",
"bob",
"tree",
"lite", "lite",
"fish",
"dark", "dark",
"true", "true",
"cat",
"dog",
"wow",
"yay",
"yeet",
"zoo",
"toy", "toy",
"boy",
"soy", "soy",
"rude", "rude",
"nice", "nice",
"cow", "fun",
"meh", "fat",
"shoe", "pro",
"sock", "sly",
"toe", "tan",
"nail", "pet",
"hair", "fine",
"nose", "main",
"ear", "last",
"tear", "wide",
"lad", "free",
"taco", "open",
"star", "poor",
"sun", "rich",
"ship", "next",
"pack", "real",
"mule", "long",
"drag", "huge",
"king", "wild",
"sick",
"weak",
"firm",
"pink",
"okay",
"dull",
"loud",
"lazy",
"dumb",
"tidy",
"idle",
"bony",
"cute",
"oily",
"lame",
"mega",
"limp",
"wavy",
"edgy",
"nosy",
"zany",
"base",
"cold",
} }
func GenerateNodeName() string { func GenerateNodeName() string {