zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-07 17:51:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

good first draft, fixed test

Browse Source
This commit is contained in:
0xdcarns
2021-10-21 20:32:23 -04:00
parent 4e4e8b3ab5
commit 7939e5968f
6 changed files with 177 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
controllers/userHttpController.go
View File

@@ -12,7 +12,6 @@ import (
"github.com/gravitl/netmaker/functions"
"github.com/gravitl/netmaker/logic"
"github.com/gravitl/netmaker/models"
"golang.org/x/crypto/bcrypt"
)
func userHandlers(r *mux.Router) {
@@ -53,7 +52,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
return
}
jwt, err := VerifyAuthRequest(authRequest)
jwt, err := logic.VerifyAuthRequest(authRequest)
if err != nil {
returnErrorResponse(response, request, formatError(err, "badrequest"))
return
@@ -86,35 +85,6 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
response.Write(successJSONResponse)
}
// VerifyAuthRequest - verifies an auth request
func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) {
var result models.User
if authRequest.UserName == "" {
return "", errors.New("username can't be empty")
} else if authRequest.Password == "" {
return "", errors.New("password can't be empty")
}
//Search DB for node with Mac Address. Ignore pending nodes (they should not be able to authenticate with API until approved).
record, err := database.FetchRecord(database.USERS_TABLE_NAME, authRequest.UserName)
if err != nil {
return "", errors.New("incorrect credentials")
}
if err = json.Unmarshal([]byte(record), &result); err != nil {
return "", errors.New("incorrect credentials")
}
// compare password from request to stored password in database
// might be able to have a common hash (certificates?) and compare those so that a password isn't passed in in plain text...
// TODO: Consider a way of hashing the password client side before sending, or using certificates
if err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(authRequest.Password)); err != nil {
return "", errors.New("incorrect credentials")
}
//Create a new JWT for the node
tokenString, _ := functions.CreateUserJWT(authRequest.UserName, result.Networks, result.IsAdmin)
return tokenString, nil
}
// The middleware for most requests to the API
// They all pass through here first
// This will validate the JWT (or check for master token)