func getPublicKey() (*rsa.PublicKey, error) {
publicKeyFile, err := os.Open(settings.Get().PublicKeyPath)
if err != nil {
return nil, err
}
pemfileinfo, _ := publicKeyFile.Stat()
var size int64 = pemfileinfo.Size()
pembytes := make([]byte, size)
buffer := bufio.NewReader(publicKeyFile)
_, err = buffer.Read(pembytes)
data, _ := pem.Decode([]byte(pembytes))
publicKeyFile.Close()
publicKeyImported, err := x509.ParsePKIXPublicKey(data.Bytes)
if err != nil {
return nil, err
}
rsaPub, ok := publicKeyImported.(*rsa.PublicKey)
if !ok {
return nil, err
}
return rsaPub, nil
}
func getPrivateKey() (*rsa.PrivateKey, error) {
privateKeyFile, err := os.Open(settings.Get().PrivateKeyPath)
if err != nil {
return nil, err
}
pemfileinfo, _ := privateKeyFile.Stat()
var size int64 = pemfileinfo.Size()
pembytes := make([]byte, size)
buffer := bufio.NewReader(privateKeyFile)
_, err = buffer.Read(pembytes)
data, _ := pem.Decode([]byte(pembytes))
privateKeyFile.Close()
privateKeyImported, err := x509.ParsePKCS1PrivateKey(data.Bytes)
if err != nil {
return nil, err
}
return privateKeyImported, nil
}
// CreateUser validates the User's information. Upon successful validations,
// it creates a new User node in the database,
func CreateUser(u *User) (*User, error) {
// user sanitization
u.sanitize()
if _, err := ValidateUser(u); err != nil {
return nil, err
}
passwordDigest, err := bcrypt.GenerateFromPassword([]byte(u.Password), settings.Get().HashCost)
if err != nil {
return nil, err
}
// remove passsword string right after
u.Password = ""
u.PasswordDigest = passwordDigest
res := []User{}
db := vantaadb.Connect()
cq := neoism.CypherQuery{
Statement: `CREATE (u:User {name:{name}, email:{email}, password_digest:{password_digest}})
RETURN id(u), u.name, u.email`,
Parameters: neoism.Props{"name": u.Name, "email": u.Email, "password_digest": u.PasswordDigest},
Result: &res,
}
if err := db.Cypher(&cq); err != nil {
return nil, err
}
newu := &res[0]
return newu, nil
}
func TestConnection(t *testing.T) {
db := Connect()
expecturl := settings.Get().DbUrl
if db.Url != expecturl {
t.Error(
"Expected ", expecturl,
"got ", db.Url)
}
}
// GenerateToken creates an encrypted token including the user's ID using
// signing method RS512 and the public/private key
func (authBackend *JwtAuthBackend) GenerateToken(u *user.User) (string, error) {
token := jwt.New(jwt.SigningMethodRS512)
token.Claims["exp"] = time.Now().Add(
time.Hour * time.Duration(settings.Get().JWTExpirationDelta),
).Unix()
token.Claims["iat"] = time.Now().Unix()
token.Claims["uid"] = u.Id
token.Claims["uname"] = u.Name
tokenString, err := token.SignedString(authBackend.privateKey)
if err != nil {
return "", err
}
return tokenString, nil
}
)
type JwtAuthBackend struct {
privateKey *rsa.PrivateKey
PublicKey *rsa.PublicKey
}
const (
// expOffset is the time that the token should be removed from ledis after
// its expiration
expireOffset = 3600
)
var (
authBackendInstance *JwtAuthBackend = nil
hashCost int = settings.Get().HashCost
)
// InitJwtAuthBackend instantiate a thread-safe JwtAuthBackend instance if
// it has not been started.
func InitJwtAuthBackend() (*JwtAuthBackend, error) {
privateKey, err := getPrivateKey()
if err != nil {
return nil, err
}
publicKey, err := getPublicKey()
if err != nil {
return nil, err
}
