func getPublicKey() (*rsa.PublicKey, error) { publicKeyFile, err := os.Open(settings.Get().PublicKeyPath) if err != nil { return nil, err } pemfileinfo, _ := publicKeyFile.Stat() var size int64 = pemfileinfo.Size() pembytes := make([]byte, size) buffer := bufio.NewReader(publicKeyFile) _, err = buffer.Read(pembytes) data, _ := pem.Decode([]byte(pembytes)) publicKeyFile.Close() publicKeyImported, err := x509.ParsePKIXPublicKey(data.Bytes) if err != nil { return nil, err } rsaPub, ok := publicKeyImported.(*rsa.PublicKey) if !ok { return nil, err } return rsaPub, nil }
func getPrivateKey() (*rsa.PrivateKey, error) { privateKeyFile, err := os.Open(settings.Get().PrivateKeyPath) if err != nil { return nil, err } pemfileinfo, _ := privateKeyFile.Stat() var size int64 = pemfileinfo.Size() pembytes := make([]byte, size) buffer := bufio.NewReader(privateKeyFile) _, err = buffer.Read(pembytes) data, _ := pem.Decode([]byte(pembytes)) privateKeyFile.Close() privateKeyImported, err := x509.ParsePKCS1PrivateKey(data.Bytes) if err != nil { return nil, err } return privateKeyImported, nil }
// CreateUser validates the User's information. Upon successful validations, // it creates a new User node in the database, func CreateUser(u *User) (*User, error) { // user sanitization u.sanitize() if _, err := ValidateUser(u); err != nil { return nil, err } passwordDigest, err := bcrypt.GenerateFromPassword([]byte(u.Password), settings.Get().HashCost) if err != nil { return nil, err } // remove passsword string right after u.Password = "" u.PasswordDigest = passwordDigest res := []User{} db := vantaadb.Connect() cq := neoism.CypherQuery{ Statement: `CREATE (u:User {name:{name}, email:{email}, password_digest:{password_digest}}) RETURN id(u), u.name, u.email`, Parameters: neoism.Props{"name": u.Name, "email": u.Email, "password_digest": u.PasswordDigest}, Result: &res, } if err := db.Cypher(&cq); err != nil { return nil, err } newu := &res[0] return newu, nil }
func TestConnection(t *testing.T) { db := Connect() expecturl := settings.Get().DbUrl if db.Url != expecturl { t.Error( "Expected ", expecturl, "got ", db.Url) } }
// GenerateToken creates an encrypted token including the user's ID using // signing method RS512 and the public/private key func (authBackend *JwtAuthBackend) GenerateToken(u *user.User) (string, error) { token := jwt.New(jwt.SigningMethodRS512) token.Claims["exp"] = time.Now().Add( time.Hour * time.Duration(settings.Get().JWTExpirationDelta), ).Unix() token.Claims["iat"] = time.Now().Unix() token.Claims["uid"] = u.Id token.Claims["uname"] = u.Name tokenString, err := token.SignedString(authBackend.privateKey) if err != nil { return "", err } return tokenString, nil }
) type JwtAuthBackend struct { privateKey *rsa.PrivateKey PublicKey *rsa.PublicKey } const ( // expOffset is the time that the token should be removed from ledis after // its expiration expireOffset = 3600 ) var ( authBackendInstance *JwtAuthBackend = nil hashCost int = settings.Get().HashCost ) // InitJwtAuthBackend instantiate a thread-safe JwtAuthBackend instance if // it has not been started. func InitJwtAuthBackend() (*JwtAuthBackend, error) { privateKey, err := getPrivateKey() if err != nil { return nil, err } publicKey, err := getPublicKey() if err != nil { return nil, err }