// InitCipherModule initializes the components used for server-side encryption
func InitCipherModule() {
key, err := util.Decode(encodedPrivateKey)
if err != nil {
panic(err)
}
err = util.DeserializeJSON(key, privateKey)
if err != nil {
panic(err)
}
encrypter, err = jose.NewEncrypter(jose.RSA_OAEP, jose.A128GCM, &privateKey.PublicKey)
if err != nil {
panic(err)
}
}
// Authorize tries to authorize an existing gostToken
func Authorize(httpHeader http.Header) (*identity.Identity, error) {
ghostToken, err := extractGhostToken(httpHeader)
if err != nil {
if err == errAnonymousUser {
return identity.NewAnonymous(), nil
}
return nil, err
}
encryptedToken, err := util.Decode([]byte(ghostToken))
if err != nil {
return nil, err
}
jsonToken, err := security.Decrypt(encryptedToken)
if err != nil {
return nil, err
}
cookie := new(cookies.Session)
err = util.DeserializeJSON(jsonToken, cookie)
if err != nil {
return nil, err
}
dbCookie, err := cookies.GetSession(cookie.Token)
if err != nil || dbCookie == nil {
return nil, ErrDeactivatedUser
}
if !identity.IsUserActivated(dbCookie.UserID) {
return nil, ErrDeactivatedUser
}
go dbCookie.ResetToken()
return identity.New(dbCookie), nil
}