diff --git a/backend/services/controller/go.mod b/backend/services/controller/go.mod index f6ab081..211958d 100644 --- a/backend/services/controller/go.mod +++ b/backend/services/controller/go.mod @@ -3,9 +3,9 @@ module github.com/leandrofars/oktopus go 1.18 require ( - github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/eclipse/paho.golang v0.10.0 github.com/go-stomp/stomp v2.1.4+incompatible + github.com/golang-jwt/jwt/v5 v5.2.0 github.com/google/uuid v1.3.0 github.com/googollee/go-socket.io v1.7.0 github.com/gorilla/mux v1.8.0 diff --git a/backend/services/controller/go.sum b/backend/services/controller/go.sum index 402cf48..3996cfc 100644 --- a/backend/services/controller/go.sum +++ b/backend/services/controller/go.sum @@ -1,14 +1,14 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/eclipse/paho.golang v0.10.0 h1:oUGPjRwWcZQRgDD9wVDV7y7i7yBSxts3vcvcNJo8B4Q= github.com/eclipse/paho.golang v0.10.0/go.mod h1:rhrV37IEwauUyx8FHrvmXOKo+QRKng5ncoN1vJiJMcs= github.com/go-stomp/stomp v2.1.4+incompatible h1:D3SheUVDOz9RsjVWkoh/1iCOwD0qWjyeTZMUZ0EXg2Y= github.com/go-stomp/stomp v2.1.4+incompatible/go.mod h1:VqCtqNZv1226A1/79yh+rMiFUcfY3R109np+7ke4n0c= github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= +github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= diff --git a/backend/services/controller/internal/api/auth/auth.go b/backend/services/controller/internal/api/auth/auth.go index e1a2712..d93eeda 100644 --- a/backend/services/controller/internal/api/auth/auth.go +++ b/backend/services/controller/internal/api/auth/auth.go @@ -2,9 +2,12 @@ package auth import ( "errors" - "github.com/dgrijalva/jwt-go" + "fmt" + "log" "os" "time" + + "github.com/golang-jwt/jwt/v5" ) func getJwtKey() []byte { @@ -18,16 +21,17 @@ func getJwtKey() []byte { type JWTClaim struct { Username string `json:"username"` Email string `json:"email"` - jwt.StandardClaims + jwt.RegisteredClaims } func GenerateJWT(email string, username string) (tokenString string, err error) { expirationTime := time.Now().Add(4 * time.Hour) claims := &JWTClaim{ - Email: email, - Username: username, - StandardClaims: jwt.StandardClaims{ - ExpiresAt: expirationTime.Unix(), + username, + email, + jwt.RegisteredClaims{ + ExpiresAt: jwt.NewNumericDate(expirationTime), + Issuer: "Oktopus", }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) @@ -40,21 +44,25 @@ func ValidateToken(signedToken string) (email string, err error) { signedToken, &JWTClaim{}, func(token *jwt.Token) (interface{}, error) { + // Don't forget to validate the alg is what you expect: + if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { + return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) + } + + // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key") return getJwtKey(), nil }, ) if err != nil { + log.Println(err) return } + claims, ok := token.Claims.(*JWTClaim) if !ok { err = errors.New("couldn't parse claims") return } - if claims.ExpiresAt < time.Now().Local().Unix() { - err = errors.New("token expired") - return - } email = claims.Email diff --git a/devops/nginx/nginx.conf b/devops/nginx/nginx.conf index 597e147..c548171 100644 --- a/devops/nginx/nginx.conf +++ b/devops/nginx/nginx.conf @@ -34,6 +34,44 @@ http { # for more information. include /etc/nginx/conf.d/*.conf; + server { + if ($host = oktopus.app.br) { + return 301 https://$host$request_uri; + } + listen 80; + listen [::]:80; + server_name oktopus.app.br; + return 404; + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name oktopus.app.br; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + ssl_certificate "/etc/letsencrypt/live/oktopus.app.br/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/oktopus.app.br/privkey.pem"; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 10m; + ssl_ciphers HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + + error_page 404 /404.html; + location = /404.html { + } + + location / { + proxy_pass http://127.0.0.1:3001; + proxy_read_timeout 60; + proxy_connect_timeout 60; + proxy_redirect off; + } + } + server { if ($host = oktopustr369.com) { return 301 https://$host$request_uri;