Merge branch 'dev' into dependabot/go_modules/backend/services/controller/golang.org/x/crypto-0.17.0

2023-12-23 12:59:07 -03:00 · 2023-12-23 12:59:07 -03:00 · 4b2dc84015
commit 4b2dc84015
parent c8e0b3ef00 b15ab6b5f0
4 changed files with 59 additions and 13 deletions
--- a/backend/services/controller/go.mod
+++ b/backend/services/controller/go.mod
@ -3,9 +3,9 @@ module github.com/leandrofars/oktopus
 go 1.18

 require (
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/eclipse/paho.golang v0.10.0
 	github.com/go-stomp/stomp v2.1.4+incompatible
+	github.com/golang-jwt/jwt/v5 v5.2.0
 	github.com/google/uuid v1.3.0
 	github.com/googollee/go-socket.io v1.7.0
 	github.com/gorilla/mux v1.8.0
--- a/backend/services/controller/go.sum
+++ b/backend/services/controller/go.sum
@ -1,14 +1,14 @@
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/eclipse/paho.golang v0.10.0 h1:oUGPjRwWcZQRgDD9wVDV7y7i7yBSxts3vcvcNJo8B4Q=
 github.com/eclipse/paho.golang v0.10.0/go.mod h1:rhrV37IEwauUyx8FHrvmXOKo+QRKng5ncoN1vJiJMcs=
 github.com/go-stomp/stomp v2.1.4+incompatible h1:D3SheUVDOz9RsjVWkoh/1iCOwD0qWjyeTZMUZ0EXg2Y=
 github.com/go-stomp/stomp v2.1.4+incompatible/go.mod h1:VqCtqNZv1226A1/79yh+rMiFUcfY3R109np+7ke4n0c=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
--- a/backend/services/controller/internal/api/auth/auth.go
+++ b/backend/services/controller/internal/api/auth/auth.go
@ -2,9 +2,12 @@ package auth

 import (
 	"errors"
-	"github.com/dgrijalva/jwt-go"
+	"fmt"
+	"log"
 	"os"
 	"time"
+
+	"github.com/golang-jwt/jwt/v5"
 )

 func getJwtKey() []byte {
@ -18,16 +21,17 @@ func getJwtKey() []byte {
 type JWTClaim struct {
 	Username string `json:"username"`
 	Email    string `json:"email"`
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 }

 func GenerateJWT(email string, username string) (tokenString string, err error) {
 	expirationTime := time.Now().Add(4 * time.Hour)
 	claims := &JWTClaim{
-		Email:    email,
-		Username: username,
-		StandardClaims: jwt.StandardClaims{
-			ExpiresAt: expirationTime.Unix(),
+		username,
+		email,
+		jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(expirationTime),
+			Issuer:    "Oktopus",
 		},
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
@ -40,21 +44,25 @@ func ValidateToken(signedToken string) (email string, err error) {
 		signedToken,
 		&JWTClaim{},
 		func(token *jwt.Token) (interface{}, error) {
+			// Don't forget to validate the alg is what you expect:
+			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+				return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
+			}
+
+			// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
 			return getJwtKey(), nil
 		},
 	)
 	if err != nil {
+		log.Println(err)
 		return
 	}
+
 	claims, ok := token.Claims.(*JWTClaim)
 	if !ok {
 		err = errors.New("couldn't parse claims")
 		return
 	}
-	if claims.ExpiresAt < time.Now().Local().Unix() {
-		err = errors.New("token expired")
-		return
-	}

 	email = claims.Email

--- a/devops/nginx/nginx.conf
+++ b/devops/nginx/nginx.conf
@ -34,6 +34,44 @@ http {
    # for more information.
    include /etc/nginx/conf.d/*.conf;

+    server {
+      if ($host = oktopus.app.br) {
+          return 301 https://$host$request_uri;
+      }
+      listen 80;
+      listen [::]:80;
+      server_name oktopus.app.br;
+      return 404;
+    }
+
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        server_name  oktopus.app.br;
+        root         /usr/share/nginx/html;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        ssl_certificate "/etc/letsencrypt/live/oktopus.app.br/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/oktopus.app.br/privkey.pem";
+        ssl_session_cache shared:SSL:1m;
+        ssl_session_timeout  10m;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers on;
+
+        error_page 404 /404.html;
+        location = /404.html {
+        }
+
+        location / {
+                proxy_pass             http://127.0.0.1:3001;
+                proxy_read_timeout     60;
+                proxy_connect_timeout  60;
+                proxy_redirect         off;
+        }
+    }
+
    server {
      if ($host = oktopustr369.com) {
          return 301 https://$host$request_uri;