From edad65d6a95bf4fb76010aba5b930007d2246a04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=20Jurmanovi=C4=87?= Date: Sun, 17 Aug 2025 12:46:37 +0200 Subject: [PATCH] generate open token using normal token --- local/middleware/auth.go | 7 +++++++ local/service/membership.go | 9 ++------- local/utl/configs/configs.go | 2 +- local/utl/jwt/jwt.go | 9 ++++++--- tests/auth_helper.go | 4 ++-- tests/unit/service/auth_simple_test.go | 2 +- 6 files changed, 19 insertions(+), 14 deletions(-) diff --git a/local/middleware/auth.go b/local/middleware/auth.go index bef899e..db8fd73 100644 --- a/local/middleware/auth.go +++ b/local/middleware/auth.go @@ -106,6 +106,13 @@ func (m *AuthMiddleware) AuthenticateWithHandler(jwtHandler *jwt.JWTHandler, isO }) } + if !jwtHandler.IsOpenToken && claims.IsOpenToken { + logging.Error("Authentication failed: attempting to authenticate with open token") + return ctx.Status(fiber.StatusUnauthorized).JSON(fiber.Map{ + "error": "Wrong token type used", + }) + } + // Additional security: validate user ID format if claims.UserID == "" || len(claims.UserID) < 10 { logging.Error("Authentication failed: invalid user ID in token from IP %s", ip) diff --git a/local/service/membership.go b/local/service/membership.go index afd7c40..157d8fc 100644 --- a/local/service/membership.go +++ b/local/service/membership.go @@ -63,16 +63,11 @@ func (s *MembershipService) Login(ctx context.Context, username, password string return "", err } - return s.jwtHandler.GenerateToken(user) + return s.jwtHandler.GenerateToken(user.ID.String()) } func (s *MembershipService) GenerateOpenToken(ctx context.Context, userId string) (string, error) { - user, err := s.repo.GetByID(ctx, userId) - if err != nil { - return "", err - } - - return s.openJwtHandler.GenerateToken(user) + return s.openJwtHandler.GenerateToken(userId) } // CreateUser creates a new user. diff --git a/local/utl/configs/configs.go b/local/utl/configs/configs.go index 3d74244..61e2102 100644 --- a/local/utl/configs/configs.go +++ b/local/utl/configs/configs.go @@ -8,7 +8,7 @@ import ( ) var ( - Version = "0.10.5" + Version = "0.10.6" Prefix = "v1" Secret string SecretCode string diff --git a/local/utl/jwt/jwt.go b/local/utl/jwt/jwt.go index d9c0509..9cd036f 100644 --- a/local/utl/jwt/jwt.go +++ b/local/utl/jwt/jwt.go @@ -13,7 +13,8 @@ import ( // Claims represents the JWT claims. type Claims struct { - UserID string `json:"user_id"` + UserID string `json:"user_id"` + IsOpenToken bool `json:"is_open_token"` jwt.RegisteredClaims } @@ -70,13 +71,14 @@ func (jh *JWTHandler) GenerateSecretKey() string { } // GenerateToken generates a new JWT for a given user. -func (jh *JWTHandler) GenerateToken(user *model.User) (string, error) { +func (jh *JWTHandler) GenerateToken(userId string) (string, error) { expirationTime := time.Now().Add(24 * time.Hour) claims := &Claims{ - UserID: user.ID.String(), + UserID: userId, RegisteredClaims: jwt.RegisteredClaims{ ExpiresAt: jwt.NewNumericDate(expirationTime), }, + IsOpenToken: jh.IsOpenToken, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) @@ -90,6 +92,7 @@ func (jh *JWTHandler) GenerateTokenWithExpiry(user *model.User, expiry time.Time RegisteredClaims: jwt.RegisteredClaims{ ExpiresAt: jwt.NewNumericDate(expirationTime), }, + IsOpenToken: jh.IsOpenToken, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) diff --git a/tests/auth_helper.go b/tests/auth_helper.go index 9871364..eb9b795 100644 --- a/tests/auth_helper.go +++ b/tests/auth_helper.go @@ -28,7 +28,7 @@ func GenerateTestToken() (string, error) { jwtHandler := jwt.NewJWTHandler(testSecret) // Generate JWT token - token, err := jwtHandler.GenerateToken(user) + token, err := jwtHandler.GenerateToken(user.ID.String()) if err != nil { return "", fmt.Errorf("failed to generate test token: %w", err) } @@ -55,7 +55,7 @@ func GenerateTestTokenWithExpiry(expiryTime time.Time) (string, error) { testSecret = "test-secret-that-is-at-least-32-bytes-long-for-security" } jwtHandler := jwt.NewJWTHandler(testSecret) - + // Create test user user := &model.User{ ID: uuid.New(), diff --git a/tests/unit/service/auth_simple_test.go b/tests/unit/service/auth_simple_test.go index ef8d678..361542c 100644 --- a/tests/unit/service/auth_simple_test.go +++ b/tests/unit/service/auth_simple_test.go @@ -26,7 +26,7 @@ func TestJWT_GenerateAndValidateToken(t *testing.T) { } // Test JWT generation - token, err := jwtHandler.GenerateToken(user) + token, err := jwtHandler.GenerateToken(user.ID.String()) tests.AssertNoError(t, err) tests.AssertNotNil(t, token)