68 lines
1.5 KiB
Go
68 lines
1.5 KiB
Go
package security
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/fiskerinc/cloud-services/pkg/redis"
|
|
"github.com/fiskerinc/cloud-services/pkg/utils/envtool"
|
|
|
|
redigo "github.com/gomodule/redigo/redis"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
func NewSalter(auth string) (ISalter, error) {
|
|
var encryptor IEncryptor
|
|
|
|
key := []byte(envtool.GetEnv("MASTER_KEY", "REPLACE_ME_REPLACE_ME_REPLACE_ME"))
|
|
byteAuth := []byte(auth)
|
|
nonce := []byte(envtool.GetEnv("MASTER_KEY_NONCE", "_REPLACE_ME_"))
|
|
|
|
encryptor, _, err := NewEncryptor(key, byteAuth, nonce)
|
|
return &Salter{encryptor: encryptor, auth: auth}, err
|
|
}
|
|
|
|
type ISalter interface {
|
|
GenerateSessionID(string, string) string
|
|
ValidateSessionID(string) error
|
|
CheckSessionID(redis.Client, string) error
|
|
}
|
|
|
|
type Salter struct {
|
|
encryptor IEncryptor
|
|
auth string
|
|
}
|
|
|
|
func (s *Salter) GenerateSessionID(key string, salt string) string {
|
|
return s.encryptor.EncryptStringToBase64(fmt.Sprintf("%s:%s", key, salt))
|
|
}
|
|
|
|
func (s *Salter) ValidateSessionID(sessionID string) error {
|
|
if sessionID == "" {
|
|
return ErrInvalidSessionID
|
|
}
|
|
data, err := s.encryptor.DecryptBase64ToString(sessionID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
vin := strings.Split(data, ":")[0]
|
|
if vin != s.auth {
|
|
return ErrInvalidSessionID
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *Salter) CheckSessionID(client redis.Client, vin string) error {
|
|
sessionID, err := redigo.String(client.Get(redis.HMISessionKey(vin)))
|
|
if err != nil {
|
|
return errors.WithStack(err)
|
|
}
|
|
err = s.ValidateSessionID(sessionID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|