Merge pull request #771 from gravitl/v0.10.0

V0.10.0

logic/jwts.go

@@ -2,14 +2,29 @@ package logic
 
 import (
 	"errors"
+	"fmt"
 	"time"
 
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/servercfg"
 )
 
-var jwtSecretKey = []byte("(BytesOverTheWire)")
+var jwtSecretKey []byte
+
+// SetJWTSecret - sets the jwt secret on server startup
+func SetJWTSecret() {
+	currentSecret, jwtErr := FetchJWTSecret()
+	if jwtErr != nil {
+		jwtSecretKey = []byte(RandomString(64)) // 512 bit random password
+		if err := StoreJWTSecret(string(jwtSecretKey)); err != nil {
+			logger.FatalLog("something went wrong when configuring JWT authentication")
+		}
+	} else {
+		jwtSecretKey = []byte(currentSecret)
+	}
+}
 
 // CreateJWT func will used to create the JWT while signing in and signing out
 func CreateJWT(uuid string, macAddress string, network string) (response string, err error) {
@@ -19,6 +34,9 @@ func CreateJWT(uuid string, macAddress string, network string) (response string,
 		Network:    network,
 		MacAddress: macAddress,
 		StandardClaims: jwt.StandardClaims{
+			Issuer:    "Netmaker",
+			Subject:   fmt.Sprintf("node|%s", uuid),
+			IssuedAt:  time.Now().Unix(),
 			ExpiresAt: expirationTime.Unix(),
 		},
 	}
@@ -39,6 +57,9 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s
 		Networks: networks,
 		IsAdmin:  isadmin,
 		StandardClaims: jwt.StandardClaims{
+			Issuer:    "Netmaker",
+			IssuedAt:  time.Now().Unix(),
+			Subject:   fmt.Sprintf("user|%s", username),
 			ExpiresAt: expirationTime.Unix(),
 		},
 	}

logic/serverconf.go

@@ -43,3 +43,32 @@ func FetchPrivKey(serverID string) (string, error) {
 func RemovePrivKey(serverID string) error {
 	return database.DeleteRecord(database.SERVERCONF_TABLE_NAME, serverID)
 }
+
+// FetchJWTSecret - fetches jwt secret from db
+func FetchJWTSecret() (string, error) {
+	var dbData string
+	var err error
+	var fetchedData = serverData{}
+	dbData, err = database.FetchRecord(database.SERVERCONF_TABLE_NAME, "nm-jwt-secret")
+	if err != nil {
+		return "", err
+	}
+	err = json.Unmarshal([]byte(dbData), &fetchedData)
+	if err != nil {
+		return "", err
+	}
+	return fetchedData.PrivateKey, nil
+}
+
+// StoreJWTSecret - stores server jwt secret if needed
+func StoreJWTSecret(privateKey string) error {
+	var newData = serverData{}
+	var err error
+	var data []byte
+	newData.PrivateKey = privateKey
+	data, err = json.Marshal(&newData)
+	if err != nil {
+		return err
+	}
+	return database.Insert("nm-jwt-secret", string(data), database.SERVERCONF_TABLE_NAME)
+}

main.go

@@ -40,7 +40,6 @@ func main() {
 
 func initialize() { // Client Mode Prereq Check
 	var err error
-
 	if servercfg.GetNodeID() == "" {
 		logger.FatalLog("error: must set NODE_ID, currently blank")
 	}
@@ -49,6 +48,7 @@ func initialize() { // Client Mode Prereq Check
 		logger.FatalLog("Error connecting to database")
 	}
 	logger.Log(0, "database successfully connected")
+	logic.SetJWTSecret()
 
 	err = logic.TimerCheckpoint()
 	if err != nil {