From 789cb27d48b0891f57b14c0ee0df8fb83b33c2ed Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Tue, 15 Feb 2022 09:51:21 -0500 Subject: [PATCH 1/2] added jwt fix --- logic/jwts.go | 23 ++++++++++++++++++++++- logic/serverconf.go | 29 +++++++++++++++++++++++++++++ main.go | 2 +- 3 files changed, 52 insertions(+), 2 deletions(-) diff --git a/logic/jwts.go b/logic/jwts.go index bb3fea06c..54bfbb741 100644 --- a/logic/jwts.go +++ b/logic/jwts.go @@ -2,14 +2,29 @@ package logic import ( "errors" + "fmt" "time" "github.com/golang-jwt/jwt/v4" + "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/servercfg" ) -var jwtSecretKey = []byte("(BytesOverTheWire)") +var jwtSecretKey []byte + +// SetJWTSecret - sets the jwt secret on server startup +func SetJWTSecret() { + currentSecret, jwtErr := FetchJWTSecret() + if jwtErr != nil { + jwtSecretKey = []byte(RandomString(64)) // 512 bit random password + if err := StoreJWTSecret(string(jwtSecretKey)); err != nil { + logger.FatalLog("something went wrong when configuring JWT authentication") + } + } else { + jwtSecretKey = []byte(currentSecret) + } +} // CreateJWT func will used to create the JWT while signing in and signing out func CreateJWT(uuid string, macAddress string, network string) (response string, err error) { @@ -19,6 +34,9 @@ func CreateJWT(uuid string, macAddress string, network string) (response string, Network: network, MacAddress: macAddress, StandardClaims: jwt.StandardClaims{ + Issuer: "Netmaker", + Subject: fmt.Sprintf("node|%s", uuid), + IssuedAt: time.Now().Unix(), ExpiresAt: expirationTime.Unix(), }, } @@ -39,6 +57,9 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s Networks: networks, IsAdmin: isadmin, StandardClaims: jwt.StandardClaims{ + Issuer: "Netmaker", + IssuedAt: time.Now().Unix(), + Subject: fmt.Sprintf("user|%s", username), ExpiresAt: expirationTime.Unix(), }, } diff --git a/logic/serverconf.go b/logic/serverconf.go index 086294722..3b6d8c774 100644 --- a/logic/serverconf.go +++ b/logic/serverconf.go @@ -43,3 +43,32 @@ func FetchPrivKey(serverID string) (string, error) { func RemovePrivKey(serverID string) error { return database.DeleteRecord(database.SERVERCONF_TABLE_NAME, serverID) } + +// FetchJWTSecret - fetches db string from db +func FetchJWTSecret() (string, error) { + var dbData string + var err error + var fetchedData = serverData{} + dbData, err = database.FetchRecord(database.SERVERCONF_TABLE_NAME, "nm-jwt-secret") + if err != nil { + return "", err + } + err = json.Unmarshal([]byte(dbData), &fetchedData) + if err != nil { + return "", err + } + return fetchedData.PrivateKey, nil +} + +// StoreJWTSecret - stores server client WireGuard privatekey if needed +func StoreJWTSecret(privateKey string) error { + var newData = serverData{} + var err error + var data []byte + newData.PrivateKey = privateKey + data, err = json.Marshal(&newData) + if err != nil { + return err + } + return database.Insert("nm-jwt-secret", string(data), database.SERVERCONF_TABLE_NAME) +} diff --git a/main.go b/main.go index 48ce82eb7..bf847a5db 100644 --- a/main.go +++ b/main.go @@ -40,7 +40,6 @@ func main() { func initialize() { // Client Mode Prereq Check var err error - if servercfg.GetNodeID() == "" { logger.FatalLog("error: must set NODE_ID, currently blank") } @@ -49,6 +48,7 @@ func initialize() { // Client Mode Prereq Check logger.FatalLog("Error connecting to database") } logger.Log(0, "database successfully connected") + logic.SetJWTSecret() err = logic.TimerCheckpoint() if err != nil { From e9f848c62a249f4305bc408edd17adb042dcbe21 Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Tue, 15 Feb 2022 09:54:36 -0500 Subject: [PATCH 2/2] fix comment --- logic/serverconf.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logic/serverconf.go b/logic/serverconf.go index 3b6d8c774..0ba1e258a 100644 --- a/logic/serverconf.go +++ b/logic/serverconf.go @@ -44,7 +44,7 @@ func RemovePrivKey(serverID string) error { return database.DeleteRecord(database.SERVERCONF_TABLE_NAME, serverID) } -// FetchJWTSecret - fetches db string from db +// FetchJWTSecret - fetches jwt secret from db func FetchJWTSecret() (string, error) { var dbData string var err error @@ -60,7 +60,7 @@ func FetchJWTSecret() (string, error) { return fetchedData.PrivateKey, nil } -// StoreJWTSecret - stores server client WireGuard privatekey if needed +// StoreJWTSecret - stores server jwt secret if needed func StoreJWTSecret(privateKey string) error { var newData = serverData{} var err error