alex/GoSally
2
0
Fork 0
mirror of https://github.com/akyaiy/GoSally-mvp.git synced 2026-01-03 20:12:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve jwt

Browse Source
This commit is contained in:
Alexey
2025-08-06 16:36:55 +03:00
parent 9e7d99e854
commit c3dcf24e50
3 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
com/Auth/DeleteUnit.lua
View File

@@ -6,6 +6,7 @@ local log = require("internal.log")
local session = require("internal.session") local session = require("internal.session")
local crypt = require("internal.crypt.bcrypt") local crypt = require("internal.crypt.bcrypt")
local jwt = require("internal.crypt.jwt") local jwt = require("internal.crypt.jwt")
local sha256 = require("internal.crypt.sha256")
local params = session.request.params.get() local params = session.request.params.get()
local token = session.request.headers.get("authorization") local token = session.request.headers.get("authorization")
@@ -50,6 +51,10 @@ if data.session_uuid ~= session.id then
return error_response("Access denied") return error_response("Access denied")
end end
if data.key ~= sha256.sum(session.request.address .. session.id .. session.request.headers.get("user-agent", "noagent")) then
return error_response("Access denied")
end
if not params then if not params then
return error_response("no params provided") return error_response("no params provided")
end end

6
com/Auth/GetAccess.lua
View File

@@ -6,6 +6,7 @@ local log = require("internal.log")
local session = require("internal.session") local session = require("internal.session")
local crypt = require("internal.crypt.bcrypt") local crypt = require("internal.crypt.bcrypt")
local jwt = require("internal.crypt.jwt") local jwt = require("internal.crypt.jwt")
local sha256 = require("internal.crypt.sha256")
local params = session.request.params.get() local params = session.request.params.get()
local secret = require("_config").token() local secret = require("_config").token()
@@ -61,7 +62,10 @@ end
local token = jwt.encode({ local token = jwt.encode({
secret = secret, secret = secret,
payload = { session_uuid = session.id, admin_user = params.username }, payload = { session_uuid = session.id,
admin_user = params.username,
key = sha256.sum(session.request.address .. session.id .. session.request.headers.get("user-agent", "noagent"))
},
expires_in = 3600 expires_in = 3600
}) })

5
com/Auth/PutNewUnit.lua
View File

@@ -6,6 +6,7 @@ local log = require("internal.log")
local session = require("internal.session") local session = require("internal.session")
local crypt = require("internal.crypt.bcrypt") local crypt = require("internal.crypt.bcrypt")
local jwt = require("internal.crypt.jwt") local jwt = require("internal.crypt.jwt")
local sha256 = require("internal.crypt.sha256")
local params = session.request.params.get() local params = session.request.params.get()
local token = session.request.headers.get("authorization") local token = session.request.headers.get("authorization")
@@ -50,6 +51,10 @@ if data.session_uuid ~= session.id then
return error_response("Access denied") return error_response("Access denied")
end end
if data.key ~= sha256.sum(session.request.address .. session.id .. session.request.headers.get("user-agent", "noagent")) then
return error_response("Access denied")
end
if not params then if not params then
return error_response("no params provided") return error_response("no params provided")
end end