diff --git a/backend/.gitignore b/backend/.gitignore index 4264f2fd..747bf72a 100644 --- a/backend/.gitignore +++ b/backend/.gitignore @@ -1,2 +1,4 @@ .env -*.sql \ No newline at end of file +*.sql +fly.toml +Dockerfile \ No newline at end of file diff --git a/backend/handlers/auth_api.go b/backend/handlers/auth_api.go index 9d368b55..accd0f4d 100644 --- a/backend/handlers/auth_api.go +++ b/backend/handlers/auth_api.go @@ -73,7 +73,7 @@ func LoginHandler(c *fiber.Ctx) error { response.Token = token // Setting the token in a secure cookie - cookie := services.GenerateCookie(token) + cookie := services.GenerateLoginCookie(token) c.Cookie(&cookie) return c.JSON(response) diff --git a/backend/handlers/oauth_api.go b/backend/handlers/oauth_api.go index adf5fc26..beac73f5 100644 --- a/backend/handlers/oauth_api.go +++ b/backend/handlers/oauth_api.go @@ -69,7 +69,7 @@ func GetGoogleCallbackHandler(conf *oauth2.Config) fiber.Handler { clientAddr := fmt.Sprintf("%s/%s=%s", os.Getenv("CLIENT_ADRR"), os.Getenv("CLIENT_REDIRECT_ENDPOINT"), loginToken) // Setting the token in a secure cookie - cookie := services.GenerateCookie(loginToken) + cookie := services.GenerateLoginCookie(loginToken) c.Cookie(&cookie) return c.Redirect(clientAddr) } diff --git a/backend/main.go b/backend/main.go index fc56ec1b..730e82ee 100644 --- a/backend/main.go +++ b/backend/main.go @@ -30,6 +30,7 @@ func main() { setTokenExpirationTime() services.AWS_REGION = os.Getenv("AWS_REGION") services.S3_BUCKET_NAME = os.Getenv("AWS_BUCKET_NAME") + middlewares.TOKEN_COOKIE = os.Getenv("TOKEN_COOKIE") // Initialize database connection if err := database.Connect(); err != nil { diff --git a/backend/middlewares/auth_middleware.go b/backend/middlewares/auth_middleware.go index 255f69dc..64970aea 100644 --- a/backend/middlewares/auth_middleware.go +++ b/backend/middlewares/auth_middleware.go @@ -4,7 +4,6 @@ import ( "chulbong-kr/database" "database/sql" "log" - "strings" "time" "github.com/gofiber/fiber/v2" @@ -20,28 +19,28 @@ import ( // SameSite: "Lax", // or "Strict" depending on your requirements // }) +var TOKEN_COOKIE string + // AuthMiddleware checks for a valid opaque token in the Authorization header func AuthMiddleware(c *fiber.Ctx) error { - authHeader := c.Get("Authorization") + // check for the cookie + jwtCookie := c.Cookies(TOKEN_COOKIE) + if jwtCookie == "" { + return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "No authorization token provided"}) + } + token := jwtCookie - var token string + // // Check if the Authorization header is provided + // if authHeader != "" { + // // Split the Authorization header to extract the token + // parts := strings.SplitN(authHeader, " ", 2) + // if len(parts) != 2 || !strings.EqualFold(parts[0], "Bearer") { + // return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Authorization header format must be Bearer {token}"}) + // } + // token = parts[1] // The actual token part + // } else { - // Check if the Authorization header is provided - if authHeader != "" { - // Split the Authorization header to extract the token - parts := strings.SplitN(authHeader, " ", 2) - if len(parts) != 2 || !strings.EqualFold(parts[0], "Bearer") { - return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "Authorization header format must be Bearer {token}"}) - } - token = parts[1] // The actual token part - } else { - // If Authorization header is missing, check for the cookie - jwtCookie := c.Cookies("jwt") - if jwtCookie == "" { - return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"error": "No authorization token provided"}) - } - token = jwtCookie - } + // } query := `SELECT UserID, ExpiresAt FROM OpaqueTokens WHERE OpaqueToken = ?` var userID int diff --git a/backend/services/token_service.go b/backend/services/token_service.go index b4d4ba3d..191cc88d 100644 --- a/backend/services/token_service.go +++ b/backend/services/token_service.go @@ -2,6 +2,7 @@ package services import ( "chulbong-kr/database" + "chulbong-kr/middlewares" "crypto/rand" "encoding/base64" "encoding/hex" @@ -58,9 +59,9 @@ func GenerateState() string { return base64.URLEncoding.EncodeToString(b) } -func GenerateCookie(value string) fiber.Cookie { +func GenerateLoginCookie(value string) fiber.Cookie { return fiber.Cookie{ - Name: "jwt", + Name: middlewares.TOKEN_COOKIE, Value: value, // The token generated for the user Expires: time.Now().Add(24 * time.Hour), // Set the cookie to expire in 24 hours HTTPOnly: true, // Ensure the cookie is not accessible through client-side scripts