|
|
@@ -62,17 +62,20 @@ func hashAuthenticated(hash string) bool {
|
|
|
|
|
|
// check the validity of the token
|
|
|
func CheckToken(token string, conn *websocket.Conn, r *http.Request, setup bool) (bool, string, error) {
|
|
|
+ // no token? we have problem.
|
|
|
if token == "" {
|
|
|
authStatus := false
|
|
|
if setup {
|
|
|
authStatus = true
|
|
|
}
|
|
|
+ // you take token.
|
|
|
newToken, err := CreateToken(conn, r, setup)
|
|
|
if err != nil {
|
|
|
return false, "", err
|
|
|
}
|
|
|
return authStatus, newToken["token"], nil
|
|
|
} else {
|
|
|
+ // great you have token. we see if valid.
|
|
|
conf := config.Conf()
|
|
|
key := conf.KeyFile
|
|
|
res, err := KeyfileDecrypt(token, key)
|
|
|
@@ -80,6 +83,7 @@ func CheckToken(token string, conn *websocket.Conn, r *http.Request, setup bool)
|
|
|
config.Logger.Warn("Invalid token provided")
|
|
|
return false, "", err
|
|
|
} else {
|
|
|
+ // so you decrypt. now we see the useragent and ip.
|
|
|
var ip string
|
|
|
if forwarded := r.Header.Get("X-Forwarded-For"); forwarded != "" {
|
|
|
ip = strings.Split(forwarded, ",")[0]
|
|
|
@@ -89,6 +93,7 @@ func CheckToken(token string, conn *websocket.Conn, r *http.Request, setup bool)
|
|
|
userAgent := r.Header.Get("User-Agent")
|
|
|
hashed := sha256.Sum256([]byte(token))
|
|
|
hash := hex.EncodeToString(hashed[:])
|
|
|
+ // you in auth map?
|
|
|
if hashAuthenticated(hash) {
|
|
|
if ip == res["ip"] && userAgent == res["user_agent"] {
|
|
|
return true, res["id"], nil
|
reid