summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--auth/token/add.go (renamed from auth/token.go)45
-rw-r--r--auth/token/generate.go (renamed from auth/gentoken.go)12
-rw-r--r--auth/token/validate.go51
3 files changed, 61 insertions, 47 deletions
diff --git a/auth/token.go b/auth/token/add.go
index 3f831fb..c7f632c 100644
--- a/auth/token.go
+++ b/auth/token/add.go
@@ -1,7 +1,6 @@
-package auth
+package token
 
 import (
-	"errors"
 	"log"
 	"time"
 
@@ -9,48 +8,6 @@ import (
 	"tildegit.org/andinus/perseus/user"
 )
 
-// ValToken will validate the token and returns an error. If error
-// doesn't equal nil then consider token invalid.
-func ValToken(db *sqlite3.DB, uInfo map[string]string) error {
-	// Acquire read lock on the database.
-	db.Mu.RLock()
-	defer db.Mu.RUnlock()
-
-	u := user.User{}
-	u.SetUsername(uInfo["username"])
-
-	// Set user id from username.
-	err := u.GetID(db)
-	if err != nil {
-		log.Printf("auth/token.go: %s\n",
-			"failed to get id from username")
-		return err
-	}
-
-	// Check if user's token is valid.
-	stmt, err := db.Conn.Prepare("SELECT token FROM access WHERE id = ?")
-	if err != nil {
-		log.Printf("auth/token.go: %s\n",
-			"failed to prepare statement")
-		return err
-	}
-	defer stmt.Close()
-
-	var token string
-	err = stmt.QueryRow(u.ID()).Scan(&token)
-	if err != nil {
-		log.Printf("auth/token.go: %s\n",
-			"query failed")
-		return err
-	}
-
-	if token != uInfo["token"] {
-		err = errors.New("token mismatch")
-	}
-
-	return err
-}
-
 // AddToken will generate a random token, add it to database and
 // return the token.
 func AddToken(db *sqlite3.DB, uInfo map[string]string) (token string, err error) {
diff --git a/auth/gentoken.go b/auth/token/generate.go
index 1e01875..0c717d9 100644
--- a/auth/gentoken.go
+++ b/auth/token/generate.go
@@ -1,8 +1,14 @@
-package auth
+package token
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+)
 
 // genToken generates a random token string of length n. Don't forget to
 // seed the random number generator otherwise it won't be random.
 func genToken(n int) string {
-	// Currently this is just a wrapper to genID.
-	return genID(n)
+	b := make([]byte, n/2)
+	rand.Read(b)
+	return base64.StdEncoding.EncodeToString(b)
 }
diff --git a/auth/token/validate.go b/auth/token/validate.go
new file mode 100644
index 0000000..f1ee149
--- /dev/null
+++ b/auth/token/validate.go
@@ -0,0 +1,51 @@
+package token
+
+import (
+	"errors"
+	"log"
+
+	"tildegit.org/andinus/perseus/storage/sqlite3"
+	"tildegit.org/andinus/perseus/user"
+)
+
+// ValToken will validate the token and returns an error. If error
+// doesn't equal nil then consider token invalid.
+func ValToken(db *sqlite3.DB, uInfo map[string]string) error {
+	// Acquire read lock on the database.
+	db.Mu.RLock()
+	defer db.Mu.RUnlock()
+
+	u := user.User{}
+	u.SetUsername(uInfo["username"])
+
+	// Set user id from username.
+	err := u.GetID(db)
+	if err != nil {
+		log.Printf("auth/token.go: %s\n",
+			"failed to get id from username")
+		return err
+	}
+
+	// Check if user's token is valid.
+	stmt, err := db.Conn.Prepare("SELECT token FROM access WHERE id = ?")
+	if err != nil {
+		log.Printf("auth/token.go: %s\n",
+			"failed to prepare statement")
+		return err
+	}
+	defer stmt.Close()
+
+	var token string
+	err = stmt.QueryRow(u.ID()).Scan(&token)
+	if err != nil {
+		log.Printf("auth/token.go: %s\n",
+			"query failed")
+		return err
+	}
+
+	if token != uInfo["token"] {
+		err = errors.New("token mismatch")
+	}
+
+	return err
+}