j3s.sh
+1
-6
lib/token.go
+1
-6
lib/token.go
···
5
5
"encoding/hex"
6
6
)
7
7
8
-
func GenerateSessionToken() string {
9
-
// 32 bytes == 256 bits (AES security margin is 128 bits)
10
-
return generateSecureToken(32)
11
-
}
12
-
13
-
func generateSecureToken(length int) string {
8
+
func GenerateSecureToken(length int) string {
14
9
b := make([]byte, length)
15
10
if _, err := rand.Read(b); err != nil {
16
11
return ""
+9
-4
site.go
+9
-4
site.go
···
275
275
if err != nil {
276
276
return fmt.Errorf("invalid password")
277
277
}
278
-
sessionToken := lib.GenerateSessionToken()
279
-
err = s.db.SetSessionToken(username, sessionToken)
278
+
sessionToken, err := s.db.GetSessionToken(username)
280
279
if err != nil {
281
-
log.Println(err)
280
+
return err
281
+
}
282
+
if sessionToken == "" {
283
+
sessionToken = lib.GenerateSecureToken(32)
284
+
err := s.db.SetSessionToken(username, sessionToken)
285
+
if err != nil {
286
+
return err
287
+
}
282
288
}
283
-
284
289
http.SetCookie(w, &http.Cookie{
285
290
Name: "session_token",
286
291
Expires: time.Now().Add(time.Hour * 24 * 365),
+9
sqlite/sql.go
+9
sqlite/sql.go
···
78
78
return password
79
79
}
80
80
81
+
func (db *DB) GetSessionToken(username string) (string, error) {
82
+
var result sql.NullString
83
+
err := db.sql.QueryRow("SELECT session_token FROM user WHERE username=?", username).Scan(&result)
84
+
if err == sql.ErrNoRows {
85
+
return "", nil
86
+
}
87
+
return result.String, err
88
+
}
89
+
81
90
func (db *DB) SetSessionToken(username string, token string) error {
82
91
_, err := db.sql.Exec("UPDATE user SET session_token=? WHERE username=?", token, username)
83
92
return err