capytal/extrovert
1
0
Fork 0
Code Issues Pull Requests Activity

feat(cookies,middleware): constructor functions and encryption error handling

Browse Source
This commit is contained in:
Gustavo "Guz" L. de Mello
2024-07-23 14:29:05 -03:00
parent c3dc549ceb
commit dbfb7e547d
3 changed files with 45 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
internals/middlewares/cookies_crypto.go
View File

@@ -5,12 +5,18 @@ import (
"crypto/cipher" "crypto/cipher"
"crypto/rand" "crypto/rand"
"encoding/base64" "encoding/base64"
"log"
"net/http" "net/http"
"strings" "strings"
) )
type CookiesCryptoMiddleware struct { type CookiesCryptoMiddleware struct {
Key string key string
logger *log.Logger
}
func NewCookiesCryptoMiddleware(key string, logger *log.Logger) CookiesCryptoMiddleware {
return CookiesCryptoMiddleware{key, logger}
} }
func (m CookiesCryptoMiddleware) Serve(handler http.HandlerFunc) http.HandlerFunc { func (m CookiesCryptoMiddleware) Serve(handler http.HandlerFunc) http.HandlerFunc {
@@ -21,26 +27,26 @@ func (m CookiesCryptoMiddleware) Serve(handler http.HandlerFunc) http.HandlerFun
} }
} }
func (m CookiesCryptoMiddleware) encrypt(pt string) string { func (m CookiesCryptoMiddleware) encrypt(pt string) (string, error) {
aes, err := aes.NewCipher([]byte(m.Key)) aes, err := aes.NewCipher([]byte(m.key))
if err != nil { if err != nil {
panic(err) return "", err
} }
gcm, err := cipher.NewGCM(aes) gcm, err := cipher.NewGCM(aes)
if err != nil { if err != nil {
panic(err) return "", err
} }
nonce := make([]byte, gcm.NonceSize()) nonce := make([]byte, gcm.NonceSize())
_, err = rand.Read(nonce) _, err = rand.Read(nonce)
if err != nil { if err != nil {
panic(err) return "", err
} }
ct := gcm.Seal(nonce, nonce, []byte(pt), nil) ct := gcm.Seal(nonce, nonce, []byte(pt), nil)
return base64.URLEncoding.EncodeToString(ct) return base64.URLEncoding.EncodeToString(ct), nil
} }
func (m CookiesCryptoMiddleware) encryptCookies(w http.ResponseWriter) { func (m CookiesCryptoMiddleware) encryptCookies(w http.ResponseWriter) {
@@ -58,7 +64,14 @@ func (m CookiesCryptoMiddleware) encryptCookies(w http.ResponseWriter) {
cn, v := strings.Split(c, "=")[0], strings.Split(c, "=")[1] cn, v := strings.Split(c, "=")[0], strings.Split(c, "=")[1]
v = m.encrypt(strings.Trim(v, "\"")) v, err := m.encrypt(strings.Trim(v, "\""))
if err != nil {
m.logger.Panicf(
"ERRO: Unable to encrypt cookie \"%s\", skipping. Error: %s",
cn, err.Error(),
)
continue
}
c = cn + "=\"" + v + "\";" + attrs c = cn + "=\"" + v + "\";" + attrs
@@ -66,21 +79,21 @@ func (m CookiesCryptoMiddleware) encryptCookies(w http.ResponseWriter) {
} }
} }
func (m CookiesCryptoMiddleware) decrypt(ct string) string { func (m CookiesCryptoMiddleware) decrypt(ct string) (string, error) {
cb, err := base64.URLEncoding.DecodeString(ct) cb, err := base64.URLEncoding.DecodeString(ct)
if err != nil { if err != nil {
panic(err) return "", err
} }
ct = string(cb) ct = string(cb)
aes, err := aes.NewCipher([]byte(m.Key)) aes, err := aes.NewCipher([]byte(m.key))
if err != nil { if err != nil {
panic(err) return "", err
} }
gcm, err := cipher.NewGCM(aes) gcm, err := cipher.NewGCM(aes)
if err != nil { if err != nil {
panic(err) return "", err
} }
nonceSize := gcm.NonceSize() nonceSize := gcm.NonceSize()
@@ -88,17 +101,25 @@ func (m CookiesCryptoMiddleware) decrypt(ct string) string {
pt, err := gcm.Open(nil, []byte(nonce), []byte(ct), nil) pt, err := gcm.Open(nil, []byte(nonce), []byte(ct), nil)
if err != nil { if err != nil {
panic(err) return "", err
} }
return string(pt) return string(pt), nil
} }
func (m CookiesCryptoMiddleware) decryptCookies(r *http.Request) { func (m CookiesCryptoMiddleware) decryptCookies(r *http.Request) {
rcookies := r.Cookies() rcookies := r.Cookies()
r.Header.Del("Cookie") r.Header.Del("Cookie")
for _, c := range rcookies { for _, c := range rcookies {
c.Value = m.decrypt(c.Value) cv, err := m.decrypt(c.Value)
if err != nil {
m.logger.Panicf(
"ERRO: Unable to decrypt cookie \"%s\", skipping: Error: %s",
c.Name, err.Error(),
)
continue
}
c.Value = cv
r.AddCookie(c) r.AddCookie(c)
} }
} }

8
internals/middlewares/development.go
View File

@@ -6,12 +6,16 @@ import (
) )
type DevelopmentMiddleware struct { type DevelopmentMiddleware struct {
Logger *log.Logger logger *log.Logger
}
func NewDevelopmentMiddleware(logger *log.Logger) DevelopmentMiddleware {
return DevelopmentMiddleware{logger}
} }
func (m DevelopmentMiddleware) Serve(handler http.HandlerFunc) http.HandlerFunc { func (m DevelopmentMiddleware) Serve(handler http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
m.Logger.Printf("New request: %s", r.URL.Path) m.logger.Printf("New request: %s", r.URL.Path)
handler(w, r) handler(w, r)

4
main.go
View File

@@ -26,9 +26,9 @@ func main() {
r := router.NewRouter(routes.ROUTES) r := router.NewRouter(routes.ROUTES)
if *dev { if *dev {
r.AddMiddleware(middlewares.DevelopmentMiddleware{Logger: logger}) r.AddMiddleware(middlewares.NewDevelopmentMiddleware(logger))
} }
r.AddMiddleware(middlewares.CookiesCryptoMiddleware{os.Getenv("CRYPTO_COOKIES_KEY")}) r.AddMiddleware(middlewares.NewCookiesCryptoMiddleware(os.Getenv("CRYPTO_COOKIES_KEY"), logger))
err := http.ListenAndServe(fmt.Sprintf(":%v", *port), r) err := http.ListenAndServe(fmt.Sprintf(":%v", *port), r)
if err != nil { if err != nil {