diff --git a/assume-role.go b/assume-role.go index 237601e..e0c28a0 100644 --- a/assume-role.go +++ b/assume-role.go @@ -2,6 +2,7 @@ package main import ( "context" + "crypto/rsa" "encoding/json" "fmt" "io" @@ -26,6 +27,8 @@ type AssumeRoleResponse struct { Token string `json:"token"` } +var privateKey *rsa.PrivateKey + func assumeRole(w http.ResponseWriter, r *http.Request) { log.Println("Assume Role Request") @@ -131,7 +134,7 @@ func assumeRole(w http.ResponseWriter, r *http.Request) { // Prevent duplication of roles with the same name for the same account - checkExisting := pool.QueryRow(context.Background(), + checkExisting := libshared.Pool.QueryRow(context.Background(), "SELECT id FROM roles WHERE accountid = $1 AND rolename = $2", claims.Account, role.Rolename) @@ -146,7 +149,7 @@ func assumeRole(w http.ResponseWriter, r *http.Request) { fmt.Println("Role ID", existingRoleID) - roleToken, err := createJWT(secret, claims.Account, role.Rolename) + roleToken, err := libshared.CreateJWT(privateKey, claims.Account, role.Rolename, "role") if err != nil { log.Println("Error creating JWT:", err) w.WriteHeader(http.StatusInternalServerError) diff --git a/create-role.go b/create-role.go index 00c5c7a..3dadc9b 100644 --- a/create-role.go +++ b/create-role.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "io" + "libshared" "log" "net/http" "strings" @@ -126,7 +127,7 @@ func createRole(w http.ResponseWriter, r *http.Request) { log.Println("Description:", role.Description) // Prevent duplication of roles with the same name for the same account - checkExisting := pool.QueryRow(context.Background(), + checkExisting := libshared.Pool.QueryRow(context.Background(), "SELECT FROM roles WHERE accountid = $1 AND rolename = $2", claims.Account, role.Rolename) err = checkExisting.Scan() @@ -136,7 +137,7 @@ func createRole(w http.ResponseWriter, r *http.Request) { return } - _, err = pool.Exec( + _, err = libshared.Pool.Exec( context.Background(), "INSERT INTO roles (accountid, rolename, description) VALUES ($1, $2, $3)", claims.Account, role.Rolename, role.Description) diff --git a/db.go b/db.go deleted file mode 100644 index fc677c2..0000000 --- a/db.go +++ /dev/null @@ -1,38 +0,0 @@ -package main - -import ( - "context" - "fmt" - "log" - "os" - - "github.com/jackc/pgx/v5/pgxpool" -) - -var pool *pgxpool.Pool - -func getDbPool() *pgxpool.Pool { - // Construct the connection string - // Note: Ensure your Docker Compose env vars match these keys! - dburl := fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable", - os.Getenv("POSTGRES_USER"), - os.Getenv("POSTGRES_PASSWORD"), - os.Getenv("POSTGRES_HOSTNAME"), - os.Getenv("POSTGRES_DB"), - ) - - var err error - // Use pgxpool.New instead of Connect for v5 - pool, err = pgxpool.New(context.Background(), dburl) - if err != nil { - log.Fatalf("Unable to create connection pool: %v", err) - } - - // Ping the database to verify the connection is actually live - err = pool.Ping(context.Background()) - if err != nil { - log.Fatalf("Unable to ping database: %v", err) - } - - return pool -} diff --git a/get-role-token.go b/get-role-token.go index dcb69ce..9866ca1 100644 --- a/get-role-token.go +++ b/get-role-token.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "io" + "libshared" "log" "net/http" "strings" @@ -90,7 +91,7 @@ func getRoleToken(w http.ResponseWriter, r *http.Request) { log.Println("Authentication would taken place here") // Check if policy with the same name already exists for the account - checkExisting := pool.QueryRow(context.Background(), + checkExisting := libshared.Pool.QueryRow(context.Background(), "SELECT FROM roles WHERE accountid = $1 AND rolename = $2", claims.Account, role.RoleName) log.Println("checkExisting:", role.RoleName) @@ -100,7 +101,7 @@ func getRoleToken(w http.ResponseWriter, r *http.Request) { return } - usertoken, err := createJWT(secret, claims.Account, role.RoleName) + usertoken, err := libshared.CreateJWT(privateKey, claims.Account, role.RoleName, "role") if err != nil { w.WriteHeader(http.StatusInternalServerError) return diff --git a/jwt.go b/jwt.go deleted file mode 100644 index 74dd48b..0000000 --- a/jwt.go +++ /dev/null @@ -1,22 +0,0 @@ -package main - -import ( - "time" - - "github.com/golang-jwt/jwt/v5" -) - -// CreateJWT generates a signed JWT -func createJWT(secret []byte, account string, role string) (string, error) { - claims := jwt.MapClaims{ - "sub": role, // subject (user id) - "exp": time.Now().Add(time.Hour).Unix(), // expiration - "iat": time.Now().Unix(), // issued at - "purpose": "role", - "account": account, - } - - token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - - return token.SignedString(secret) -} diff --git a/main.go b/main.go index b64e0e0..7d4a7ac 100644 --- a/main.go +++ b/main.go @@ -1,6 +1,7 @@ package main import ( + "libshared" "log" "net/http" ) @@ -9,7 +10,14 @@ func LoginHandler(w http.ResponseWriter, r *http.Request) { } func main() { - pool = getDbPool() + + var err error + + libshared.Pool = libshared.GetDbPool() + privateKey, err = libshared.LoadPrivateKey("keys/private.pem") + if err != nil { + log.Fatal("Failed to load private key:", err) + } http.HandleFunc("/role/create-role", createRole) http.HandleFunc("/role/attach-role", attachRole)