ami/tl-vikunja
1
0
Fork 0
Code Activity

feat(api tokens): check if a provided token matched a hashed on in the database

Browse Source
This commit is contained in:
kolaente
2023-08-31 21:39:26 +02:00
parent c88cbaa973
commit fb2a1c59db
3 changed files with 57 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/models/api_tokens.go
View File

@ -39,7 +39,7 @@ type APIToken struct {
// A human-readable name for this token
Title string `xorm:"not null" json:"title" valid:"required"`
// The actual api key. Only visible after creation.
Token string `xorm:"-" json:"key,omitempty"`
Token string `xorm:"-" json:"token,omitempty"`
TokenSalt string `xorm:"not null" json:"-"`
TokenHash string `xorm:"not null unique" json:"-"`
TokenLastEight string `xorm:"not null index varchar(8)" json:"-"`
@ -59,6 +59,8 @@ type APIToken struct {
web.CRUDable `xorm:"-" json:"-"`
}
const APITokenPrefix = `tk_`
func (*APIToken) TableName() string {
return "api_tokens"
}
@ -94,7 +96,7 @@ func (t *APIToken) Create(s *xorm.Session, a web.Auth) (err error) {
return err
}
t.TokenSalt = salt
t.Token = "tk_" + hex.EncodeToString(token)
t.Token = APITokenPrefix + hex.EncodeToString(token)
t.TokenHash = HashToken(t.Token, t.TokenSalt)
t.TokenLastEight = t.Token[len(t.Token)-8:]