removing vulnerability

functions/jwt.go

@@ -3,8 +3,7 @@ package functions
 import (
 	"errors"
 	"time"
-
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/servercfg"
 )
@@ -31,7 +30,7 @@ func CreateJWT(macaddress string, network string) (response string, err error) {
 }
 
 func CreateUserJWT(username string, networks []string, isadmin bool) (response string, err error) {
-	expirationTime := time.Now().Add(60 * 24 * time.Minute)
+	expirationTime := time.Now().Add(60 * 12 * time.Minute)
 	claims := &models.UserClaims{
 		UserName: username,
 		Networks: networks,

go.mod

@@ -5,9 +5,9 @@ go 1.15
 require (
 	github.com/aws/aws-sdk-go v1.34.28
 	github.com/davecgh/go-spew v1.1.1
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-playground/validator/v10 v10.5.0
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.0.0 // indirect
 	github.com/golang/protobuf v1.5.2
 	github.com/gorilla/handlers v1.5.1
 	github.com/gorilla/mux v1.8.0

go.sum

@@ -62,6 +62,8 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe
 github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
 github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
+github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
+github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=

models/extclient.go

@@ -1,38 +1,6 @@
 package models
 
-import (
-	"go.mongodb.org/mongo-driver/bson/primitive"
-)
-//What the client needs to get
-/*
-
-[Interface]
-# The address their computer will use on the network
-Address = 10.0.0.8/32 # The Address they'll use on the network
-PrivateKey = XXXXXXXXXXXXXXXX # The private key they'll use
-
-
-# All of this info can come from the node!!
-[Peer]
-# Ingress Gateway's wireguard public key
-PublicKey = CcZHeaO08z55/x3FXdsSGmOQvZG32SvHlrwHnsWlGTs=
-
-# Public IP address of the Ingress Gateway
-# Use the floating IP address if you created one for your VPN server
-Endpoint = 123.123.123.123:51820
-
-# 10.0.0.0/24 is the VPN sub
-
-*/
-
-
-// External Struct
-// == BACKEND FIELDS ==
-// PrivateKey, PublicKey, Address (Private), LastModified, IngressEndpoint
-// == FRONTEND FIELDS ==
-// ClientID, Network, IngressGateway
 type ExtClient struct {
-	ID             primitive.ObjectID `json:"_id,omitempty" bson:"_id,omitempty"`
 	ClientID       string             `json:"clientid" bson:"clientid"`
 	Description       string             `json:"description" bson:"description"`
 	PrivateKey     string             `json:"privatekey" bson:"privatekey"`

models/structs.go

@@ -1,6 +1,6 @@
 package models
 
-import jwt "github.com/dgrijalva/jwt-go"
+import jwt "github.com/golang-jwt/jwt/v4"
 
 type AuthParams struct {
 	MacAddress string `json:"macaddress"`