From e333d04e7273756965bd0fe9b1819cbcca1a71ba Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 9 Aug 2021 17:57:40 -0400 Subject: [PATCH] removing vulnerability --- functions/jwt.go | 5 ++--- go.mod | 2 +- go.sum | 2 ++ models/extclient.go | 32 -------------------------------- models/structs.go | 2 +- 5 files changed, 6 insertions(+), 37 deletions(-) diff --git a/functions/jwt.go b/functions/jwt.go index 6e938147b..3c77588d8 100644 --- a/functions/jwt.go +++ b/functions/jwt.go @@ -3,8 +3,7 @@ package functions import ( "errors" "time" - - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt/v4" "github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/servercfg" ) @@ -31,7 +30,7 @@ func CreateJWT(macaddress string, network string) (response string, err error) { } func CreateUserJWT(username string, networks []string, isadmin bool) (response string, err error) { - expirationTime := time.Now().Add(60 * 24 * time.Minute) + expirationTime := time.Now().Add(60 * 12 * time.Minute) claims := &models.UserClaims{ UserName: username, Networks: networks, diff --git a/go.mod b/go.mod index 63118a1fc..977f4a9dc 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,9 @@ go 1.15 require ( github.com/aws/aws-sdk-go v1.34.28 github.com/davecgh/go-spew v1.1.1 - github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/go-playground/validator/v10 v10.5.0 github.com/go-sql-driver/mysql v1.6.0 // indirect + github.com/golang-jwt/jwt/v4 v4.0.0 // indirect github.com/golang/protobuf v1.5.2 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 diff --git a/go.sum b/go.sum index e3243a924..46153e969 100644 --- a/go.sum +++ b/go.sum @@ -62,6 +62,8 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= +github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o= +github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= diff --git a/models/extclient.go b/models/extclient.go index 44c15ab76..5932f7f6d 100644 --- a/models/extclient.go +++ b/models/extclient.go @@ -1,38 +1,6 @@ package models -import ( - "go.mongodb.org/mongo-driver/bson/primitive" -) -//What the client needs to get -/* - -[Interface] -# The address their computer will use on the network -Address = 10.0.0.8/32 # The Address they'll use on the network -PrivateKey = XXXXXXXXXXXXXXXX # The private key they'll use - - -# All of this info can come from the node!! -[Peer] -# Ingress Gateway's wireguard public key -PublicKey = CcZHeaO08z55/x3FXdsSGmOQvZG32SvHlrwHnsWlGTs= - -# Public IP address of the Ingress Gateway -# Use the floating IP address if you created one for your VPN server -Endpoint = 123.123.123.123:51820 - -# 10.0.0.0/24 is the VPN sub - -*/ - - -// External Struct -// == BACKEND FIELDS == -// PrivateKey, PublicKey, Address (Private), LastModified, IngressEndpoint -// == FRONTEND FIELDS == -// ClientID, Network, IngressGateway type ExtClient struct { - ID primitive.ObjectID `json:"_id,omitempty" bson:"_id,omitempty"` ClientID string `json:"clientid" bson:"clientid"` Description string `json:"description" bson:"description"` PrivateKey string `json:"privatekey" bson:"privatekey"` diff --git a/models/structs.go b/models/structs.go index 10309efa4..7a14eac0b 100644 --- a/models/structs.go +++ b/models/structs.go @@ -1,6 +1,6 @@ package models -import jwt "github.com/dgrijalva/jwt-go" +import jwt "github.com/golang-jwt/jwt/v4" type AuthParams struct { MacAddress string `json:"macaddress"`