SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Bootstrapped the creation and loading of session keys to lighten main.

Browse Source
This commit is contained in:
Ross Healy
2025-04-16 08:21:02 +01:00
parent 0a21973237
commit 4bb3b58ddb
8 changed files with 95 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
bootstrap/session.go Normal file
View File

@@ -0,0 +1,61 @@
package bootstrap
import (
"crypto/rand"
"os"
securityhandlers "synlotto-website/handlers/security"
helpers "synlotto-website/helpers/session"
"synlotto-website/logging"
"synlotto-website/models"
)
func InitSession(cfg *models.Config) error {
authPath := cfg.Session.AuthKeyPath
encPath := cfg.Session.EncryptionKeyPath
if _, err := os.Stat(authPath); os.IsNotExist(err) {
logging.Info("⚠️ Auth key not found, creating: %s", authPath)
key, err := generateRandomBytes(32)
if err != nil {
return err
}
encoded := helpers.EncodeKey(key)
err = os.WriteFile(authPath, []byte(encoded), 0600)
if err != nil {
return err
}
}
if _, err := os.Stat(encPath); os.IsNotExist(err) {
logging.Info("⚠️ Encryption key not found, creating: %s", encPath)
key, err := generateRandomBytes(32)
if err != nil {
return err
}
encoded := helpers.EncodeKey(key)
err = os.WriteFile(encPath, []byte(encoded), 0600)
if err != nil {
return err
}
}
return securityhandlers.LoadSessionKeys(
authPath,
encPath,
cfg.Session.Name,
cfg.HttpServer.ProductionMode,
)
}
func generateRandomBytes(length int) ([]byte, error) {
b := make([]byte, length)
_, err := rand.Read(b)
if err != nil {
logging.Error("failed to generate random bytes: %w", err)
return nil, err
}
return b, nil
}

23
handlers/security/session.go
View File

@@ -2,6 +2,7 @@ package security
import ( import (
"bytes" "bytes"
"encoding/base64"
"encoding/gob" "encoding/gob"
"fmt" "fmt"
"net/http" "net/http"
@@ -25,21 +26,27 @@ func init() {
func LoadSessionKeys(authPath, encryptionPath, name string, isProduction bool) error { func LoadSessionKeys(authPath, encryptionPath, name string, isProduction bool) error {
var err error var err error
authKey, err = os.ReadFile(authPath)
rawAuth, err := os.ReadFile(authPath)
if err != nil { if err != nil {
return fmt.Errorf("error loading auth key: %w", err) return fmt.Errorf("error reading auth key: %w", err)
}
authKey, err = base64.StdEncoding.DecodeString(string(bytes.TrimSpace(rawAuth)))
if err != nil {
return fmt.Errorf("error decoding auth key: %w", err)
} }
encryptKey, err = os.ReadFile(encryptionPath) rawEnc, err := os.ReadFile(encryptionPath)
if err != nil { if err != nil {
return fmt.Errorf("error loading encryption key: %w", err) return fmt.Errorf("error reading encryption key: %w", err)
}
encryptKey, err = base64.StdEncoding.DecodeString(string(bytes.TrimSpace(rawEnc)))
if err != nil {
return fmt.Errorf("error decoding encryption key: %w", err)
} }
authKey = bytes.TrimSpace(authKey)
encryptKey = bytes.TrimSpace(encryptKey)
if len(authKey) != 32 || len(encryptKey) != 32 { if len(authKey) != 32 || len(encryptKey) != 32 {
return fmt.Errorf("auth and encryption keys must be 32 bytes each") return fmt.Errorf("auth and encryption keys must be 32 bytes each (got auth=%d, enc=%d)", len(authKey), len(encryptKey))
} }
sessionStore = sessions.NewCookieStore(authKey, encryptKey) sessionStore = sessions.NewCookieStore(authKey, encryptKey)

7
helpers/session/encoding.go Normal file
View File

@@ -0,0 +1,7 @@
package helpers
import "encoding/base64"
func EncodeKey(b []byte) string {
return base64.StdEncoding.EncodeToString(b)
}

1
internal/sessionkeys/auth.key Normal file
View File

@@ -0,0 +1 @@
eR/+k+Oc6xqi0Petbxgf282UXQiuNz99mx/yak3+Ekc=

1
internal/sessionkeys/enc.key Normal file
View File

@@ -0,0 +1 @@
1wYNu1oHCCG8vR35vperPFSyz/a2bq2nMddEnUd1lOI=

4
logging/config.go
View File

@@ -10,8 +10,8 @@ import (
func LogConfig(config *models.Config) { func LogConfig(config *models.Config) {
safeConfig := *config safeConfig := *config
safeConfig.CSRF.CSRFKey = "[REDACTED]" safeConfig.CSRF.CSRFKey = "[REDACTED]"
safeConfig.Session.SessionAuthKey = "[REDACTED]" safeConfig.Session.AuthKeyPath = "[REDACTED]"
safeConfig.Session.SessionEncryptionKey = "[REDACTED]" safeConfig.Session.EncryptionKeyPath = "[REDACTED]"
cfg, err := json.MarshalIndent(safeConfig, "", " ") cfg, err := json.MarshalIndent(safeConfig, "", " ")
if err != nil { if err != nil {

5
main.go
View File

@@ -27,6 +27,11 @@ func main() {
db := storage.InitDB("synlotto.db") db := storage.InitDB("synlotto.db")
models.SetDB(db) // Should be in storage not models. models.SetDB(db) // Should be in storage not models.
err = bootstrap.InitSession(appState.Config)
if err != nil {
logging.Error("❌ Failed to init session: %v", err)
}
err = securityhandlers.InitCSRFProtection([]byte(appState.Config.CSRF.CSRFKey), appState.Config.HttpServer.ProductionMode) err = securityhandlers.InitCSRFProtection([]byte(appState.Config.CSRF.CSRFKey), appState.Config.HttpServer.ProductionMode)
if err != nil { if err != nil {
logging.Error("Failed to init CSRF: %v", err) logging.Error("Failed to init CSRF: %v", err)

6
models/config.go
View File

@@ -12,8 +12,8 @@ type Config struct {
} `json:"csrf"` } `json:"csrf"`
Session struct { Session struct {
SessionAuthKey string `json:"authKey"` AuthKeyPath string `json:"authKeyPath"`
SessionEncryptionKey string `json:"encryptionKey"` EncryptionKeyPath string `json:"encryptionKeyPath"`
SessionName string `json:"sessionName"` Name string `json:"sessionName"`
} `json:"session"` } `json:"session"`
} }