Update libraries, changed small details

Author: tbocek

example.env .example.env

@@ -1,19 +1,27 @@
-ENV=local
+## General settings
 PORT=9081
-#dummy sym key
-HS256=LZ2TY3NKFKLJJFQY3WU56RPZ7KBX2NU4VIIIRC42DZGJJCN65N3A====
+ENV=local
+HS256=test-seed
+DEV=test
+
+#Set admins by email
 ADMINS=[email protected];[email protected]
 
+#DB settings
 DB_PATH=postgresql://postgres:password@db:5432/flatfeestack?sslmode=disable
 DB_DRIVER=postgres
 DB_SCRIPTS=init.sql
+#This inserts dummy users
+USERS=[email protected]:pw2;tom:pw1
 
+#Email settings
 EMAIL_FROM=[email protected]
 EMAIL_FROM_NAME=Flatfeestack
 EMAIL_URL=https://nope.ch/mailer
 EMAIL_TOKEN=%%EMAIL_TOKEN%%
 EMAIL_PREFIX=https://test.flatfeestack.io
 
+#Auth specific settings
 PWFLOW=true
 DETAILS=true
 USER_ENDPOINTS=true

Dockerfile

@@ -1,17 +1,18 @@
 FROM golang:1.19-alpine AS base
 RUN apk update && apk add --update make gcc musl-dev
 WORKDIR /app
-COPY go.* Makefile cache ./
+COPY go.* cache ./
+RUN go mod download
 #here we build cache.go, as this takes ages to compile and does not change
-RUN make dep && make build && rm fastauth cache.go
+RUN go build && rm fastauth cache.go
 
 FROM base as builder
 COPY *.go *.sql login.html banner.txt ./
-RUN make build test
+RUN go build
 
-FROM gcr.io/distroless/static
-WORKDIR /home/nonroot
+FROM alpine:3.17
+RUN addgroup -S nonroot -g 31323 && adduser -S nonroot -G nonroot -u 31323
+WORKDIR /app
 COPY --from=builder /app/login.html /app/banner.txt /app/fastauth /app/rmdb.sql /app/init.sql ./
 USER nonroot
-VOLUME /home/nonroot/fastauth.db
-ENTRYPOINT ["/home/nonroot/fastauth"]
+ENTRYPOINT ["/app/fastauth"]

Makefile

@@ -9,12 +9,12 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"github.com/go-jose/go-jose/v3"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/schema"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/scrypt"
 	"golang.org/x/text/language"
-	"gopkg.in/square/go-jose.v2"
 	"html/template"
 	"io"
 	"io/ioutil"
@@ -24,6 +24,10 @@ import (
 	"strings"
 )
 
+type Timewarp struct {
+	Offset int `json:"offset"`
+}
+
 type EmailRequest struct {
 	MailTo      string `json:"mail_to,omitempty"`
 	Subject     string `json:"subject"`
@@ -926,8 +930,8 @@ func oauth(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-//https://tools.ietf.org/html/rfc6749#section-1.3.1
-//https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce
+// https://tools.ietf.org/html/rfc6749#section-1.3.1
+// https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce
 func authorize(w http.ResponseWriter, r *http.Request) {
 	keys := r.URL.Query()
 	rt := keys.Get("response_type")
@@ -1006,6 +1010,13 @@ func logout(w http.ResponseWriter, r *http.Request, claims *TokenClaims) {
 	}
 }
 
+func timeWarpOffset(w http.ResponseWriter, _ *http.Request, _ string) {
+	tw := Timewarp{
+		Offset: secondsAdd,
+	}
+	writeJson(w, tw)
+}
+
 func timeWarp(w http.ResponseWriter, r *http.Request, adminEmail string) {
 	m := mux.Vars(r)
 	h := m["hours"]
@@ -1019,7 +1030,8 @@ func timeWarp(w http.ResponseWriter, r *http.Request, adminEmail string) {
 		return
 	}
 
-	hoursAdd += hours
+	seconds := hours * 60 * 60
+	secondsAdd += seconds
 	log.Printf("time warp: %v", timeNow())
 
 	//since we warp, the token will be invalid
@@ -1073,3 +1085,11 @@ func updateUser(w http.ResponseWriter, r *http.Request, admin string) {
 	}
 	w.WriteHeader(http.StatusNoContent)
 }
+
+func writeJson(w http.ResponseWriter, obj interface{}) {
+	w.Header().Set("Content-Type", "application/json")
+	var err = json.NewEncoder(w).Encode(obj)
+	if err != nil {
+		writeErr(w, http.StatusBadRequest, "invalid_grant", "not-found", "Could encode json: %v", err)
+	}
+}

controller.go

@@ -3,8 +3,8 @@ package main
 import (
 	"flag"
 	"fmt"
+	"github.com/go-jose/go-jose/v3/jwt"
 	"github.com/joho/godotenv"
-	"gopkg.in/square/go-jose.v2/jwt"
 	"log"
 	"net/http"
 	"os"

example-hello/hello.go

@@ -6,9 +6,9 @@ import (
 	"flag"
 	"fmt"
 	"github.com/domodwyer/mailyak/v3"
+	"github.com/go-jose/go-jose/v3/jwt"
 	"github.com/joho/godotenv"
 	log "github.com/sirupsen/logrus"
-	"gopkg.in/square/go-jose.v2/jwt"
 	"net/http"
 	"net/smtp"
 	"os"

example-mail/mailer.go

@@ -9,9 +9,9 @@ import (
 	"encoding/hex"
 	"flag"
 	"fmt"
+	"github.com/go-jose/go-jose/v3"
+	"github.com/go-jose/go-jose/v3/jwt"
 	"golang.org/x/crypto/ed25519"
-	"gopkg.in/square/go-jose.v2"
-	"gopkg.in/square/go-jose.v2/jwt"
 	"log"
 	"os"
 	"strings"

example-tokenizer/tokenizer.go

@@ -15,8 +15,8 @@ import (
 	"encoding/base32"
 	"flag"
 	"fmt"
+	"github.com/go-jose/go-jose/v3/jwt"
 	"github.com/joho/godotenv"
-	"gopkg.in/square/go-jose.v2/jwt"
 	"log"
 	"net/http"
 	"os"

example-upload/fileupload.go

@@ -1,11 +1,14 @@
 module example-upload
 
-go 1.16
+go 1.19
+
+require (
+	github.com/go-jose/go-jose/v3 v3.0.0
+	github.com/joho/godotenv v1.4.0
+)
 
 require (
 	github.com/google/go-cmp v0.5.6 // indirect
-	github.com/joho/godotenv v1.3.0
 	github.com/stretchr/testify v1.7.0 // indirect
 	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0
 )

example-upload/go.mod

@@ -1,25 +1,27 @@
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
+github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg=
+github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

example-upload/go.sum

@@ -1,38 +1,38 @@
 module fastauth
 
-go 1.17
+go 1.19
 
 require (
 	github.com/dimiro1/banner v1.1.0
-	github.com/domodwyer/mailyak/v3 v3.3.3
-	github.com/felixge/httpsnoop v1.0.2
-	github.com/go-ldap/ldap/v3 v3.4.1
+	github.com/domodwyer/mailyak/v3 v3.3.4
+	github.com/felixge/httpsnoop v1.0.3
+	github.com/go-jose/go-jose/v3 v3.0.0
+	github.com/go-ldap/ldap/v3 v3.4.4
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/schema v1.2.0
 	github.com/joho/godotenv v1.4.0
-	github.com/kjk/dailyrotate v0.0.0-20191009232928-ae3b0facf5a6
 	github.com/lib/pq v1.10.4
-	github.com/mattn/go-sqlite3 v1.14.9
-	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.7.0
+	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
+	github.com/mattn/go-sqlite3 v1.14.16
+	github.com/sirupsen/logrus v1.9.0
+	github.com/stretchr/testify v1.8.1
 	github.com/vjeantet/ldapserver v1.0.2-0.20201119091145-9f1711e226a4
-	github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
-	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
-	golang.org/x/text v0.3.7
-	gopkg.in/square/go-jose.v2 v2.6.0
+	github.com/xlzd/gotp v0.1.0
+	golang.org/x/crypto v0.3.0
+	golang.org/x/text v0.4.0
+	github.com/go-jose/go-jose/v3 v3.0.0
 )
 
 require (
-	github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20200609044655-c4b36f998cf2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/go-asn1-ber/asn1-ber v1.5.1 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
 	github.com/google/go-cmp v0.5.2 // indirect
 	github.com/kr/pretty v0.1.0 // indirect
-	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 // indirect
 	github.com/mattn/go-isatty v0.0.12 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sys v0.0.0-20200929083018-4d22bbb62b3c // indirect
+	golang.org/x/sys v0.2.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )