Merge pull request #777 from gravitl/hotfix_v0.9.4

added hotfix

Author: 0xdcarns

logic/jwts.go

@@ -5,11 +5,29 @@ import (
 	"time"
 
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/servercfg"
 )
 
-var jwtSecretKey = []byte("(BytesOverTheWire)")
+var jwtSecretKey []byte
+
+// SetJWTSecret - sets the jwt secret on server startup
+func SetJWTSecret() {
+	currentSecret, jwtErr := FetchJWTSecret()
+	if jwtErr != nil {
+		newString, err := GenerateRandomString(64)
+		if err != nil {
+			logger.FatalLog("something went wrong when generating the auth secret")
+		}
+		jwtSecretKey = []byte(newString) // 512 bit random password
+		if err := StoreJWTSecret(string(jwtSecretKey)); err != nil {
+			logger.FatalLog("something went wrong when configuring JWT authentication")
+		}
+	} else {
+		jwtSecretKey = []byte(currentSecret)
+	}
+}
 
 // CreateJWT func will used to create the JWT while signing in and signing out
 func CreateJWT(macaddress string, network string) (response string, err error) {

logic/serverconf.go

@@ -43,3 +43,32 @@ func FetchPrivKey(serverID string) (string, error) {
 func RemovePrivKey(serverID string) error {
 	return database.DeleteRecord(database.SERVERCONF_TABLE_NAME, serverID)
 }
+
+// FetchJWTSecret - fetches jwt secret from db
+func FetchJWTSecret() (string, error) {
+	var dbData string
+	var err error
+	var fetchedData = serverData{}
+	dbData, err = database.FetchRecord(database.SERVERCONF_TABLE_NAME, "nm-jwt-secret")
+	if err != nil {
+		return "", err
+	}
+	err = json.Unmarshal([]byte(dbData), &fetchedData)
+	if err != nil {
+		return "", err
+	}
+	return fetchedData.PrivateKey, nil
+}
+
+// StoreJWTSecret - stores server jwt secret if needed
+func StoreJWTSecret(privateKey string) error {
+	var newData = serverData{}
+	var err error
+	var data []byte
+	newData.PrivateKey = privateKey
+	data, err = json.Marshal(&newData)
+	if err != nil {
+		return err
+	}
+	return database.Insert("nm-jwt-secret", string(data), database.SERVERCONF_TABLE_NAME)
+}

logic/util.go

@@ -2,8 +2,10 @@
 package logic
 
 import (
+	crand "crypto/rand"
 	"encoding/base64"
 	"encoding/json"
+	"math/big"
 	"math/rand"
 	"strconv"
 	"strings"
@@ -278,7 +280,7 @@ func GetPeersList(networkName string, excludeRelayed bool, relayedNodeAddr strin
 
 // RandomString - returns a random string in a charset
 func RandomString(length int) string {
-	const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+	const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789"
 
 	var seededRand *rand.Rand = rand.New(rand.NewSource(time.Now().UnixNano()))
 
@@ -289,6 +291,21 @@ func RandomString(length int) string {
 	return string(b)
 }
 
+// GenerateRandomString - generates random string of n length
+func GenerateRandomString(n int) (string, error) {
+	const chars = "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
+	ret := make([]byte, n)
+	for i := range ret {
+		num, err := crand.Int(crand.Reader, big.NewInt(int64(len(chars))))
+		if err != nil {
+			return "", err
+		}
+		ret[i] = chars[num.Int64()]
+	}
+
+	return string(ret), nil
+}
+
 // == Private Methods ==
 
 func getNetworkEgressAndNodes(networkName string) ([]models.Node, []models.Node, error) {

main.go

@@ -41,6 +41,7 @@ func initialize() { // Client Mode Prereq Check
 		logger.FatalLog("Error connecting to database")
 	}
 	logger.Log(0, "database successfully connected")
+	logic.SetJWTSecret()
 
 	var authProvider = auth.InitializeAuthProvider()
 	if authProvider != "" {