MCPcopy
hub / github.com/OWASP/Go-SCP / setToken

Function setToken

src/session-management/session.go:25–55  ·  view source on GitHub ↗

create a JWT and put in the clients cookie

(res http.ResponseWriter, req *http.Request)

Source from the content-addressed store, hash-verified

23
24// create a JWT and put in the clients cookie
25func setToken(res http.ResponseWriter, req *http.Request) {
26 // 30m Expiration for non-sensitive applications - OWSAP
27 expireToken := time.Now().Add(time.Minute * 30).Unix()
28 expireCookie := time.Now().Add(time.Minute * 30)
29
30 // token Claims
31 claims := Claims{
32 "TestUser",
33 jwt.StandardClaims{
34 ExpiresAt: expireToken,
35 Issuer: "localhost:9000",
36 },
37 }
38
39 token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
40 signedToken, _ := token.SignedString([]byte("secret"))
41
42 // Set Cookie parameters
43 cookie := http.Cookie{
44 Name: "Auth",
45 Value: signedToken,
46 Expires: expireCookie, // 30 min
47 HttpOnly: true,
48 Path: "/",
49 Domain: "127.0.0.1",
50 Secure: true,
51 }
52
53 http.SetCookie(res, &cookie)
54 http.Redirect(res, req, "/profile", http.StatusTemporaryRedirect)
55}
56
57// middleware to protect private pages
58func validate(page http.HandlerFunc) http.HandlerFunc {

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected