return hashed secret afted creating accesstoken

check will requie id and the hashed secret

diff --git a/blockchain/accesstoken/accesstoken.go b/blockchain/accesstoken/accesstoken.go
index e2b00f3..9929c6f 100644 (file)
--- a/blockchain/accesstoken/accesstoken.go
+++ b/blockchain/accesstoken/accesstoken.go
@@ -72,13 +72,12 @@ func (cs *CredentialStore) Create(ctx context.Context, id, typ string) (*string,
 
        hashedSecret := make([]byte, tokenSize)
        sha3pool.Sum256(hashedSecret, secret)
-       created := time.Now()
 
        token := &Token{
                ID:      id,
                Token:   fmt.Sprintf("%s:%x", id, hashedSecret),
                Type:    typ,
-               Created: created,
+               Created: time.Now(),
        }
 
        value, err := json.Marshal(token)
@@ -86,34 +85,27 @@ func (cs *CredentialStore) Create(ctx context.Context, id, typ string) (*string,
                return nil, err
        }
        cs.DB.Set(key, value)
-       hexsec := fmt.Sprintf("%s:%x", id, secret)
-       return &hexsec, nil
+
+       return &token.Token, nil
 }
 
 // Check returns whether or not an id-secret pair is a valid access token.
-func (cs *CredentialStore) Check(ctx context.Context, id string, secret []byte) (bool, error) {
+func (cs *CredentialStore) Check(ctx context.Context, id string, secret string) (bool, error) {
        if !validIDRegexp.MatchString(id) {
                return false, errors.WithDetailf(ErrBadID, "invalid id %q", id)
        }
 
-       var toHash [tokenSize]byte
-       var hashed [tokenSize]byte
-       copy(toHash[:], secret)
-       sha3pool.Sum256(hashed[:], toHash[:])
-       inToken := fmt.Sprintf("%s:%x", id, hashed[:])
-
        var value []byte
        token := &Token{}
 
-       key := []byte(id)
-       if value = cs.DB.Get(key); value == nil {
+       if value = cs.DB.Get([]byte(id)); value == nil {
                return false, errors.WithDetailf(ErrNoMatchID, "check id %q nonexisting", id)
        }
        if err := json.Unmarshal(value, token); err != nil {
                return false, err
        }
 
-       if strings.Compare(token.Token, inToken) == 0 {
+       if strings.Compare(strings.Split(token.Token, ":")[1], secret) == 0 {
                return true, nil
        }
 

diff --git a/blockchain/accesstoken/accesstoken_test.go b/blockchain/accesstoken/accesstoken_test.go
index 4592cb6..7dc770f 100644 (file)
--- a/blockchain/accesstoken/accesstoken_test.go
+++ b/blockchain/accesstoken/accesstoken_test.go
@@ -2,7 +2,6 @@ package accesstoken
 
 import (
        "context"
-       "encoding/hex"
        "os"
        "strings"
        "testing"
@@ -73,13 +72,8 @@ func TestCheck(t *testing.T) {
 
        token := mustCreateToken(ctx, t, cs, "x", "client")
        tokenParts := strings.Split(*token, ":")
-       tokenID := tokenParts[0]
-       tokenSecret, err := hex.DecodeString(tokenParts[1])
-       if err != nil {
-               t.Fatal("bad token secret")
-       }
 
-       valid, err := cs.Check(ctx, tokenID, tokenSecret)
+       valid, err := cs.Check(ctx, tokenParts[0], tokenParts[1])
        if err != nil {
                t.Fatal(err)
        }
@@ -87,7 +81,7 @@ func TestCheck(t *testing.T) {
                t.Fatal("expected token and secret to be valid")
        }
 
-       valid, err = cs.Check(ctx, "x", []byte("badsecret"))
+       valid, err = cs.Check(ctx, "x", "badsecret")
        if err != nil {
                t.Fatal(err)
        }

diff --git a/net/http/authn/authn.go b/net/http/authn/authn.go
index 2bda775..0a6d9e6 100644 (file)
--- a/net/http/authn/authn.go
+++ b/net/http/authn/authn.go
@@ -128,26 +128,18 @@ func (a *API) tokenAuthn(req *http.Request) (string, error) {
        return user, a.cachedTokenAuthnCheck(req.Context(), user, pw)
 }
 
-func (a *API) tokenAuthnCheck(ctx context.Context, user, pw string) (bool, error) {
-       pwBytes, err := hex.DecodeString(pw)
-       if err != nil {
-               return false, nil
-       }
-       return a.tokens.Check(ctx, user, pwBytes)
-}
-
 func (a *API) cachedTokenAuthnCheck(ctx context.Context, user, pw string) error {
        a.tokenMu.Lock()
-       res, ok := a.tokenMap[user+pw]
+       res, ok := a.tokenMap[user + pw]
        a.tokenMu.Unlock()
        if !ok || time.Now().After(res.lastLookup.Add(tokenExpiry)) {
-               valid, err := a.tokenAuthnCheck(ctx, user, pw)
+               valid, err := a.tokens.Check(ctx, user, pw)
                if err != nil {
                        return errors.Wrap(err)
                }
                res = tokenResult{valid: valid, lastLookup: time.Now()}
                a.tokenMu.Lock()
-               a.tokenMap[user+pw] = res
+               a.tokenMap[user + pw] = res
                a.tokenMu.Unlock()
        }
        if !res.valid {