user security bug fixed

controllers/nodeHttpController.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"strings"
 	"time"
+
 	"github.com/gorilla/mux"
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/functions"
@@ -194,17 +195,6 @@ func authorize(networkCheck bool, authNetwork string, next http.Handler) http.Ha
 				macaddress = "mastermac"
 				isAuthorized = true
 				r.Header.Set("ismasterkey", "yes")
-			} else {
-				r.Header.Set("ismasterkey", "")
-				mac, _, err := functions.VerifyToken(authToken)
-				if err != nil {
-					errorResponse = models.ErrorResponse{
-						Code: http.StatusUnauthorized, Message: "W1R3: Error Verifying Auth Token.",
-					}
-					returnErrorResponse(w, r, errorResponse)
-					return
-				}
-				macaddress = mac
 			}
 			if !isadmin && params["network"] != "" {
 				if functions.SliceContains(networks, params["network"]) {

functions/jwt.go

@@ -1,87 +1,92 @@
 package functions
 
 import (
-    "time"
-    "github.com/gravitl/netmaker/models"
-    "github.com/gravitl/netmaker/servercfg"
-    "github.com/dgrijalva/jwt-go"
+	"errors"
+	"time"
+
+	"github.com/dgrijalva/jwt-go"
+	"github.com/gravitl/netmaker/models"
+	"github.com/gravitl/netmaker/servercfg"
 )
 
 var jwtSecretKey = []byte("(BytesOverTheWire)")
 
 // CreateJWT func will used to create the JWT while signing in and signing out
 func CreateJWT(macaddress string, network string) (response string, err error) {
-    expirationTime := time.Now().Add(5 * time.Minute)
-    claims := &models.Claims{
-        MacAddress: macaddress,
-        Network: network,
-        StandardClaims: jwt.StandardClaims{
-            ExpiresAt: expirationTime.Unix(),
-        },
-    }
+	expirationTime := time.Now().Add(5 * time.Minute)
+	claims := &models.Claims{
+		MacAddress: macaddress,
+		Network:    network,
+		StandardClaims: jwt.StandardClaims{
+			ExpiresAt: expirationTime.Unix(),
+		},
+	}
 
-    token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-    tokenString, err := token.SignedString(jwtSecretKey)
-    if err == nil {
-        return tokenString, nil
-    }
-    return "", err
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	tokenString, err := token.SignedString(jwtSecretKey)
+	if err == nil {
+		return tokenString, nil
+	}
+	return "", err
 }
 
 func CreateUserJWT(username string, networks []string, isadmin bool) (response string, err error) {
-    expirationTime := time.Now().Add(60 * time.Minute)
-    claims := &models.UserClaims{
-        UserName: username,
-	Networks: networks,
-	IsAdmin: isadmin,
-        StandardClaims: jwt.StandardClaims{
-            ExpiresAt: expirationTime.Unix(),
-        },
-    }
+	expirationTime := time.Now().Add(1 * time.Minute)
+	claims := &models.UserClaims{
+		UserName: username,
+		Networks: networks,
+		IsAdmin:  isadmin,
+		StandardClaims: jwt.StandardClaims{
+			ExpiresAt: expirationTime.Unix(),
+		},
+	}
 
-    token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-    tokenString, err := token.SignedString(jwtSecretKey)
-    if err == nil {
-        return tokenString, nil
-    }
-    return "", err
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	tokenString, err := token.SignedString(jwtSecretKey)
+	if err == nil {
+		return tokenString, nil
+	}
+	return "", err
 }
 
 // VerifyToken func will used to Verify the JWT Token while using APIS
 func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) {
-    claims := &models.UserClaims{}
+	claims := &models.UserClaims{}
 
-    if tokenString == servercfg.GetMasterKey() {
-        return "masteradministrator", nil, true, nil
-    }
+	if tokenString == servercfg.GetMasterKey() {
+		return "masteradministrator", nil, true, nil
+	}
 
-    token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
-        return jwtSecretKey, nil
-    })
+	token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+		return jwtSecretKey, nil
+	})
 
-    if token != nil {
-        return claims.UserName, claims.Networks, claims.IsAdmin, nil
-    }
-    return "", nil, false, err
+	if token != nil && token.Valid {
+		// check that user exists
+		if user, err := GetUser(claims.UserName); user.UserName != "" && err == nil {
+			return claims.UserName, claims.Networks, claims.IsAdmin, nil
+		}
+		err = errors.New("user does not exist")
+	}
+	return "", nil, false, err
 }
 
-// VerifyToken func will used to Verify the JWT Token while using APIS
+// GRPC [nodes] Only
 func VerifyToken(tokenString string) (macaddress string, network string, err error) {
-    claims := &models.Claims{}
+	claims := &models.Claims{}
 
-    //this may be a stupid way of serving up a master key
-    //TODO: look into a different method. Encryption?
-    if tokenString == servercfg.GetMasterKey() {
-        return "mastermac", "", nil
-    }
+	//this may be a stupid way of serving up a master key
+	//TODO: look into a different method. Encryption?
+	if tokenString == servercfg.GetMasterKey() {
+		return "mastermac", "", nil
+	}
 
-    token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
-        return jwtSecretKey, nil
-    })
+	token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
+		return jwtSecretKey, nil
+	})
 
-    if token != nil {
-        return claims.MacAddress, claims.Network, nil
-    }
-    return "", "", err
+	if token != nil {
+		return claims.MacAddress, claims.Network, nil
+	}
+	return "", "", err
 }
-

models/names.go

@@ -5,7 +5,7 @@ import (
 	"time"
 )
 
-// 5-7 chars only
+// 4-7 chars only
 var NAMES = []string{
 	"logic",
 	"warrant",
@@ -32,7 +32,6 @@ var NAMES = []string{
 	"python",
 	"mohawk",
 	"arctic",
-	"linear",
 	"rival",
 	"vibes",
 	"delay",
@@ -65,7 +64,6 @@ var NAMES = []string{
 	"clutch",
 	"shark",
 	"leader",
-	"smelly",
 	"young",
 	"robot",
 	"squish",
@@ -73,7 +71,7 @@ var NAMES = []string{
 	"rocket",
 	"space",
 	"queen",
-	"royal",
+	"royalty",
 	"flush",
 	"earth",
 	"planet",
@@ -92,31 +90,71 @@ var NAMES = []string{
 	"goose",
 	"pepper",
 	"melissa",
+	"alex",
+	"elon",
+	"yeet",
+	"meh",
+	"walrus",
+	"avatar",
+	"chicken",
+	"proton",
+	"mohawk",
+	"tattoo",
+	"zebra",
+	"star",
+	"butter",
+	"tango",
+	"homie",
+	"rambo",
+	"cosmo",
+	"bubbles",
+	"hulk",
+	"pluto",
+	"scooby",
+	"thanos",
+	"yoda",
+	"draco",
+	"goofy",
+	"ditto",
+	"puff",
+	"duck",
+	"mouse",
+	"akita",
+	"water",
+	"hound",
+	"baby",
+	"spider",
+	"squid",
+	"roach",
+	"crab",
+	"cougar",
+	"cyborg",
+	"android",
+	"being",
+	"ninja",
+	"unicorn",
+	"zombie",
+	"warrior",
+	"zamboni",
+	"life",
+	"marine",
+	"node",
+	"mother",
+	"father",
+	"tesla",
 }
 
 // must be 4 chars or less
 var SMALL_NAMES = []string{
 	"ace",
-	"tank",
-	"alex",
-	"dude",
+	"odd",
+	"hot",
+	"ill",
 	"root",
 	"sudo",
-	"mars",
-	"meow",
-	"elon",
-	"musk",
 	"moon",
 	"beef",
-	"tack",
-	"matt",
-	"soon",
-	"man",
-	"sup",
-	"yo",
 	"bro",
-	"john",
-	"drop",
 	"dank",
 	"red",
 	"gold",
@@ -128,7 +166,6 @@ var SMALL_NAMES = []string{
 	"lil",
 	"mom",
 	"bot",
-	"farm",
 	"evil",
 	"good",
 	"holy",
@@ -137,48 +174,60 @@ var SMALL_NAMES = []string{
 	"sad",
 	"mad",
 	"chad",
-	"hat",
 	"pre",
 	"post",
 	"foot",
 	"soft",
 	"hard",
-	"bob",
-	"tree",
 	"lite",
-	"fish",
 	"dark",
 	"true",
-	"cat",
-	"dog",
-	"wow",
-	"yay",
-	"yeet",
-	"zoo",
 	"toy",
-	"boy",
 	"soy",
 	"rude",
 	"nice",
-	"cow",
-	"meh",
-	"shoe",
-	"sock",
-	"toe",
-	"nail",
-	"hair",
-	"nose",
-	"ear",
-	"tear",
-	"lad",
-	"taco",
-	"star",
-	"sun",
-	"ship",
-	"pack",
-	"mule",
-	"drag",
-	"king",
+	"fun",
+	"fat",
+	"pro",
+	"sly",
+	"tan",
+	"pet",
+	"fine",
+	"main",
+	"last",
+	"wide",
+	"free",
+	"open",
+	"poor",
+	"rich",
+	"next",
+	"real",
+	"long",
+	"huge",
+	"wild",
+	"sick",
+	"weak",
+	"firm",
+	"pink",
+	"okay",
+	"dull",
+	"loud",
+	"lazy",
+	"dumb",
+	"tidy",
+	"idle",
+	"bony",
+	"cute",
+	"oily",
+	"lame",
+	"mega",
+	"limp",
+	"wavy",
+	"edgy",
+	"nosy",
+	"zany",
+	"base",
+	"cold",
 }
 
 func GenerateNodeName() string {