.gitignore

@@ -24,6 +24,5 @@ go.work
 gonuts
 *.db
 bin*
-*.log
 
 docs/

db/db.go

@@ -25,12 +25,8 @@ func Connect() *gorm.DB {
 	if udb != nil {
 		return udb
 	}
-	logFile, err := os.OpenFile("db.log", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-	if err != nil {
-		panic(err)
-	}
 	newLogger := logger.New(
-		log.New(logFile, "\r\n", log.LstdFlags),
+		log.New(os.Stdout, "\r\n", log.LstdFlags),
 		logger.Config{
 			SlowThreshold:             time.Second,
 			LogLevel:                  logger.Error,

handlers/user.go

@@ -48,11 +48,6 @@ func UserRegister(c *gin.Context) {
 		}
 		token1 = token
 	}
-	err := tokens.CreateSessionFromToken(token1.Val, dbUser.ID)
-	if err != nil {
-		log.Printf("tokens.CreateSessionFromToken: %v\n", err)
-		c.JSON(500, types.ErrorResponse{Message: "ERROR: 1000"})
-	}
 	c.SetCookie(consts.COOKIE_SESSION, token1.Val, 3600, "/", "localhost", false, true)
 	acc := types.Account{
 		ID:       dbUser.ID,
@@ -105,11 +100,6 @@ func UserLogin(c *gin.Context) {
 		}
 		token1 = token
 	}
-	err := tokens.CreateSessionFromToken(token1.Val, foundUser.ID)
-	if err != nil {
-		log.Printf("tokens.CreateSessionFromToken: %v\n", err)
-		c.JSON(500, types.ErrorResponse{Message: "ERROR: 1000"})
-	}
 	c.SetCookie(consts.COOKIE_SESSION, token1.Val, 3600, "/", "localhost", false, true)
 	acc := types.Account{
 		ID:       foundUser.ID,

tokens/sessions.go

@@ -2,15 +2,19 @@ package tokens
 
 import (
 	"crypto/sha256"
-	"encoding/base64"
 	"log"
 	"time"
 
 	"git.qowevisa.me/Qowevisa/fin-check-api/db"
 )
 
+func getSalt() []byte {
+	return []byte("w40DJV3v1flySvFdxHWbBSJsIOaakkVs5FG7brq4oi1#nEz2fEZxpUfyBwkkww7f")
+}
+
 func CreateSessionFromToken(token string, userID uint) error {
-	sessionID := getSessionIDFromToken(token)
+	salt := getSalt()
+	sessionID := sha256.New().Sum(append(salt, []byte(token)...))
 	dbc := db.Connect()
 	session := &db.Session{
 		ID:       string(sessionID),
@@ -24,10 +28,11 @@ func CreateSessionFromToken(token string, userID uint) error {
 }
 
 func ValidateSessionToken(token string) bool {
-	sessionID := getSessionIDFromToken(token)
+	salt := getSalt()
+	sessionID := sha256.New().Sum(append(salt, []byte(token)...))
 	dbc := db.Connect()
 	session := &db.Session{}
-	if err := dbc.Find(session, db.Session{ID: sessionID}).Error; err != nil {
+	if err := dbc.Find(session, sessionID).Error; err != nil {
 		log.Printf("DBERROR: %v\n", err)
 		return false
 	}
@@ -42,17 +47,12 @@ func ValidateSessionToken(token string) bool {
 }
 
 func GetSession(token string) (*db.Session, error) {
-	sessionID := getSessionIDFromToken(token)
+	salt := getSalt()
+	sessionID := sha256.New().Sum(append(salt, []byte(token)...))
 	dbc := db.Connect()
 	session := &db.Session{}
-	if err := dbc.Find(session, db.Session{ID: sessionID}).Error; err != nil {
+	if err := dbc.Find(session, sessionID).Error; err != nil {
 		return nil, err
 	}
 	return session, nil
 }
-
-func getSessionIDFromToken(token string) string {
-	salt := []byte("w40DJV3v1flySvFdxHWbBSJsIOaakkVs5FG7brq4oi1#nEz2fEZxpUfyBwkkww7f")
-	bytes := sha256.New().Sum(append(salt, []byte(token)...))
-	return base64.URLEncoding.EncodeToString(bytes)
-}