This is a very simple demo project to test user authentication on a webapp.
- Session cookie management
- Passwords are hashed and salted
- Can create users, log in and out and delete them
- Not vulnerable to CSRF (on user delete)
- Awful database
- Session tokens are too short
- Does not sanitize user input
- Generate a self-signed TLS certificate and place it in
./cert/ - Run main.go:
go run main.goYou can create a self-signed certificate for testing purposes. Using openSSL do:
-
Install OpenSSL on your machine.
-
Open a command prompt and navigate to the directory where you want to create the certificate.
-
Run the following command to generate a private key:
openssl genrsa -out key.pem 2048 -
Run the following command to generate a certificate signing request (CSR):
openssl req -new -key key.pem -out csr.pem -
Run the following command to generate a self-signed certificate:
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem
This will create a self-signed certificate named cert.pem that is valid for 365 days.