From b4bb5c6bb886f6f19376be34bc86077e3b7225a7 Mon Sep 17 00:00:00 2001
From: Pascal Fischer <pascal@netbird.io>
Date: Wed, 8 Mar 2023 11:54:10 +0100
Subject: [PATCH] use const and do array copy

---
 go.mod                                          | 2 ++
 go.sum                                          | 4 ++++
 management/server/personal_access_token.go      | 9 +++++++--
 management/server/personal_access_token_test.go | 2 +-
 management/server/user.go                       | 4 +++-
 5 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index e34633892..e2e52fd53 100644
--- a/go.mod
+++ b/go.mod
@@ -38,6 +38,7 @@ require (
 	github.com/gliderlabs/ssh v0.3.4
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
+	github.com/hashicorp/go-secure-stdlib/base62 v0.1.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/libp2p/go-netroute v0.2.0
 	github.com/magiconair/properties v1.8.5
@@ -83,6 +84,7 @@ require (
 	github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gopacket v1.1.19 // indirect
+	github.com/hashicorp/go-uuid v1.0.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
diff --git a/go.sum b/go.sum
index e64b2bb38..0ca706447 100644
--- a/go.sum
+++ b/go.sum
@@ -277,6 +277,10 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng=
+github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
+github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
diff --git a/management/server/personal_access_token.go b/management/server/personal_access_token.go
index d15bad079..2dff75ec2 100644
--- a/management/server/personal_access_token.go
+++ b/management/server/personal_access_token.go
@@ -11,6 +11,11 @@ import (
 	"github.com/rs/xid"
 )
 
+const (
+	PATPrefix    = "nbp_"
+	secretLength = 30
+)
+
 // PersonalAccessToken holds all information about a PAT including a hashed version of it for verification
 type PersonalAccessToken struct {
 	ID             string
@@ -43,7 +48,7 @@ func CreateNewPAT(description string, expirationInDays int, createdBy string) (*
 }
 
 func generateNewToken() (string, string, error) {
-	secret, err := b.Random(30)
+	secret, err := b.Random(secretLength)
 	if err != nil {
 		return "", "", err
 	}
@@ -51,7 +56,7 @@ func generateNewToken() (string, string, error) {
 	checksum := crc32.ChecksumIEEE([]byte(secret))
 	encodedChecksum := base62.Encode(checksum)
 	paddedChecksum := fmt.Sprintf("%06s", encodedChecksum)
-	plainToken := "nbp_" + secret + paddedChecksum
+	plainToken := PATPrefix + secret + paddedChecksum
 	hashedToken := sha256.Sum256([]byte(plainToken))
 	return string(hashedToken[:]), plainToken, nil
 }
diff --git a/management/server/personal_access_token_test.go b/management/server/personal_access_token_test.go
index cba321749..a4e02f750 100644
--- a/management/server/personal_access_token_test.go
+++ b/management/server/personal_access_token_test.go
@@ -19,7 +19,7 @@ func TestPAT_GenerateToken_Hashing(t *testing.T) {
 func TestPAT_GenerateToken_Prefix(t *testing.T) {
 	_, plainToken, _ := generateNewToken()
 	fourCharPrefix := plainToken[:4]
-	assert.Equal(t, "nbp_", fourCharPrefix)
+	assert.Equal(t, PATPrefix, fourCharPrefix)
 }
 
 func TestPAT_GenerateToken_Checksum(t *testing.T) {
diff --git a/management/server/user.go b/management/server/user.go
index 925beb2b9..369df5238 100644
--- a/management/server/user.go
+++ b/management/server/user.go
@@ -94,11 +94,13 @@ func (u *User) toUserInfo(userData *idp.UserData) (*UserInfo, error) {
 func (u *User) Copy() *User {
 	autoGroups := make([]string, 0)
 	autoGroups = append(autoGroups, u.AutoGroups...)
+	pats := make([]PersonalAccessToken, 0)
+	pats = append(pats, u.PATs...)
 	return &User{
 		Id:         u.Id,
 		Role:       u.Role,
 		AutoGroups: autoGroups,
-		PATs:       u.PATs,
+		PATs:       pats,
 	}
 }