config, register: gofmt and make sure secret is 32 bytes
This commit is contained in:
parent
e7caa27a35
commit
faccff3fb2
2 changed files with 37 additions and 28 deletions
|
@ -83,13 +83,23 @@ func (self *Config) RunWizard() {
|
||||||
self.UploadMaxMB = ensureNumberOption(&inputBuf)
|
self.UploadMaxMB = ensureNumberOption(&inputBuf)
|
||||||
|
|
||||||
fmt.Printf("Encryption secret for admin invite codes? ")
|
fmt.Printf("Encryption secret for admin invite codes? ")
|
||||||
ensureNonEmptyOption(&inputBuf)
|
ensure32BytePassphrase(&inputBuf)
|
||||||
self.RegistrationSecret = inputBuf
|
self.RegistrationSecret = inputBuf
|
||||||
|
|
||||||
fmt.Printf("Configuration complete!\n")
|
fmt.Printf("Configuration complete!\n")
|
||||||
self.Write()
|
self.Write()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ensure32BytePassphrase(buffer *string) {
|
||||||
|
for {
|
||||||
|
fmt.Scanln(buffer)
|
||||||
|
if len([]byte(strings.TrimSpace(*buffer))) == 32 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
fmt.Println("Please enter a 32-byte string")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func ensureNonEmptyOption(buffer *string) {
|
func ensureNonEmptyOption(buffer *string) {
|
||||||
for {
|
for {
|
||||||
fmt.Scanln(buffer)
|
fmt.Scanln(buffer)
|
||||||
|
|
|
@ -4,17 +4,16 @@ import (
|
||||||
"crypto/aes"
|
"crypto/aes"
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
"html/template"
|
"html/template"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"fmt"
|
"time"
|
||||||
|
|
||||||
|
|
||||||
"hacklab.nilfm.cc/quartzgun/auth"
|
"hacklab.nilfm.cc/quartzgun/auth"
|
||||||
"hacklab.nilfm.cc/quartzgun/renderer"
|
"hacklab.nilfm.cc/quartzgun/renderer"
|
||||||
"hacklab.nilfm.cc/quartzgun/router"
|
"hacklab.nilfm.cc/quartzgun/router"
|
||||||
"hacklab.nilfm.cc/quartzgun/util"
|
"hacklab.nilfm.cc/quartzgun/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
type SymmetricCrypto interface {
|
type SymmetricCrypto interface {
|
||||||
|
@ -29,20 +28,20 @@ type SymmetricCrypt struct {
|
||||||
Secret string
|
Secret string
|
||||||
}
|
}
|
||||||
|
|
||||||
var iv []byte = []byte {107, 53, 46, 249, 52, 70, 36, 185,
|
var iv []byte = []byte{107, 53, 46, 249, 52, 70, 36, 185,
|
||||||
168, 139, 144, 249, 242, 2, 125, 183 }
|
168, 139, 144, 249, 242, 2, 125, 183}
|
||||||
|
|
||||||
func (self *SymmetricCrypt) IsValid(cipher string) bool {
|
func (self *SymmetricCrypt) IsValid(cipher string) bool {
|
||||||
stringTimestamp, err := self.Decrypt(cipher)
|
stringTimestamp, err := self.Decrypt(cipher)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
int64Timestamp, err := strconv.ParseInt(stringTimestamp, 10, 64)
|
int64Timestamp, err := strconv.ParseInt(stringTimestamp, 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
then := time.UnixMicro(int64Timestamp)
|
then := time.UnixMicro(int64Timestamp)
|
||||||
return time.Since(then).Minutes() <= 15
|
return time.Since(then).Minutes() <= 15
|
||||||
}
|
}
|
||||||
|
|
||||||
func (self *SymmetricCrypt) Encode(b []byte) string {
|
func (self *SymmetricCrypt) Encode(b []byte) string {
|
||||||
|
@ -58,7 +57,7 @@ func (self *SymmetricCrypt) Decode(s string) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (self *SymmetricCrypt) Encrypt(text string) (string, error) {
|
func (self *SymmetricCrypt) Encrypt(text string) (string, error) {
|
||||||
fmt.Println(text)
|
fmt.Println(text)
|
||||||
block, err := aes.NewCipher([]byte(self.Secret))
|
block, err := aes.NewCipher([]byte(self.Secret))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
|
@ -84,7 +83,7 @@ func (self *SymmetricCrypt) Decrypt(text string) (string, error) {
|
||||||
|
|
||||||
func WithCrypto(next http.Handler, crypto SymmetricCrypto) http.Handler {
|
func WithCrypto(next http.Handler, crypto SymmetricCrypto) http.Handler {
|
||||||
handlerFunc := func(w http.ResponseWriter, req *http.Request) {
|
handlerFunc := func(w http.ResponseWriter, req *http.Request) {
|
||||||
util.AddContextValue(req, "crypto", crypto);
|
util.AddContextValue(req, "crypto", crypto)
|
||||||
next.ServeHTTP(w, req)
|
next.ServeHTTP(w, req)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -93,15 +92,15 @@ func WithCrypto(next http.Handler, crypto SymmetricCrypto) http.Handler {
|
||||||
|
|
||||||
func WithUserStoreAndCrypto(next http.Handler, udb auth.UserStore, crypto SymmetricCrypto) http.Handler {
|
func WithUserStoreAndCrypto(next http.Handler, udb auth.UserStore, crypto SymmetricCrypto) http.Handler {
|
||||||
handlerFunc := func(w http.ResponseWriter, req *http.Request) {
|
handlerFunc := func(w http.ResponseWriter, req *http.Request) {
|
||||||
urlParams := req.Context().Value("params").(map[string]string)
|
urlParams := req.Context().Value("params").(map[string]string)
|
||||||
success := false
|
success := false
|
||||||
cipher := urlParams["cipher"]
|
cipher := urlParams["cipher"]
|
||||||
username := req.FormValue("username")
|
username := req.FormValue("username")
|
||||||
password := req.FormValue("password")
|
password := req.FormValue("password")
|
||||||
if crypto.IsValid(cipher) && len(username) > 0 && len(password) > 0 {
|
if crypto.IsValid(cipher) && len(username) > 0 && len(password) > 0 {
|
||||||
success = udb.AddUser(username, password) == nil
|
success = udb.AddUser(username, password) == nil
|
||||||
}
|
}
|
||||||
util.AddContextValue(req, "success", success);
|
util.AddContextValue(req, "success", success)
|
||||||
next.ServeHTTP(w, req)
|
next.ServeHTTP(w, req)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue