config, register: gofmt and make sure secret is 32 bytes

This commit is contained in:
Iris Lightshard 2023-07-10 22:41:23 -06:00
parent e7caa27a35
commit faccff3fb2
2 changed files with 37 additions and 28 deletions

View file

@ -83,13 +83,23 @@ func (self *Config) RunWizard() {
self.UploadMaxMB = ensureNumberOption(&inputBuf) self.UploadMaxMB = ensureNumberOption(&inputBuf)
fmt.Printf("Encryption secret for admin invite codes? ") fmt.Printf("Encryption secret for admin invite codes? ")
ensureNonEmptyOption(&inputBuf) ensure32BytePassphrase(&inputBuf)
self.RegistrationSecret = inputBuf self.RegistrationSecret = inputBuf
fmt.Printf("Configuration complete!\n") fmt.Printf("Configuration complete!\n")
self.Write() self.Write()
} }
func ensure32BytePassphrase(buffer *string) {
for {
fmt.Scanln(buffer)
if len([]byte(strings.TrimSpace(*buffer))) == 32 {
break
}
fmt.Println("Please enter a 32-byte string")
}
}
func ensureNonEmptyOption(buffer *string) { func ensureNonEmptyOption(buffer *string) {
for { for {
fmt.Scanln(buffer) fmt.Scanln(buffer)

View file

@ -4,17 +4,16 @@ import (
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"encoding/hex" "encoding/hex"
"fmt"
"html/template" "html/template"
"net/http" "net/http"
"time"
"strconv" "strconv"
"fmt" "time"
"hacklab.nilfm.cc/quartzgun/auth" "hacklab.nilfm.cc/quartzgun/auth"
"hacklab.nilfm.cc/quartzgun/renderer" "hacklab.nilfm.cc/quartzgun/renderer"
"hacklab.nilfm.cc/quartzgun/router" "hacklab.nilfm.cc/quartzgun/router"
"hacklab.nilfm.cc/quartzgun/util" "hacklab.nilfm.cc/quartzgun/util"
) )
type SymmetricCrypto interface { type SymmetricCrypto interface {
@ -29,20 +28,20 @@ type SymmetricCrypt struct {
Secret string Secret string
} }
var iv []byte = []byte {107, 53, 46, 249, 52, 70, 36, 185, var iv []byte = []byte{107, 53, 46, 249, 52, 70, 36, 185,
168, 139, 144, 249, 242, 2, 125, 183 } 168, 139, 144, 249, 242, 2, 125, 183}
func (self *SymmetricCrypt) IsValid(cipher string) bool { func (self *SymmetricCrypt) IsValid(cipher string) bool {
stringTimestamp, err := self.Decrypt(cipher) stringTimestamp, err := self.Decrypt(cipher)
if err != nil { if err != nil {
return false return false
} }
int64Timestamp, err := strconv.ParseInt(stringTimestamp, 10, 64) int64Timestamp, err := strconv.ParseInt(stringTimestamp, 10, 64)
if err != nil { if err != nil {
return false return false
} }
then := time.UnixMicro(int64Timestamp) then := time.UnixMicro(int64Timestamp)
return time.Since(then).Minutes() <= 15 return time.Since(then).Minutes() <= 15
} }
func (self *SymmetricCrypt) Encode(b []byte) string { func (self *SymmetricCrypt) Encode(b []byte) string {
@ -58,7 +57,7 @@ func (self *SymmetricCrypt) Decode(s string) []byte {
} }
func (self *SymmetricCrypt) Encrypt(text string) (string, error) { func (self *SymmetricCrypt) Encrypt(text string) (string, error) {
fmt.Println(text) fmt.Println(text)
block, err := aes.NewCipher([]byte(self.Secret)) block, err := aes.NewCipher([]byte(self.Secret))
if err != nil { if err != nil {
return "", err return "", err
@ -84,7 +83,7 @@ func (self *SymmetricCrypt) Decrypt(text string) (string, error) {
func WithCrypto(next http.Handler, crypto SymmetricCrypto) http.Handler { func WithCrypto(next http.Handler, crypto SymmetricCrypto) http.Handler {
handlerFunc := func(w http.ResponseWriter, req *http.Request) { handlerFunc := func(w http.ResponseWriter, req *http.Request) {
util.AddContextValue(req, "crypto", crypto); util.AddContextValue(req, "crypto", crypto)
next.ServeHTTP(w, req) next.ServeHTTP(w, req)
} }
@ -93,15 +92,15 @@ func WithCrypto(next http.Handler, crypto SymmetricCrypto) http.Handler {
func WithUserStoreAndCrypto(next http.Handler, udb auth.UserStore, crypto SymmetricCrypto) http.Handler { func WithUserStoreAndCrypto(next http.Handler, udb auth.UserStore, crypto SymmetricCrypto) http.Handler {
handlerFunc := func(w http.ResponseWriter, req *http.Request) { handlerFunc := func(w http.ResponseWriter, req *http.Request) {
urlParams := req.Context().Value("params").(map[string]string) urlParams := req.Context().Value("params").(map[string]string)
success := false success := false
cipher := urlParams["cipher"] cipher := urlParams["cipher"]
username := req.FormValue("username") username := req.FormValue("username")
password := req.FormValue("password") password := req.FormValue("password")
if crypto.IsValid(cipher) && len(username) > 0 && len(password) > 0 { if crypto.IsValid(cipher) && len(username) > 0 && len(password) > 0 {
success = udb.AddUser(username, password) == nil success = udb.AddUser(username, password) == nil
} }
util.AddContextValue(req, "success", success); util.AddContextValue(req, "success", success)
next.ServeHTTP(w, req) next.ServeHTTP(w, req)
} }