jbell730
/
signet-backend
1
0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
The backend for the project formerly known as signet, now known as beignet.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 Ревизии
1 Клон
182 KiB
ИН на ревизия: 2d8b43fb5b
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '2d8b43fb5b'
${ noResults }
signet-backend/endpoints/register.go

register.go 4.1 KiB
Директен файл Normal View История

Initial commit
преди 2 години
Code cleanup
преди 2 години
Initial commit
преди 2 години
Add logging and control flow
преди 2 години
Initial commit
преди 2 години
Force change password for new users
преди 2 години
Initial commit
преди 2 години
Add logging and control flow
преди 2 години
Initial commit
преди 2 години
Add logging and control flow
преди 2 години
Initial commit
преди 2 години
Better way of determining privileges
преди 2 години
Add logging and control flow
преди 2 години
Initial commit
преди 2 години
Better way of determining privileges
преди 2 години
Initial commit
преди 2 години
Better way of determining privileges
преди 2 години
Initial commit
преди 2 години
Better way of determining privileges
преди 2 години
Initial commit
преди 2 години
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. package endpoints

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"crypto/subtle"

  6. 	"encoding/base64"

  7. 	"encoding/json"

  8. 	"errors"

  9. 	"fmt"

  10. 	"net/http"

  11. 	"strings"

  12. 

  13. 	"github.com/imosed/signet/auth"

  14. 	. "github.com/imosed/signet/data"

  15. 	"github.com/rs/zerolog/log"

  16. 	"github.com/spf13/viper"

  17. 	"golang.org/x/crypto/argon2"

  18. )

  19. 

  20. const (

  21. 	SuperUser uint = iota

  22. 	AdminPlus

  23. 	Admin

  24. )

  25. 

  26. type Params struct {

  27. 	Iterations  uint32

  28. 	Memory      uint32

  29. 	Parallelism uint8

  30. 	SaltLength  uint32

  31. 	KeyLength   uint32

  32. }

  33. 

  34. func GenerateRandomBytes(n uint32) ([]byte, error) {

  35. 	var b = make([]byte, n)

  36. 	_, err := rand.Read(b)

  37. 	if err != nil {

  38. 		return nil, err

  39. 	}

  40. 

  41. 	return b, nil

  42. }

  43. 

  44. func GenerateHash(password string, p *Params) (encodedHash string, err error) {

  45. 	salt, err := GenerateRandomBytes(p.SaltLength)

  46. 	if err != nil {

  47. 		return "", err

  48. 	}

  49. 

  50. 	var hash = argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)

  51. 	var bSalt = base64.RawStdEncoding.EncodeToString(salt)

  52. 	var bHash = base64.RawStdEncoding.EncodeToString(hash)

  53. 

  54. 	encodedHash = fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s", argon2.Version, p.Memory, p.Iterations, p.Parallelism, bSalt, bHash)

  55. 

  56. 	return encodedHash, nil

  57. }

  58. 

  59. func ComparePasswordAndHash(password, encodedHash string) (match bool, err error) {

  60. 	p, salt, hash, err := DecodeHash(encodedHash)

  61. 	if err != nil {

  62. 		return false, err

  63. 	}

  64. 

  65. 	var otherHash = argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)

  66. 

  67. 	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {

  68. 		return true, nil

  69. 	}

  70. 	return false, nil

  71. }

  72. 

  73. func DecodeHash(encodedHash string) (p *Params, salt, hash []byte, err error) {

  74. 	var details = strings.Split(encodedHash, "$")

  75. 	if len(details) != 6 {

  76. 		return nil, nil, nil, errors.New("the encoded hash is not in the correct format")

  77. 	}

  78. 

  79. 	var version int

  80. 	_, err = fmt.Sscanf(details[2], "v=%d", &version)

  81. 	if err != nil {

  82. 		return nil, nil, nil, err

  83. 	}

  84. 	if version != argon2.Version {

  85. 		return nil, nil, nil, errors.New("the version of argon2 does not match the hash string")

  86. 	}

  87. 

  88. 	p = &Params{}

  89. 	_, err = fmt.Sscanf(details[3], "m=%d,t=%d,p=%d", &p.Memory, &p.Iterations, &p.Parallelism)

  90. 	if err != nil {

  91. 		return nil, nil, nil, err

  92. 	}

  93. 

  94. 	salt, err = base64.RawStdEncoding.DecodeString(details[4])

  95. 	if err != nil {

  96. 		return nil, nil, nil, err

  97. 	}

  98. 	p.SaltLength = uint32(len(salt))

  99. 

  100. 	hash, err = base64.RawStdEncoding.DecodeString(details[5])

  101. 	if err != nil {

  102. 		return nil, nil, nil, err

  103. 	}

  104. 	p.KeyLength = uint32(len(hash))

  105. 

  106. 	return p, salt, hash, nil

  107. }

  108. 

  109. type AuthenticationRequest struct {

  110. 	Username string `json:"username"`

  111. 	Password string `json:"password"`

  112. }

  113. 

  114. func noUsersRegistered() bool {

  115. 	results := Db.Find(&User{})

  116. 	return results.RowsAffected == 0

  117. }

  118. 

  119. func determinePrivileges() uint {

  120. 	if noUsersRegistered() {

  121. 		return SuperUser

  122. 	} else {

  123. 		return Admin

  124. 	}

  125. }

  126. 

  127. func GetHashedPassword(password string) (encodedHash string, err error) {

  128. 	hash, err := GenerateHash(password, &Params{

  129. 		Memory:      uint32(viper.GetInt("hashing.memory")),

  130. 		Iterations:  uint32(viper.GetInt("hashing.iterations")),

  131. 		Parallelism: uint8(viper.GetInt("hashing.parallelism")),

  132. 		SaltLength:  uint32(viper.GetInt("hashing.saltLength")),

  133. 		KeyLength:   uint32(viper.GetInt("hashing.keyLength")),

  134. 	})

  135. 	return hash, err

  136. }

  137. 

  138. func Register(w http.ResponseWriter, r *http.Request) {

  139. 	var req AuthenticationRequest

  140. 	err := json.NewDecoder(r.Body).Decode(&req)

  141. 	if err != nil {

  142. 		log.Error().Err(err).Msg("Could not decode body in Register call")

  143. 		return

  144. 	}

  145. 

  146. 	var claims *auth.Claims

  147. 	claims, err = auth.GetUserClaims(r)

  148. 	if err != nil {

  149. 		log.Error().Err(err).Msg("Could not determine if user is authenticated")

  150. 		return

  151. 	}

  152. 

  153. 	if !noUsersRegistered() {

  154. 		if claims == nil {

  155. 			w.WriteHeader(401)

  156. 			return

  157. 		}

  158. 		if claims.Privileges > AdminPlus {

  159. 			w.WriteHeader(403)

  160. 			return

  161. 		}

  162. 	}

  163. 

  164. 	hash, err := GetHashedPassword(req.Password)

  165. 	if err != nil {

  166. 		log.Error().Err(err).Msg("Could not generate hash for registration")

  167. 		return

  168. 	}

  169. 

  170. 	Db.Create(&User{

  171. 		Username:   req.Username,

  172. 		Password:   hash,

  173. 		Privileges: determinePrivileges(),

  174. 	})

  175. 

  176. 	err = json.NewEncoder(w).Encode(SuccessResponse{Success: true})

  177. 	if err != nil {

  178. 		log.Error().Err(err).Msg("Could not deliver successful account creation response")

  179. 	}

  180. }