jbell730
/
signet-backend
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
The backend for the project formerly known as signet, now known as beignet.
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
11 Cometimentos
1 Ramo
182 KiB
 
Árvore: 484e25aa68
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de '484e25aa68'
${ noResults }
signet-backend/endpoints/register.go

174 linhas
4.2 KiB
Em bruto Responsabilidade Histórico 

  1. package endpoints

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"crypto/subtle"

  6. 	"encoding/base64"

  7. 	"encoding/json"

  8. 	"errors"

  9. 	"fmt"

  10. 	"net/http"

  11. 	"strings"

  12. 

  13. 	"github.com/imosed/signet/auth"

  14. 	. "github.com/imosed/signet/data"

  15. 	"github.com/rs/zerolog/log"

  16. 	"github.com/spf13/viper"

  17. 	"golang.org/x/crypto/argon2"

  18. )

  19. 

  20. const (

  21. 	SuperUser uint = iota

  22. 	AdminPlus

  23. 	Admin

  24. )

  25. 

  26. type Params struct {

  27. 	Iterations  uint32

  28. 	Memory      uint32

  29. 	Parallelism uint8

  30. 	SaltLength  uint32

  31. 	KeyLength   uint32

  32. }

  33. 

  34. func GenerateRandomBytes(n uint32) ([]byte, error) {

  35. 	var b = make([]byte, n)

  36. 	_, err := rand.Read(b)

  37. 	if err != nil {

  38. 		return nil, err

  39. 	}

  40. 

  41. 	return b, nil

  42. }

  43. 

  44. func GenerateHash(password string, p *Params) (encodedHash string, err error) {

  45. 	salt, err := GenerateRandomBytes(p.SaltLength)

  46. 	if err != nil {

  47. 		return "", err

  48. 	}

  49. 

  50. 	var hash = argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)

  51. 	var bSalt = base64.RawStdEncoding.EncodeToString(salt)

  52. 	var bHash = base64.RawStdEncoding.EncodeToString(hash)

  53. 

  54. 	encodedHash = fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s", argon2.Version, p.Memory, p.Iterations, p.Parallelism, bSalt, bHash)

  55. 

  56. 	return encodedHash, nil

  57. }

  58. 

  59. func ComparePasswordAndHash(password, encodedHash string) (match bool, err error) {

  60. 	p, salt, hash, err := DecodeHash(encodedHash)

  61. 	if err != nil {

  62. 		return false, err

  63. 	}

  64. 

  65. 	var otherHash = argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)

  66. 

  67. 	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {

  68. 		return true, nil

  69. 	}

  70. 	return false, nil

  71. }

  72. 

  73. func DecodeHash(encodedHash string) (p *Params, salt, hash []byte, err error) {

  74. 	var details = strings.Split(encodedHash, "$")

  75. 	if len(details) != 6 {

  76. 		return nil, nil, nil, errors.New("the encoded hash is not in the correct format")

  77. 	}

  78. 

  79. 	var version int

  80. 	_, err = fmt.Sscanf(details[2], "v=%d", &version)

  81. 	if err != nil {

  82. 		return nil, nil, nil, err

  83. 	}

  84. 	if version != argon2.Version {

  85. 		return nil, nil, nil, errors.New("the version of argon2 does not match the hash string")

  86. 	}

  87. 

  88. 	p = &Params{}

  89. 	_, err = fmt.Sscanf(details[3], "m=%d,t=%d,p=%d", &p.Memory, &p.Iterations, &p.Parallelism)

  90. 	if err != nil {

  91. 		return nil, nil, nil, err

  92. 	}

  93. 

  94. 	salt, err = base64.RawStdEncoding.DecodeString(details[4])

  95. 	if err != nil {

  96. 		return nil, nil, nil, err

  97. 	}

  98. 	p.SaltLength = uint32(len(salt))

  99. 

  100. 	hash, err = base64.RawStdEncoding.DecodeString(details[5])

  101. 	if err != nil {

  102. 		return nil, nil, nil, err

  103. 	}

  104. 	p.KeyLength = uint32(len(hash))

  105. 

  106. 	return p, salt, hash, nil

  107. }

  108. 

  109. type AuthenticationRequest struct {

  110. 	Username string `json:"username"`

  111. 	Password string `json:"password"`

  112. }

  113. 

  114. func noUsersRegistered() bool {

  115. 	results := Db.Find(&User{})

  116. 	return results.RowsAffected == 0

  117. }

  118. 

  119. func determinePrivileges() uint {

  120. 	if noUsersRegistered() {

  121. 		return SuperUser

  122. 	} else {

  123. 		return Admin

  124. 	}

  125. }

  126. 

  127. func Register(w http.ResponseWriter, r *http.Request) {

  128. 	var req AuthenticationRequest

  129. 	err := json.NewDecoder(r.Body).Decode(&req)

  130. 	if err != nil {

  131. 		log.Error().Err(err).Msg("Could not decode body in Register call")

  132. 		return

  133. 	}

  134. 

  135. 	var claims *auth.Claims

  136. 	claims, err = auth.GetUserClaims(r)

  137. 	if err != nil {

  138. 		log.Error().Err(err).Msg("Could not determine if user is authenticated")

  139. 		return

  140. 	}

  141. 

  142. 	if noUsersRegistered() || claims.Privileges <= AdminPlus {

  143. 		hash, err := GenerateHash(req.Password, &Params{

  144. 			Memory:      uint32(viper.GetInt("hashing.memory")),

  145. 			Iterations:  uint32(viper.GetInt("hashing.iterations")),

  146. 			Parallelism: uint8(viper.GetInt("hashing.parallelism")),

  147. 			SaltLength:  uint32(viper.GetInt("hashing.saltLength")),

  148. 			KeyLength:   uint32(viper.GetInt("hashing.keyLength")),

  149. 		})

  150. 		if err != nil {

  151. 			log.Error().Err(err).Msg("Could not generate hash for registration")

  152. 			return

  153. 		}

  154. 

  155. 		Db.Create(&User{

  156. 			Username:   req.Username,

  157. 			Password:   hash,

  158. 			Privileges: determinePrivileges(),

  159. 		})

  160. 

  161. 		err = json.NewEncoder(w).Encode(SuccessResponse{Success: true})

  162. 		if err != nil {

  163. 			log.Error().Err(err).Msg("Could not deliver successful account creation response")

  164. 		}

  165. 	} else if !noUsersRegistered() {

  166. 		err = json.NewEncoder(w).Encode(SuccessResponse{Success: false})

  167. 		if err != nil {

  168. 			log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response")

  169. 		}

  170. 	} else if claims.Privileges > SuperUser {

  171. 		w.WriteHeader(403)

  172. 	}

  173. }