jbell730
/
signet-backend
1
0
Forkuj 0
Kod Zgłoszenia 0 Oczekujące zmiany 0 Wydania 0 Wiki Aktywność
The backend for the project formerly known as signet, now known as beignet.
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
2 Commity
1 Gałąź
182 KiB
 
Drzewo: ac81184242
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'ac81184242'
${ noResults }
signet-backend/endpoints/register.go

169 wiersze
4.0 KiB
Czysty Wina Historia 

  1. package endpoints

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"crypto/subtle"

  6. 	"encoding/base64"

  7. 	"encoding/json"

  8. 	"errors"

  9. 	"fmt"

  10. 	"github.com/imosed/signet/auth"

  11. 	. "github.com/imosed/signet/data"

  12. 	"github.com/spf13/viper"

  13. 	"golang.org/x/crypto/argon2"

  14. 	"net/http"

  15. 	"strings"

  16. )

  17. 

  18. const (

  19. 	SuperUser uint = iota

  20. 	AdminPlus

  21. 	Admin

  22. )

  23. 

  24. type Params struct {

  25. 	Iterations  uint32

  26. 	Memory      uint32

  27. 	Parallelism uint8

  28. 	SaltLength  uint32

  29. 	KeyLength   uint32

  30. }

  31. 

  32. func GenerateRandomBytes(n uint32) ([]byte, error) {

  33. 	var b = make([]byte, n)

  34. 	_, err := rand.Read(b)

  35. 	if err != nil {

  36. 		return nil, err

  37. 	}

  38. 

  39. 	return b, nil

  40. }

  41. 

  42. func GenerateHash(password string, p *Params) (encodedHash string, err error) {

  43. 	salt, err := GenerateRandomBytes(p.SaltLength)

  44. 	if err != nil {

  45. 		return "", err

  46. 	}

  47. 

  48. 	var hash = argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)

  49. 	var bSalt = base64.RawStdEncoding.EncodeToString(salt)

  50. 	var bHash = base64.RawStdEncoding.EncodeToString(hash)

  51. 

  52. 	encodedHash = fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s", argon2.Version, p.Memory, p.Iterations, p.Parallelism, bSalt, bHash)

  53. 

  54. 	return encodedHash, nil

  55. }

  56. 

  57. func ComparePasswordAndHash(password, encodedHash string) (match bool, err error) {

  58. 	p, salt, hash, err := DecodeHash(encodedHash)

  59. 	if err != nil {

  60. 		return false, err

  61. 	}

  62. 

  63. 	var otherHash = argon2.IDKey([]byte(password), salt, p.Iterations, p.Memory, p.Parallelism, p.KeyLength)

  64. 

  65. 	if subtle.ConstantTimeCompare(hash, otherHash) == 1 {

  66. 		return true, nil

  67. 	}

  68. 	return false, nil

  69. }

  70. 

  71. func DecodeHash(encodedHash string) (p *Params, salt, hash []byte, err error) {

  72. 	var details = strings.Split(encodedHash, "$")

  73. 	if len(details) != 6 {

  74. 		return nil, nil, nil, errors.New("the encoded hash is not in the correct format")

  75. 	}

  76. 

  77. 	var version int

  78. 	_, err = fmt.Sscanf(details[2], "v=%d", &version)

  79. 	if err != nil {

  80. 		return nil, nil, nil, err

  81. 	}

  82. 	if version != argon2.Version {

  83. 		return nil, nil, nil, errors.New("the version of argon2 does not match the hash string")

  84. 	}

  85. 

  86. 	p = &Params{}

  87. 	_, err = fmt.Sscanf(details[3], "m=%d,t=%d,p=%d", &p.Memory, &p.Iterations, &p.Parallelism)

  88. 	if err != nil {

  89. 		return nil, nil, nil, err

  90. 	}

  91. 

  92. 	salt, err = base64.RawStdEncoding.DecodeString(details[4])

  93. 	if err != nil {

  94. 		return nil, nil, nil, err

  95. 	}

  96. 	p.SaltLength = uint32(len(salt))

  97. 

  98. 	hash, err = base64.RawStdEncoding.DecodeString(details[5])

  99. 	if err != nil {

  100. 		return nil, nil, nil, err

  101. 	}

  102. 	p.KeyLength = uint32(len(hash))

  103. 

  104. 	return p, salt, hash, nil

  105. }

  106. 

  107. type AuthenticationRequest struct {

  108. 	Username string `json:"username"`

  109. 	Password string `json:"password"`

  110. }

  111. 

  112. func noUsersRegistered() bool {

  113. 	results := Db.Find(&User{})

  114. 	return results.RowsAffected == 0

  115. }

  116. 

  117. func determinePrivileges() uint {

  118. 	if noUsersRegistered() {

  119. 		return SuperUser

  120. 	} else {

  121. 		return Admin

  122. 	}

  123. }

  124. 

  125. func Register(w http.ResponseWriter, r *http.Request) {

  126. 	var req AuthenticationRequest

  127. 	err := json.NewDecoder(r.Body).Decode(&req)

  128. 	if err != nil {

  129. 		panic("Could not decode body")

  130. 	}

  131. 

  132. 	var claims *auth.Claims

  133. 	claims, err = auth.GetUserClaims(r)

  134. 	if err != nil {

  135. 		panic("Could not determine if user is authenticated")

  136. 	}

  137. 

  138. 	if claims.Privileges <= AdminPlus || noUsersRegistered() {

  139. 		hash, err := GenerateHash(req.Password, &Params{

  140. 			Memory:      uint32(viper.GetInt("hashing.memory")),

  141. 			Iterations:  uint32(viper.GetInt("hashing.iterations")),

  142. 			Parallelism: uint8(viper.GetInt("hashing.parallelism")),

  143. 			SaltLength:  uint32(viper.GetInt("hashing.saltLength")),

  144. 			KeyLength:   uint32(viper.GetInt("hashing.keyLength")),

  145. 		})

  146. 		if err != nil {

  147. 			panic("Could not generate hash for registration")

  148. 		}

  149. 

  150. 		Db.Create(&User{

  151. 			Username:   req.Username,

  152. 			Password:   hash,

  153. 			Privileges: determinePrivileges(),

  154. 		})

  155. 

  156. 		err = json.NewEncoder(w).Encode(SuccessResponse{Success: true})

  157. 		if err != nil {

  158. 			panic("Could not deliver successful account creation response")

  159. 		}

  160. 	} else if !noUsersRegistered() {

  161. 		err = json.NewEncoder(w).Encode(SuccessResponse{Success: false})

  162. 		if err != nil {

  163. 			panic("Could not deliver unsuccessful account creation response")

  164. 		}

  165. 	} else if claims.Privileges > SuperUser {

  166. 		w.WriteHeader(403)

  167. 	}

  168. }