Merge pull request '🔒 Add secret token hashing with argon2id' (#31) from ada/hash-token into main
Reviewed-on: #31
This commit is contained in:
commit
dd1c5a2778
13 changed files with 359 additions and 80 deletions
6
go.mod
6
go.mod
|
@ -2,9 +2,13 @@ module git.gnous.eu/gnouseu/plakken
|
||||||
|
|
||||||
go 1.22
|
go 1.22
|
||||||
|
|
||||||
require github.com/redis/go-redis/v9 v9.5.1
|
require (
|
||||||
|
github.com/redis/go-redis/v9 v9.5.1
|
||||||
|
golang.org/x/crypto v0.20.0
|
||||||
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||||
|
golang.org/x/sys v0.17.0 // indirect
|
||||||
)
|
)
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -8,3 +8,7 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
|
||||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
|
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
|
||||||
github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
|
github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
|
||||||
github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
|
github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
|
||||||
|
golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg=
|
||||||
|
golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ=
|
||||||
|
golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
|
||||||
|
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
|
|
|
@ -5,4 +5,10 @@ import "time"
|
||||||
const (
|
const (
|
||||||
HTTPTimeout = 3 * time.Second
|
HTTPTimeout = 3 * time.Second
|
||||||
ExpirationCurlCreate = 604800 * time.Second // Second in one week
|
ExpirationCurlCreate = 604800 * time.Second // Second in one week
|
||||||
|
TokenLength = 32
|
||||||
|
ArgonSaltSize = 16
|
||||||
|
ArgonMemory = 64 * 1024
|
||||||
|
ArgonThreads = 4
|
||||||
|
ArgonKeyLength = 32
|
||||||
|
ArgonIterations = 2
|
||||||
)
|
)
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"git.gnous.eu/gnouseu/plakken/internal/secret"
|
||||||
"github.com/redis/go-redis/v9"
|
"github.com/redis/go-redis/v9"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -36,7 +37,7 @@ func ConnectDB(dbConfig *redis.Options) *redis.Client {
|
||||||
func Ping(db *redis.Client) error {
|
func Ping(db *redis.Client) error {
|
||||||
status := db.Ping(ctx)
|
status := db.Ping(ctx)
|
||||||
if status.String() != "ping: PONG" {
|
if status.String() != "ping: PONG" {
|
||||||
return &PingError{}
|
return &pingError{}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -68,6 +69,13 @@ func (config DBConfig) UrlExist(url string) bool {
|
||||||
return config.DB.Exists(ctx, url).Val() == 1
|
return config.DB.Exists(ctx, url).Val() == 1
|
||||||
}
|
}
|
||||||
|
|
||||||
func (config DBConfig) VerifySecret(url string, secret string) bool {
|
func (config DBConfig) VerifySecret(url string, token string) (bool, error) {
|
||||||
return secret == config.DB.HGet(ctx, url, "secret").Val()
|
storedHash := config.DB.HGet(ctx, url, "secret").Val()
|
||||||
|
|
||||||
|
result, err := secret.VerifyPassword(token, storedHash)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return result, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
package database
|
package database
|
||||||
|
|
||||||
type PingError struct{}
|
type pingError struct{}
|
||||||
|
|
||||||
func (m *PingError) Error() string {
|
func (m *pingError) Error() string {
|
||||||
return "Connection to redis not work"
|
return "Connection to redis not work"
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,8 +42,8 @@ func (config ServerConfig) router() {
|
||||||
http.Handle("GET /static/{file}", http.FileServer(staticFiles))
|
http.Handle("GET /static/{file}", http.FileServer(staticFiles))
|
||||||
http.HandleFunc("GET /{key}/{settings...}", WebConfig.View)
|
http.HandleFunc("GET /{key}/{settings...}", WebConfig.View)
|
||||||
http.HandleFunc("POST /{$}", WebConfig.CurlCreate)
|
http.HandleFunc("POST /{$}", WebConfig.CurlCreate)
|
||||||
http.HandleFunc("POST /create/{$}", WebConfig.Create)
|
http.HandleFunc("POST /create/{$}", WebConfig.PostCreate)
|
||||||
http.HandleFunc("DELETE /{key}", WebConfig.Delete)
|
http.HandleFunc("DELETE /{key}", WebConfig.DeleteRequest)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Config Configure HTTP server
|
// Config Configure HTTP server
|
||||||
|
|
147
internal/secret/crypto.go
Normal file
147
internal/secret/crypto.go
Normal file
|
@ -0,0 +1,147 @@
|
||||||
|
// Package secret implement all crypto utils like password hashing and secret generation
|
||||||
|
package secret
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
|
"fmt"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"git.gnous.eu/gnouseu/plakken/internal/constant"
|
||||||
|
"golang.org/x/crypto/argon2"
|
||||||
|
)
|
||||||
|
|
||||||
|
type argon2idHash struct {
|
||||||
|
salt []byte
|
||||||
|
hash []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
// Argon2id config
|
||||||
|
type config struct {
|
||||||
|
saltLength uint8
|
||||||
|
memory uint32
|
||||||
|
threads uint8
|
||||||
|
keyLength uint32
|
||||||
|
iterations uint32
|
||||||
|
}
|
||||||
|
|
||||||
|
// generateSecret for password hashing or token generation
|
||||||
|
func generateSecret(length uint8) ([]byte, error) {
|
||||||
|
secret := make([]byte, length)
|
||||||
|
|
||||||
|
_, err := rand.Read(secret)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return secret, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// GenerateToken generate hexadecimal token
|
||||||
|
func GenerateToken() (string, error) {
|
||||||
|
secret, err := generateSecret(constant.TokenLength)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
token := fmt.Sprintf("%x", secret)
|
||||||
|
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// generateArgon2ID Generate an argon2id hash from source string and specified salt
|
||||||
|
func (config config) generateArgon2ID(source string, salt []byte) []byte {
|
||||||
|
hash := argon2.IDKey([]byte(source), salt, config.iterations, config.memory, config.threads, config.keyLength)
|
||||||
|
|
||||||
|
return hash
|
||||||
|
}
|
||||||
|
|
||||||
|
// Password hash a source string with argon2id, return properly encoded hash
|
||||||
|
func Password(password string) (string, error) {
|
||||||
|
config := config{
|
||||||
|
saltLength: constant.ArgonSaltSize,
|
||||||
|
memory: constant.ArgonMemory,
|
||||||
|
threads: constant.ArgonThreads,
|
||||||
|
keyLength: constant.ArgonKeyLength,
|
||||||
|
iterations: constant.ArgonIterations,
|
||||||
|
}
|
||||||
|
|
||||||
|
salt, err := generateSecret(config.saltLength)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
hash := config.generateArgon2ID(password, salt)
|
||||||
|
|
||||||
|
base64Hash := base64.RawStdEncoding.EncodeToString(hash)
|
||||||
|
base64Salt := base64.RawStdEncoding.EncodeToString(salt)
|
||||||
|
|
||||||
|
formatted := fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s", argon2.Version, config.memory, config.iterations, config.threads, base64Salt, base64Hash)
|
||||||
|
|
||||||
|
return formatted, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyPassword check is source password and stored password is similar, take password and a properly encoded hash.
|
||||||
|
func VerifyPassword(password string, hash string) (bool, error) {
|
||||||
|
argon2Hash, config, err := parseHash(hash)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
result := config.generateArgon2ID(password, argon2Hash.salt)
|
||||||
|
|
||||||
|
return bytes.Equal(result, argon2Hash.hash), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// parseHash parse existing encoded argon2id string
|
||||||
|
func parseHash(source string) (argon2idHash, config, error) {
|
||||||
|
separateItem := strings.Split(source, "$")
|
||||||
|
if len(separateItem) != 6 {
|
||||||
|
return argon2idHash{}, config{}, &parseError{message: "Hash format is not valid"}
|
||||||
|
}
|
||||||
|
|
||||||
|
if separateItem[1] != "argon2id" {
|
||||||
|
return argon2idHash{}, config{}, &parseError{message: "Algorithm is not valid"}
|
||||||
|
}
|
||||||
|
|
||||||
|
separateParam := strings.Split(separateItem[3], ",")
|
||||||
|
if len(separateParam) != 3 {
|
||||||
|
return argon2idHash{}, config{}, &parseError{message: "Hash config is not valid"}
|
||||||
|
}
|
||||||
|
|
||||||
|
salt, err := base64.RawStdEncoding.Strict().DecodeString(separateItem[4])
|
||||||
|
if err != nil {
|
||||||
|
return argon2idHash{}, config{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var hash []byte
|
||||||
|
hash, err = base64.RawStdEncoding.Strict().DecodeString(separateItem[5])
|
||||||
|
if err != nil {
|
||||||
|
return argon2idHash{}, config{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
saltLength := uint8(len(salt))
|
||||||
|
keyLength := uint32(len(hash))
|
||||||
|
|
||||||
|
var memory int
|
||||||
|
memory, err = strconv.Atoi(strings.Replace(separateParam[0], "m=", "", -1))
|
||||||
|
if err != nil {
|
||||||
|
return argon2idHash{}, config{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var iterations int
|
||||||
|
iterations, err = strconv.Atoi(strings.Replace(separateParam[1], "t=", "", -1))
|
||||||
|
if err != nil {
|
||||||
|
return argon2idHash{}, config{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var threads int
|
||||||
|
threads, err = strconv.Atoi(strings.Replace(separateParam[2], "p=", "", -1))
|
||||||
|
if err != nil {
|
||||||
|
return argon2idHash{}, config{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return argon2idHash{salt: salt, hash: hash}, config{saltLength: saltLength, memory: uint32(memory), threads: uint8(threads), iterations: uint32(iterations), keyLength: keyLength}, nil
|
||||||
|
}
|
9
internal/secret/error.go
Normal file
9
internal/secret/error.go
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
package secret
|
||||||
|
|
||||||
|
type parseError struct {
|
||||||
|
message string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *parseError) Error() string {
|
||||||
|
return "parseHash: " + m.message
|
||||||
|
}
|
|
@ -1,17 +1,17 @@
|
||||||
package utils
|
package utils
|
||||||
|
|
||||||
type ParseIntBeforeSeparatorError struct {
|
type parseIntBeforeSeparatorError struct {
|
||||||
Message string
|
message string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *ParseIntBeforeSeparatorError) Error() string {
|
func (m *parseIntBeforeSeparatorError) Error() string {
|
||||||
return "parseIntBeforeSeparator: " + m.Message
|
return "parseIntBeforeSeparator: " + m.message
|
||||||
}
|
}
|
||||||
|
|
||||||
type ParseExpirationError struct {
|
type ParseExpirationError struct {
|
||||||
Message string
|
message string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *ParseExpirationError) Error() string {
|
func (m *ParseExpirationError) Error() string {
|
||||||
return "parseIntBeforeSeparator: " + m.Message
|
return "parseIntBeforeSeparator: " + m.message
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
package utils
|
package utils
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
|
||||||
"encoding/hex"
|
|
||||||
"log"
|
"log"
|
||||||
mathrand "math/rand/v2"
|
mathrand "math/rand/v2"
|
||||||
"regexp"
|
"regexp"
|
||||||
|
@ -21,17 +19,6 @@ func GenerateUrl(length uint8) string {
|
||||||
return string(b)
|
return string(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateSecret generate random secret (32 bytes hexadecimal)
|
|
||||||
func GenerateSecret() string {
|
|
||||||
key := make([]byte, 32)
|
|
||||||
_, err := rand.Read(key)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("Failed to generate secret")
|
|
||||||
}
|
|
||||||
|
|
||||||
return hex.EncodeToString(key)
|
|
||||||
}
|
|
||||||
|
|
||||||
// CheckCharRedundant verify is a character is redundant in a string
|
// CheckCharRedundant verify is a character is redundant in a string
|
||||||
func CheckCharRedundant(source string, char string) bool { // Verify if a char is redundant
|
func CheckCharRedundant(source string, char string) bool { // Verify if a char is redundant
|
||||||
return strings.Count(source, char) > 1
|
return strings.Count(source, char) > 1
|
||||||
|
@ -39,7 +26,7 @@ func CheckCharRedundant(source string, char string) bool { // Verify if a char i
|
||||||
|
|
||||||
func parseIntBeforeSeparator(source *string, sep string) (int, error) { // return 0 & error if error, only accept positive number
|
func parseIntBeforeSeparator(source *string, sep string) (int, error) { // return 0 & error if error, only accept positive number
|
||||||
if CheckCharRedundant(*source, sep) {
|
if CheckCharRedundant(*source, sep) {
|
||||||
return 0, &ParseIntBeforeSeparatorError{Message: *source + ": cannot parse value as int"}
|
return 0, &parseIntBeforeSeparatorError{message: *source + ": cannot parse value as int"}
|
||||||
}
|
}
|
||||||
var value int
|
var value int
|
||||||
var err error
|
var err error
|
||||||
|
@ -47,14 +34,14 @@ func parseIntBeforeSeparator(source *string, sep string) (int, error) { // retur
|
||||||
value, err = strconv.Atoi(strings.Split(*source, sep)[0])
|
value, err = strconv.Atoi(strings.Split(*source, sep)[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return 0, &ParseIntBeforeSeparatorError{Message: *source + ": cannot parse value as int"}
|
return 0, &parseIntBeforeSeparatorError{message: *source + ": cannot parse value as int"}
|
||||||
}
|
}
|
||||||
if value < 0 { // Only positive value is correct
|
if value < 0 { // Only positive value is correct
|
||||||
return 0, &ParseIntBeforeSeparatorError{Message: *source + ": format only take positive value"}
|
return 0, &parseIntBeforeSeparatorError{message: *source + ": format only take positive value"}
|
||||||
}
|
}
|
||||||
|
|
||||||
if value > 99 {
|
if value > 99 {
|
||||||
return 0, &ParseIntBeforeSeparatorError{Message: *source + ": Format only take two number"}
|
return 0, &parseIntBeforeSeparatorError{message: *source + ": Format only take two number"}
|
||||||
}
|
}
|
||||||
|
|
||||||
*source = strings.Join(strings.Split(*source, sep)[1:], "")
|
*source = strings.Join(strings.Split(*source, sep)[1:], "")
|
||||||
|
@ -77,25 +64,25 @@ func ParseExpiration(source string) (int, error) {
|
||||||
expiration = tempOutput * 86400
|
expiration = tempOutput * 86400
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return 0, &ParseExpirationError{Message: "Invalid syntax"}
|
return 0, &ParseExpirationError{message: "Invalid syntax"}
|
||||||
}
|
}
|
||||||
tempOutput, err = parseIntBeforeSeparator(&source, "h")
|
tempOutput, err = parseIntBeforeSeparator(&source, "h")
|
||||||
expiration += tempOutput * 3600
|
expiration += tempOutput * 3600
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return 0, &ParseExpirationError{Message: "Invalid syntax"}
|
return 0, &ParseExpirationError{message: "Invalid syntax"}
|
||||||
}
|
}
|
||||||
tempOutput, err = parseIntBeforeSeparator(&source, "m")
|
tempOutput, err = parseIntBeforeSeparator(&source, "m")
|
||||||
expiration += tempOutput * 60
|
expiration += tempOutput * 60
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return 0, &ParseExpirationError{Message: "Invalid syntax"}
|
return 0, &ParseExpirationError{message: "Invalid syntax"}
|
||||||
}
|
}
|
||||||
tempOutput, err = parseIntBeforeSeparator(&source, "s")
|
tempOutput, err = parseIntBeforeSeparator(&source, "s")
|
||||||
expiration += tempOutput * 1
|
expiration += tempOutput * 1
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return 0, &ParseExpirationError{Message: "Invalid syntax"}
|
return 0, &ParseExpirationError{message: "Invalid syntax"}
|
||||||
}
|
}
|
||||||
|
|
||||||
return expiration, nil
|
return expiration, nil
|
||||||
|
|
|
@ -1,10 +1,18 @@
|
||||||
package plak
|
package plak
|
||||||
|
|
||||||
type DeletePlakError struct {
|
type deletePlakError struct {
|
||||||
Name string
|
name string
|
||||||
Err error
|
err error
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *DeletePlakError) Error() string {
|
func (m *deletePlakError) Error() string {
|
||||||
return "Cannot delete: " + m.Name + " : " + m.Err.Error()
|
return "Cannot delete: " + m.name + " : " + m.err.Error()
|
||||||
|
}
|
||||||
|
|
||||||
|
type createError struct {
|
||||||
|
message string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *createError) Error() string {
|
||||||
|
return "create: cannot create plak: " + m.message
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
|
|
||||||
"git.gnous.eu/gnouseu/plakken/internal/constant"
|
"git.gnous.eu/gnouseu/plakken/internal/constant"
|
||||||
"git.gnous.eu/gnouseu/plakken/internal/database"
|
"git.gnous.eu/gnouseu/plakken/internal/database"
|
||||||
|
"git.gnous.eu/gnouseu/plakken/internal/secret"
|
||||||
"git.gnous.eu/gnouseu/plakken/internal/utils"
|
"git.gnous.eu/gnouseu/plakken/internal/utils"
|
||||||
"github.com/redis/go-redis/v9"
|
"github.com/redis/go-redis/v9"
|
||||||
|
|
||||||
|
@ -24,26 +25,48 @@ type WebConfig struct {
|
||||||
Templates embed.FS
|
Templates embed.FS
|
||||||
}
|
}
|
||||||
|
|
||||||
// Plak "Object" for plak
|
// plak "Object" for plak
|
||||||
type Plak struct {
|
type plak struct {
|
||||||
Key string
|
Key string
|
||||||
Content string
|
Content string
|
||||||
Expiration time.Duration
|
Expiration time.Duration
|
||||||
DB *redis.Client
|
DB *redis.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create manage POST request for create Plak
|
// create a plak
|
||||||
func (config WebConfig) Create(w http.ResponseWriter, r *http.Request) {
|
func (plak plak) create() (string, error) {
|
||||||
|
dbConf := database.DBConfig{
|
||||||
|
DB: plak.DB,
|
||||||
|
}
|
||||||
|
|
||||||
|
token, err := secret.GenerateToken()
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
if dbConf.UrlExist(plak.Key) {
|
||||||
|
return "", &createError{message: "key already exist"}
|
||||||
|
}
|
||||||
|
|
||||||
|
var hashedSecret string
|
||||||
|
hashedSecret, err = secret.Password(token)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
dbConf.InsertPaste(plak.Key, plak.Content, hashedSecret, plak.Expiration)
|
||||||
|
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// PostCreate manage POST request for create plak
|
||||||
|
func (config WebConfig) PostCreate(w http.ResponseWriter, r *http.Request) {
|
||||||
content := r.FormValue("content")
|
content := r.FormValue("content")
|
||||||
if content == "" {
|
if content == "" {
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
dbConf := database.DBConfig{
|
|
||||||
DB: config.DB,
|
|
||||||
}
|
|
||||||
|
|
||||||
filename := r.FormValue("filename")
|
filename := r.FormValue("filename")
|
||||||
var key string
|
var key string
|
||||||
if len(filename) == 0 {
|
if len(filename) == 0 {
|
||||||
|
@ -53,46 +76,67 @@ func (config WebConfig) Create(w http.ResponseWriter, r *http.Request) {
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if dbConf.UrlExist(filename) {
|
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
key = filename
|
key = filename
|
||||||
}
|
}
|
||||||
|
|
||||||
secret := utils.GenerateSecret()
|
plak := plak{
|
||||||
rawExpiration := r.FormValue("exp")
|
Key: key,
|
||||||
|
Content: content,
|
||||||
|
DB: config.DB,
|
||||||
|
}
|
||||||
|
|
||||||
|
rawExpiration := r.FormValue("exp")
|
||||||
expiration, err := utils.ParseExpiration(rawExpiration)
|
expiration, err := utils.ParseExpiration(rawExpiration)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
log.Println(err)
|
||||||
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
} else if expiration == 0 {
|
}
|
||||||
dbConf.InsertPaste(key, content, secret, -1)
|
|
||||||
|
if expiration == 0 {
|
||||||
|
plak.Expiration = -1
|
||||||
} else {
|
} else {
|
||||||
dbConf.InsertPaste(key, content, secret, time.Duration(expiration*int(time.Second)))
|
plak.Expiration = time.Duration(expiration * int(time.Second))
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = plak.create()
|
||||||
|
if err != nil {
|
||||||
|
log.Println(err)
|
||||||
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
http.Redirect(w, r, "/"+key, http.StatusSeeOther)
|
http.Redirect(w, r, "/"+key, http.StatusSeeOther)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CurlCreate Create plak with minimum param, ideal for curl. Force 7 day expiration
|
// CurlCreate PostCreate plak with minimum param, ideal for curl. Force 7 day expiration
|
||||||
func (config WebConfig) CurlCreate(w http.ResponseWriter, r *http.Request) {
|
func (config WebConfig) CurlCreate(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.ContentLength == 0 {
|
if r.ContentLength == 0 {
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
content, _ := io.ReadAll(r.Body)
|
content, _ := io.ReadAll(r.Body)
|
||||||
err := r.Body.Close()
|
err := r.Body.Close()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
key := utils.GenerateUrl(config.UrlLength)
|
key := utils.GenerateUrl(config.UrlLength)
|
||||||
secret := utils.GenerateSecret()
|
|
||||||
dbConf := database.DBConfig{
|
plak := plak{
|
||||||
|
Key: key,
|
||||||
|
Content: string(content),
|
||||||
|
Expiration: constant.ExpirationCurlCreate,
|
||||||
DB: config.DB,
|
DB: config.DB,
|
||||||
}
|
}
|
||||||
dbConf.InsertPaste(key, string(content), secret, constant.ExpirationCurlCreate)
|
|
||||||
|
var token string
|
||||||
|
token, err = plak.create()
|
||||||
|
if err != nil {
|
||||||
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
var baseURL string
|
var baseURL string
|
||||||
if r.TLS == nil {
|
if r.TLS == nil {
|
||||||
|
@ -101,7 +145,7 @@ func (config WebConfig) CurlCreate(w http.ResponseWriter, r *http.Request) {
|
||||||
baseURL = "https://" + r.Host + "/" + key
|
baseURL = "https://" + r.Host + "/" + key
|
||||||
}
|
}
|
||||||
|
|
||||||
message := baseURL + "\n" + "Delete with : 'curl -X DELETE " + baseURL + "?secret\\=" + secret + "'" + "\n"
|
message := baseURL + "\n" + "Delete with : 'curl -X DELETE " + baseURL + "?secret\\=" + token + "'" + "\n"
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
_, err = io.WriteString(w, message)
|
_, err = io.WriteString(w, message)
|
||||||
|
@ -115,18 +159,18 @@ func (config WebConfig) View(w http.ResponseWriter, r *http.Request) {
|
||||||
dbConf := database.DBConfig{
|
dbConf := database.DBConfig{
|
||||||
DB: config.DB,
|
DB: config.DB,
|
||||||
}
|
}
|
||||||
var plak Plak
|
var currentPlak plak
|
||||||
key := r.PathValue("key")
|
key := r.PathValue("key")
|
||||||
|
|
||||||
if dbConf.UrlExist(key) {
|
if dbConf.UrlExist(key) {
|
||||||
plak = Plak{
|
currentPlak = plak{
|
||||||
Key: key,
|
Key: key,
|
||||||
DB: config.DB,
|
DB: config.DB,
|
||||||
}
|
}
|
||||||
plak = plak.GetContent()
|
currentPlak = currentPlak.getContent()
|
||||||
if r.PathValue("settings") == "raw" {
|
if r.PathValue("settings") == "raw" {
|
||||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||||
_, err := io.WriteString(w, plak.Content)
|
_, err := io.WriteString(w, currentPlak.Content)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
}
|
}
|
||||||
|
@ -135,10 +179,13 @@ func (config WebConfig) View(w http.ResponseWriter, r *http.Request) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
err = t.Execute(w, plak)
|
err = t.Execute(w, currentPlak)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -146,24 +193,35 @@ func (config WebConfig) View(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete manage plak deletion endpoint
|
// DeleteRequest manage plak deletion endpoint
|
||||||
func (config WebConfig) Delete(w http.ResponseWriter, r *http.Request) {
|
func (config WebConfig) DeleteRequest(w http.ResponseWriter, r *http.Request) {
|
||||||
dbConf := database.DBConfig{
|
dbConf := database.DBConfig{
|
||||||
DB: config.DB,
|
DB: config.DB,
|
||||||
}
|
}
|
||||||
key := r.PathValue("key")
|
key := r.PathValue("key")
|
||||||
|
var valid bool
|
||||||
|
|
||||||
if dbConf.UrlExist(key) {
|
if dbConf.UrlExist(key) {
|
||||||
secret := r.URL.Query().Get("secret")
|
var err error
|
||||||
if dbConf.VerifySecret(key, secret) {
|
token := r.URL.Query().Get("secret")
|
||||||
plak := Plak{
|
|
||||||
|
valid, err = dbConf.VerifySecret(key, token)
|
||||||
|
if err != nil {
|
||||||
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
log.Println(err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if valid {
|
||||||
|
plak := plak{
|
||||||
Key: key,
|
Key: key,
|
||||||
DB: config.DB,
|
DB: config.DB,
|
||||||
}
|
}
|
||||||
err := plak.deletePlak()
|
err := plak.delete()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
w.WriteHeader(http.StatusNoContent)
|
w.WriteHeader(http.StatusNoContent)
|
||||||
return
|
return
|
||||||
} else {
|
} else {
|
||||||
|
@ -171,22 +229,23 @@ func (config WebConfig) Delete(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
w.WriteHeader(http.StatusNotFound)
|
w.WriteHeader(http.StatusNotFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
// deletePlak Delete plak from database
|
// delete DeleteRequest plak from database
|
||||||
func (plak Plak) deletePlak() error {
|
func (plak plak) delete() error {
|
||||||
err := plak.DB.Del(ctx, plak.Key).Err()
|
err := plak.DB.Del(ctx, plak.Key).Err()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return &DeletePlakError{Name: plak.Key, Err: err}
|
return &deletePlakError{name: plak.Key, err: err}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetContent get plak content
|
// getContent get plak content
|
||||||
func (plak Plak) GetContent() Plak {
|
func (plak plak) getContent() plak {
|
||||||
plak.Content = plak.DB.HGet(ctx, plak.Key, "content").Val()
|
plak.Content = plak.DB.HGet(ctx, plak.Key, "content").Val()
|
||||||
return plak
|
return plak
|
||||||
}
|
}
|
||||||
|
|
47
test/secret/secret_test.go
Normal file
47
test/secret/secret_test.go
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
package secret_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"regexp"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"git.gnous.eu/gnouseu/plakken/internal/constant"
|
||||||
|
"git.gnous.eu/gnouseu/plakken/internal/secret"
|
||||||
|
"golang.org/x/crypto/argon2"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestPasswordFormat(t *testing.T) {
|
||||||
|
regex := fmt.Sprintf("\\$argon2id\\$v=%d\\$m=%d,t=%d,p=%d\\$[A-Za-z0-9+/]*\\$[A-Za-z0-9+/]*$", argon2.Version, constant.ArgonMemory, constant.ArgonIterations, constant.ArgonThreads)
|
||||||
|
|
||||||
|
got, err := secret.Password("Password!")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
result, _ := regexp.MatchString(regex, got)
|
||||||
|
if !result {
|
||||||
|
t.Fatal("Error in Password, format is not valid "+": ", got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestVerifyPassword(t *testing.T) {
|
||||||
|
result, err := secret.VerifyPassword("Password!", "$argon2id$v=19$m=65536,t=2,p=4$A+t5YGpyy1BHCbvk/LP1xQ$eNuUj6B2ZqXlGi6KEqep39a7N4nysUIojuPXye+Ypp0")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !result {
|
||||||
|
t.Fatal("Error in VerifyPassword, got:", result, "want: ", true)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestVerifyPasswordInvalid(t *testing.T) {
|
||||||
|
result, err := secret.VerifyPassword("notsamepassword", "$argon2id$v=19$m=65536,t=2,p=4$A+t5YGpyy1BHCbvk/LP1xQ$eNuUj6B2ZqXlGi6KEqep39a7N4nysUIojuPXye+Ypp0")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if result {
|
||||||
|
t.Fatal("Error in VerifyPassword, got:", result, "want: ", false)
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue