package auth import ( "crypto/rand" "encoding/hex" "errors" "time" "github.com/jmoiron/sqlx" "github.com/rs/zerolog/log" "golang.org/x/crypto/bcrypt" "code.chrissexton.org/cws/cabinet/config" "code.chrissexton.org/cws/cabinet/db" ) type User struct { *db.Database ID int64 Name string Hash []byte AuthKey string `db:"auth_key"` Invalidate time.Time } func PrepareTable(tx *sqlx.Tx) error { q := `create table if not exists users ( id integer primary key, name text unique not null, hash text not null, auth_key text, invalidate datetime )` _, err := tx.Exec(q) return err } func makeKey() (string, error) { keySize := config.GetInt("key.size", 10) buf := make([]byte, keySize) _, err := rand.Read(buf) if err != nil { return "", err } key := hex.EncodeToString(buf) log.Debug().Msgf("Encoded secret key %s as %s", string(buf), key) return key, nil } func New(db *db.Database, name, password string) (*User, error) { q := `insert or replace into users values (null, ?, ?, ?, ?)` key, err := makeKey() if err != nil { return nil, err } invalidate := time.Now().Add(time.Duration(config.GetInt("invalidate.hours", 7*24)) * time.Hour) hash, err := bcrypt.GenerateFromPassword([]byte(password), config.GetInt("hash.cost", 10)) if err != nil { return nil, err } res, err := db.Exec(q, name, hash, key, invalidate) if err != nil { return nil, err } id, err := res.LastInsertId() if err != nil { return nil, err } u := &User{ ID: id, Name: name, AuthKey: key, Invalidate: invalidate, } u.Set(password) return u, nil } func Get(db *db.Database, name string) (*User, error) { q := `select * from users where name = ?` u := &User{} if err := db.Get(u, q, name); err != nil { return nil, err } return u, nil } func (u *User) Set(newPassword string) error { hash, err := bcrypt.GenerateFromPassword([]byte(newPassword), 0) if err != nil { return err } u.Hash = hash return nil } func (u *User) Validate(password string) bool { err := bcrypt.CompareHashAndPassword(u.Hash, []byte(password)) if err != nil { log.Debug().Err(err).Msg("incorrect credentials") return false } return true } func GetByKey(db *db.Database, key string) (*User, error) { q := `select * from users where auth_key = ?` u := &User{} invalid := errors.New("invalid key") if err := db.Get(u, q, key); err != nil { if err.Error() == "sql: no rows in result set" { return nil, invalid } return nil, err } if u.Invalidate.Before(time.Now()) { return nil, invalid } return u, nil }