202 lines
4.6 KiB
Go
202 lines
4.6 KiB
Go
package database
|
|
|
|
import (
|
|
"time"
|
|
|
|
log "github.com/cihub/seelog"
|
|
|
|
"bytes"
|
|
"crypto/rand"
|
|
"errors"
|
|
"regexp"
|
|
|
|
"golang.org/x/crypto/scrypt"
|
|
)
|
|
|
|
var alphaNumeric = regexp.MustCompile(`^[a-zA-Z0-9_\-\.]+$`).MatchString
|
|
|
|
type User struct {
|
|
ID int `pg:"type:serial"`
|
|
Username string `pg:"type:varchar(255),unique"`
|
|
Password []byte
|
|
Salt []byte
|
|
Role string `pg:"type:varchar(255)"`
|
|
LastLogin time.Time
|
|
}
|
|
|
|
func (db *pgDB) AddUser(name string, pass string) error {
|
|
if !validUserName(name) {
|
|
return errors.New("Invalid user name. Username needs to have at least 3 characters and can only be letters, numbers, '-', '_' and '.'.")
|
|
}
|
|
num, err := db.sql.Model(&User{}).Where("lower(username) = lower(?)", name).Count()
|
|
if err != nil {
|
|
log.Error("Error on database checking user ", name, ": ", err)
|
|
return errors.New("An error happen on the database")
|
|
}
|
|
if num != 0 {
|
|
return errors.New("User name already exist")
|
|
}
|
|
|
|
hpass, salt, err := hashPass(pass)
|
|
if err != nil {
|
|
log.Error("Error hashing password: ", err)
|
|
return errors.New("An error happen storing the password")
|
|
}
|
|
return db.AddRawUser(name, hpass, salt, "")
|
|
}
|
|
|
|
func (db *pgDB) SetAdminUser(name string, pass string) error {
|
|
|
|
if !validAdminUserName(name) {
|
|
return errors.New("Invalid admin user name. Username needs to have at least 3 characters and can only be letters, numbers, '-', '_' and '.'.")
|
|
}
|
|
|
|
num, err := db.sql.Model(&User{}).Where("lower(username) = lower(?)", name).Count()
|
|
if err != nil {
|
|
log.Error("Error on database checking user ", name, ": ", err)
|
|
return errors.New("An error happen on the database")
|
|
}
|
|
if num != 0 {
|
|
err := db.SetRole(name, "admin")
|
|
if err != nil {
|
|
log.Error("Error updating admin user ", name, ": ", err)
|
|
return errors.New("Error updating admin user")
|
|
}
|
|
return db.SetPassword(name, pass)
|
|
}
|
|
|
|
hpass, salt, err := hashPass(pass)
|
|
if err != nil {
|
|
log.Error("Error hashing password: ", err)
|
|
return errors.New("An error happen storing the password")
|
|
}
|
|
return db.AddRawUser(name, hpass, salt, "admin")
|
|
|
|
}
|
|
|
|
func (db *pgDB) AddRawUser(name string, hpass []byte, salt []byte, role string) error {
|
|
u := User{
|
|
Username: name,
|
|
Password: hpass,
|
|
Salt: salt,
|
|
Role: role,
|
|
}
|
|
_, err := db.sql.Model(&u).Insert()
|
|
return err
|
|
}
|
|
|
|
func (db *pgDB) GetRole(name string) (string, error) {
|
|
var u User
|
|
err := db.sql.Model(&u).Where("lower(username) = lower(?)", name).Select()
|
|
return u.Role, err
|
|
}
|
|
|
|
func (db *pgDB) SetRole(name, role string) error {
|
|
_, err := db.sql.Model(&User{}).
|
|
Set("role = ?", role).
|
|
Where("lower(username) = lower(?)", name).
|
|
Update()
|
|
return err
|
|
}
|
|
|
|
func (db *pgDB) ValidPassword(name string, pass string) bool {
|
|
var u User
|
|
err := db.sql.Model(&u).Where("lower(username) = lower(?)", name).Select()
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
hash, err := calculateHash(pass, u.Salt)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
if bytes.Compare(u.Password, hash) != 0 {
|
|
return false
|
|
}
|
|
|
|
_, err = db.sql.Model(&User{}).
|
|
Set("last_login = CURRENT_TIMESTAMP").
|
|
Where("id = ?", u.ID).
|
|
Update()
|
|
if err != nil {
|
|
log.Error("Error updating last login for ", u.Username, ": ", err)
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (db *pgDB) SetPassword(name string, pass string) error {
|
|
hash, salt, err := hashPass(pass)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = db.sql.Model(&User{}).
|
|
Set("password = ?, salt = ?", hash, salt).
|
|
Where("lower(username) = lower(?)", name).
|
|
Update()
|
|
return err
|
|
}
|
|
|
|
func (db *pgDB) ListUsers() ([]User, error) {
|
|
var users []User
|
|
err := db.sql.Model(&users).Select()
|
|
return users, err
|
|
}
|
|
|
|
func (db *pgDB) getUser(name string) (User, error) {
|
|
var user User
|
|
err := db.sql.Model(&user).
|
|
Where("lower(username) = lower(?)", name).
|
|
Select()
|
|
return user, err
|
|
}
|
|
|
|
func validAdminUserName(name string) bool {
|
|
if len(name) < 3 {
|
|
return false
|
|
}
|
|
if !alphaNumeric(name) {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func validUserName(name string) bool {
|
|
if !validAdminUserName(name) {
|
|
return false
|
|
}
|
|
switch name {
|
|
case "", "admin", "webmaster", "postmaster", "info", "root", "news", "trantor", "librarian", "library", "imperial":
|
|
return false
|
|
default:
|
|
return true
|
|
}
|
|
}
|
|
|
|
func hashPass(pass string) (hash []byte, salt []byte, err error) {
|
|
salt, err = genSalt()
|
|
if err != nil {
|
|
return
|
|
}
|
|
hash, err = calculateHash(pass, salt)
|
|
return
|
|
}
|
|
|
|
func genSalt() ([]byte, error) {
|
|
const saltLen = 64
|
|
|
|
b := make([]byte, saltLen)
|
|
_, err := rand.Read(b)
|
|
return b, err
|
|
}
|
|
|
|
func calculateHash(pass string, salt []byte) ([]byte, error) {
|
|
const (
|
|
N = 16384
|
|
r = 8
|
|
p = 1
|
|
keyLen = 32
|
|
)
|
|
|
|
bpass := []byte(pass)
|
|
return scrypt.Key(bpass, salt, N, r, p, keyLen)
|
|
}
|