Browse Source

cleanup crypt package

cleanup
Lars Hoogestraat 1 month ago
parent
commit
193cb7c1c8
6 changed files with 31 additions and 45 deletions
  1. +1
    -1
      Makefile
  2. +16
    -32
      crypt/crypt.go
  3. +3
    -3
      go.mod
  4. +6
    -0
      go.sum
  5. +4
    -4
      middleware/middleware_util.go
  6. +1
    -5
      settings/config.go

+ 1
- 1
Makefile View File

@ -30,7 +30,7 @@ install:
package:
-rm -r ${TMP}
mkdir -p ${TMP}/clt
-mkdir -p releases
-mkdir -p releases/custom
cp ${GOPATH}/bin/go-blog ${TMP}/
cp ${GOPATH}/bin/create_user ${TMP}/clt
cp ${GOPATH}/bin/init_database ${TMP}/clt


+ 16
- 32
crypt/crypt.go View File

@ -8,41 +8,39 @@ package crypt
import (
"crypto/rand"
"crypto/sha512"
"encoding/base64"
"encoding/hex"
"fmt"
"io"
"math/big"
"golang.org/x/crypto/bcrypt"
)
const (
var (
//AlphaUpper all upper alphas chars
AlphaUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
AlphaUpper = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZ")
//AlphaLower all lowers alphas chars
AlphaLower = "abcdefghijklmnopqrstuvwxyz"
AlphaLower = RandomSource("abcdefghijklmnopqrstuvwxyz")
//AlphaUpperLower all upper and lowers aplhas chars
AlphaUpperLower = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
AlphaUpperLower = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
//AlphaUpperLowerNumeric all upper lowers alphas and numerics
AlphaUpperLowerNumeric = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz"
//AlphaUpperLowerNumericSpecial all upper lowers alphas, numerics and special chas
AlphaUpperLowerNumericSpecial = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456890" +
"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
AlphaUpperLowerNumeric = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz")
//AlphaUpperLowerNumericSpecial all upper lowers alphas, numerics and special chars
AlphaUpperLowerNumericSpecial = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456890" +
"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~")
)
//RandomSource express which chars should be considered
type RandomSource struct {
CharsToGen string
}
//RandomSource string containing which characters should be considered when generating random sequences
type RandomSource string
//RandomSequence returns random character with given length;
//random source express which chars should be considered
func (r RandomSource) RandomSequence(length int) []byte {
result := make([]byte, length)
for i := 0; i < length; i++ {
char, _ := rand.Int(rand.Reader, big.NewInt(int64(len(r.CharsToGen))))
result[i] = r.CharsToGen[int(char.Int64())]
char, _ := rand.Int(rand.Reader, big.NewInt(int64(len(r))))
result[i] = r[int(char.Int64())]
}
fmt.Println(result)
return result
}
@ -55,7 +53,7 @@ func RandomSecureKey(length int) []byte {
return k
}
//CryptPassword bcrypts a password at given costs
//CryptPassword hashes a password with bcrypt and a given cost
func CryptPassword(password []byte, cost int) ([]byte, error) {
s, err := bcrypt.GenerateFromPassword(password, cost)
@ -68,21 +66,7 @@ func CryptPassword(password []byte, cost int) ([]byte, error) {
//GenerateSalt generates a random salt with alphanumerics and some special characters
func GenerateSalt() []byte {
r := RandomSource{
CharsToGen: AlphaUpperLowerNumericSpecial,
}
return r.RandomSequence(32)
}
//EncodeBase64 encodes a string to base64
func EncodeBase64(input string) string {
return base64.StdEncoding.EncodeToString([]byte(input))
}
//DecodeBase64 descodes a string to base64
func DecodeBase64(b64 string) (string, error) {
out, err := base64.StdEncoding.DecodeString(b64)
return string(out), err
return AlphaUpperLowerNumericSpecial.RandomSequence(32)
}
func RandomHash(length int) string {


+ 3
- 3
go.mod View File

@ -13,7 +13,7 @@ require (
github.com/microcosm-cc/bluemonday v1.0.4
github.com/russross/blackfriday/v2 v2.1.0
github.com/sirupsen/logrus v1.7.0
golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b // indirect
golang.org/x/sys v0.0.0-20201126233918-771906719818 // indirect
golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c
golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb // indirect
golang.org/x/sys v0.0.0-20201204225414-ed752295db88 // indirect
)

+ 6
- 0
go.sum View File

@ -40,16 +40,22 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 h1:xYJJ3S178yv++9zXV/hnr29plCAGO9vAFG9dorqaFQc=
golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c h1:9HhBz5L/UjnK9XLtiZhYAdue5BVKep3PMmS2LuPDt8k=
golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb h1:eBmm0M9fYhWpKZLjQUUKka/LtIxf46G4fxeEz5KJr9U=
golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201126233918-771906719818 h1:f1CIuDlJhwANEC2MM87MBEVMr3jl5bifgsfj90XAF9c=
golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201204225414-ed752295db88 h1:KmZPnMocC93w341XZp26yTJg8Za7lhb2KhkYmixoeso=
golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=


+ 4
- 4
middleware/middleware_util.go View File

@ -5,12 +5,12 @@
package middleware
import (
"encoding/base64"
"net"
"net/http"
"strings"
"time"
"git.hoogi.eu/snafu/go-blog/crypt"
"git.hoogi.eu/snafu/go-blog/logger"
)
@ -72,7 +72,7 @@ func setCookie(rw http.ResponseWriter, name, path, data string) {
c := &http.Cookie{
Name: name,
Path: path,
Value: crypt.EncodeBase64(data),
Value: base64.StdEncoding.EncodeToString([]byte(data)),
}
http.SetCookie(rw, c)
@ -88,7 +88,7 @@ func getFlash(w http.ResponseWriter, r *http.Request, name string) (string, erro
return "", err
}
}
value, err := crypt.DecodeBase64(c.Value)
value, err := base64.StdEncoding.DecodeString(c.Value)
if err != nil {
return "", err
}
@ -102,5 +102,5 @@ func getFlash(w http.ResponseWriter, r *http.Request, name string) (string, erro
http.SetCookie(w, dc)
return value, nil
return string(value), nil
}

+ 1
- 5
settings/config.go View File

@ -286,11 +286,7 @@ func (cfg *Settings) GenerateCSRF() (bool, error) {
if _, err := os.Stat(csrfTokenFilename); os.IsNotExist(err) {
//create a random csrf token
r := crypt.RandomSource{
CharsToGen: crypt.AlphaUpperLowerNumericSpecial,
}
b = r.RandomSequence(32)
b = crypt.AlphaUpperLowerNumericSpecial.RandomSequence(32)
err := ioutil.WriteFile(csrfTokenFilename, b, 0640)


Loading…
Cancel
Save