cleanup crypt package

10 months ago · 193cb7c1c8
6 changed files with 31 additions and 45 deletions
--- a/2
+++ b/2
@ -30,7 +30,7 @@ install:
 package:
 	-rm -r ${TMP}
 	mkdir -p ${TMP}/clt
-	-mkdir -p releases
+	-mkdir -p releases/custom
 	cp ${GOPATH}/bin/go-blog ${TMP}/
 	cp ${GOPATH}/bin/create_user ${TMP}/clt
 	cp ${GOPATH}/bin/init_database ${TMP}/clt
--- a/crypt/crypt.go
+++ b/crypt/crypt.go
@ -8,41 +8,39 @@ package crypt
 import (
 	"crypto/rand"
 	"crypto/sha512"
-	"encoding/base64"
 	"encoding/hex"
+	"fmt"
 	"io"
 	"math/big"

 	"golang.org/x/crypto/bcrypt"
 )

-const (
+var (
 	//AlphaUpper all upper alphas chars
-	AlphaUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	AlphaUpper = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZ")
 	//AlphaLower all lowers alphas chars
-	AlphaLower = "abcdefghijklmnopqrstuvwxyz"
+	AlphaLower = RandomSource("abcdefghijklmnopqrstuvwxyz")
 	//AlphaUpperLower all upper and lowers aplhas chars
-	AlphaUpperLower = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+	AlphaUpperLower = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
 	//AlphaUpperLowerNumeric all upper lowers alphas and numerics
-	AlphaUpperLowerNumeric = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz"
-	//AlphaUpperLowerNumericSpecial all upper lowers alphas, numerics and special chas
-	AlphaUpperLowerNumericSpecial = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456890" +
-		"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
+	AlphaUpperLowerNumeric = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz")
+	//AlphaUpperLowerNumericSpecial all upper lowers alphas, numerics and special chars
+	AlphaUpperLowerNumericSpecial = RandomSource("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456890" +
+		"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~")
 )

-//RandomSource express which chars should be considered
-type RandomSource struct {
-	CharsToGen string
-}
+//RandomSource string containing which characters should be considered when generating random sequences
+type RandomSource string

 //RandomSequence returns random character with given length;
-//random source express which chars should be considered
 func (r RandomSource) RandomSequence(length int) []byte {
 	result := make([]byte, length)
 	for i := 0; i < length; i++ {
-		char, _ := rand.Int(rand.Reader, big.NewInt(int64(len(r.CharsToGen))))
-		result[i] = r.CharsToGen[int(char.Int64())]
+		char, _ := rand.Int(rand.Reader, big.NewInt(int64(len(r))))
+		result[i] = r[int(char.Int64())]
 	}
+	fmt.Println(result)
 	return result
 }

@ -55,7 +53,7 @@ func RandomSecureKey(length int) []byte {
 	return k
 }

-//CryptPassword bcrypts a password at given costs
+//CryptPassword hashes a password with bcrypt and a given cost
 func CryptPassword(password []byte, cost int) ([]byte, error) {
 	s, err := bcrypt.GenerateFromPassword(password, cost)

@ -68,21 +66,7 @@ func CryptPassword(password []byte, cost int) ([]byte, error) {

 //GenerateSalt generates a random salt with alphanumerics and some special characters
 func GenerateSalt() []byte {
-	r := RandomSource{
-		CharsToGen: AlphaUpperLowerNumericSpecial,
-	}
-	return r.RandomSequence(32)
-}
-
-//EncodeBase64 encodes a string to base64
-func EncodeBase64(input string) string {
-	return base64.StdEncoding.EncodeToString([]byte(input))
-}
-
-//DecodeBase64 descodes a string to base64
-func DecodeBase64(b64 string) (string, error) {
-	out, err := base64.StdEncoding.DecodeString(b64)
-	return string(out), err
+	return AlphaUpperLowerNumericSpecial.RandomSequence(32)
 }

 func RandomHash(length int) string {
--- a/go.mod
+++ b/go.mod
@ -13,7 +13,7 @@ require (
 	github.com/microcosm-cc/bluemonday v1.0.4
 	github.com/russross/blackfriday/v2 v2.1.0
 	github.com/sirupsen/logrus v1.7.0
-	golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392
-	golang.org/x/net v0.0.0-20201110031124-69a78807bb2b // indirect
-	golang.org/x/sys v0.0.0-20201126233918-771906719818 // indirect
+	golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c
+	golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb // indirect
+	golang.org/x/sys v0.0.0-20201204225414-ed752295db88 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -40,16 +40,22 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392 h1:xYJJ3S178yv++9zXV/hnr29plCAGO9vAFG9dorqaFQc=
 golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c h1:9HhBz5L/UjnK9XLtiZhYAdue5BVKep3PMmS2LuPDt8k=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb h1:eBmm0M9fYhWpKZLjQUUKka/LtIxf46G4fxeEz5KJr9U=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201126233918-771906719818 h1:f1CIuDlJhwANEC2MM87MBEVMr3jl5bifgsfj90XAF9c=
 golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88 h1:KmZPnMocC93w341XZp26yTJg8Za7lhb2KhkYmixoeso=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
--- a/middleware/middleware_util.go
+++ b/middleware/middleware_util.go
@ -5,12 +5,12 @@
 package middleware

 import (
+	"encoding/base64"
 	"net"
 	"net/http"
 	"strings"
 	"time"

-	"git.hoogi.eu/snafu/go-blog/crypt"
 	"git.hoogi.eu/snafu/go-blog/logger"
 )

@ -72,7 +72,7 @@ func setCookie(rw http.ResponseWriter, name, path, data string) {
 	c := &http.Cookie{
 		Name:  name,
 		Path:  path,
-		Value: crypt.EncodeBase64(data),
+		Value: base64.StdEncoding.EncodeToString([]byte(data)),
 	}

 	http.SetCookie(rw, c)
@ -88,7 +88,7 @@ func getFlash(w http.ResponseWriter, r *http.Request, name string) (string, erro
 			return "", err
 		}
 	}
-	value, err := crypt.DecodeBase64(c.Value)
+	value, err := base64.StdEncoding.DecodeString(c.Value)
 	if err != nil {
 		return "", err
 	}
@ -102,5 +102,5 @@ func getFlash(w http.ResponseWriter, r *http.Request, name string) (string, erro

 	http.SetCookie(w, dc)

-	return value, nil
+	return string(value), nil
 }
--- a/settings/config.go
+++ b/settings/config.go
@ -286,11 +286,7 @@ func (cfg *Settings) GenerateCSRF() (bool, error) {

 		if _, err := os.Stat(csrfTokenFilename); os.IsNotExist(err) {
 			//create a random csrf token
-			r := crypt.RandomSource{
-				CharsToGen: crypt.AlphaUpperLowerNumericSpecial,
-			}
-
-			b = r.RandomSequence(32)
+			b = crypt.AlphaUpperLowerNumericSpecial.RandomSequence(32)

 			err := ioutil.WriteFile(csrfTokenFilename, b, 0640)