Don't disclose too much informations about users
This commit is contained in:
parent
1263b87d1f
commit
efc6246685
|
@ -5,6 +5,7 @@ import (
|
|||
"errors"
|
||||
"io"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/julienschmidt/httprouter"
|
||||
|
||||
|
@ -22,9 +23,19 @@ func init() {
|
|||
}))
|
||||
}
|
||||
|
||||
type DisplayUser struct {
|
||||
Id int64 `json:"id"`
|
||||
Email string `json:"email"`
|
||||
RegistrationTime *time.Time `json:"registration_time,omitempty"`
|
||||
}
|
||||
|
||||
func validateAuthToken(_ *config.Options, u *happydns.User, _ httprouter.Params, _ io.Reader) Response {
|
||||
return APIResponse{
|
||||
response: u,
|
||||
response: &DisplayUser{
|
||||
Id: u.Id,
|
||||
Email: u.Email,
|
||||
RegistrationTime: u.RegistrationTime,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -83,7 +94,7 @@ func checkAuth(_ httprouter.Params, body io.Reader) Response {
|
|||
}
|
||||
} else if !user.CheckAuth(lf.Password) {
|
||||
return APIErrorResponse{
|
||||
err: errors.New(`{"status": "Invalid username or password"}`),
|
||||
err: errors.New(`Invalid username or password`),
|
||||
status: http.StatusUnauthorized,
|
||||
}
|
||||
} else {
|
||||
|
|
13
api/users.go
13
api/users.go
|
@ -13,22 +13,9 @@ import (
|
|||
)
|
||||
|
||||
func init() {
|
||||
router.GET("/api/users", apiHandler(listUsers))
|
||||
router.POST("/api/users", apiHandler(registerUser))
|
||||
}
|
||||
|
||||
func listUsers(_ httprouter.Params, _ io.Reader) Response {
|
||||
if users, err := storage.MainStore.GetUsers(); err != nil {
|
||||
return APIErrorResponse{
|
||||
err: err,
|
||||
}
|
||||
} else {
|
||||
return APIResponse{
|
||||
response: users,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
type UploadedUser struct {
|
||||
Email string
|
||||
Password string
|
||||
|
|
|
@ -8,33 +8,46 @@ import (
|
|||
)
|
||||
|
||||
type User struct {
|
||||
Id int64 `json:"id"`
|
||||
Email string `json:"email"`
|
||||
Id int64
|
||||
Email string
|
||||
Password []byte
|
||||
Salt []byte
|
||||
RegistrationTime *time.Time `json:"registration_time"`
|
||||
RegistrationTime *time.Time
|
||||
}
|
||||
|
||||
type Users []*User
|
||||
|
||||
func GenPassword(password string, salt []byte) []byte {
|
||||
return hmac.New(sha512.New512_224, []byte(password)).Sum([]byte(salt))
|
||||
return hmac.New(sha512.New512_224, []byte(password)).Sum(salt)
|
||||
}
|
||||
|
||||
func NewUser(email string, password string) (*User, error) {
|
||||
salt := make([]byte, 64)
|
||||
if _, err := rand.Read(salt); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
hashedpass := GenPassword(password, salt)
|
||||
func NewUser(email string, password string) (u *User, err error) {
|
||||
t := time.Now()
|
||||
return &User{
|
||||
|
||||
u = &User{
|
||||
Id: 0,
|
||||
Email: email,
|
||||
Password: hashedpass,
|
||||
Salt: salt,
|
||||
RegistrationTime: &t,
|
||||
}, nil
|
||||
}
|
||||
|
||||
err = u.DefinePassword(password)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// DefinePassword computes the expected hash for the given password and also
|
||||
// renew the User's Salt.
|
||||
func (u *User) DefinePassword(password string) error {
|
||||
// Renew salt
|
||||
u.Salt = make([]byte, 64)
|
||||
if _, err := rand.Read(u.Salt); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Compute password hash
|
||||
u.Password = GenPassword(password, u.Salt)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *User) CheckAuth(password string) bool {
|
||||
|
|
Loading…
Reference in New Issue