summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
authorsanine <sanine.not@pm.me>2023-05-14 20:12:06 -0500
committersanine <sanine.not@pm.me>2023-05-14 20:12:06 -0500
commit5b4251fd39c43e4cfed27e032a4efb2bbba28e38 (patch)
treef51840d5607eba0db9262045e330a1c8b8393449 /auth
parent9571ccc4d87907067df98edeaa78f0c167fcff43 (diff)
add auth & pages
Diffstat (limited to 'auth')
-rw-r--r--auth/auth.go33
-rw-r--r--auth/session.go112
2 files changed, 145 insertions, 0 deletions
diff --git a/auth/auth.go b/auth/auth.go
new file mode 100644
index 0000000..ac908ab
--- /dev/null
+++ b/auth/auth.go
@@ -0,0 +1,33 @@
+package auth
+
+import (
+ "golang.org/x/crypto/argon2"
+ "crypto/rand"
+ "sanine.net/git/phlox/config"
+)
+
+
+func GenerateSalt() ([]byte, error) {
+ salt := make([]byte, 10)
+ _, err := rand.Read(salt)
+ return salt, err
+}
+
+
+func HashPassword(password string, salt []byte) []byte {
+ return argon2.IDKey(
+ []byte(password), salt,
+ 1, 64*1024, 4, 32,
+ )
+}
+
+
+func AuthenticateUser(user config.User, password string) bool {
+ hash := HashPassword(password, user.Salt)
+ for i, v := range user.PasswordHash {
+ if v != hash[i] {
+ return false;
+ }
+ }
+ return true
+}
diff --git a/auth/session.go b/auth/session.go
new file mode 100644
index 0000000..1524e6b
--- /dev/null
+++ b/auth/session.go
@@ -0,0 +1,112 @@
+package auth
+
+import (
+ "fmt"
+ "time"
+ "sync"
+ "crypto/rand"
+ "encoding/base64"
+)
+
+
+type Session struct {
+ Created time.Time
+ Modified time.Time
+}
+
+
+type Sessions struct {
+ s map[string]Session
+ lock sync.Mutex
+}
+
+
+func NewSessionContainer() *Sessions {
+ return &Sessions{
+ s: make(map[string]Session),
+ }
+}
+
+
+func createSessionId() (string, error) {
+ bytes := make([]byte, 32)
+ _, err := rand.Read(bytes)
+ if err != nil {
+ return "", err
+ }
+
+ return base64.StdEncoding.EncodeToString(bytes), nil
+}
+
+
+func (s *Sessions) NewSession() (string, error) {
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ id, err := createSessionId()
+ if err != nil {
+ return "", err
+ }
+
+ session := Session{
+ Created: time.Now(),
+ Modified: time.Now(),
+ }
+
+ s.s[id] = session
+ return id, nil
+}
+
+
+func (s *Sessions) IsSessionValid(id string) bool {
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ _, ok := s.s[id]
+ return ok
+}
+
+
+func (s *Sessions) GetSession(id string) (Session, error) {
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ session, ok := s.s[id]
+ if !ok {
+ return Session{}, fmt.Errorf("invalid session id: %v", id)
+ }
+ return session, nil
+}
+
+
+func (s *Sessions) TouchSession(id string) {
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ session := s.s[id]
+ session.Modified = time.Now()
+ s.s[id] = session
+}
+
+
+func (s *Sessions) DeleteSession(id string) {
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ delete(s.s, id)
+}
+
+
+func (s *Sessions) CleanSessions(maxIdle time.Duration) {
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ expire := time.Now().Add(-maxIdle)
+ for id, session := range s.s {
+ if session.Modified.Before(expire) {
+ // last modified before the expiration time
+ // so this session is expired
+ delete(s.s, id)
+ }
+ }
+}