mycorrhiza/user/net.go

package user

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
	"log"
	"net/http"
	"sort"
	"strings"
	"time"

	"github.com/bouncepaw/mycorrhiza/cfg"
	"github.com/bouncepaw/mycorrhiza/util"
	"golang.org/x/crypto/bcrypt"
)

// CanProceed returns `true` if the user in `rq` has enough rights to access `route`.
func CanProceed(rq *http.Request, route string) bool {
	return FromRequest(rq).CanProceed(route)
}

// FromRequest returns user from `rq`. If there is no user, an anon user is returned instead.
func FromRequest(rq *http.Request) *User {
	cookie, err := rq.Cookie("mycorrhiza_token")
	if err != nil {
		return EmptyUser()
	}
	return ByToken(cookie.Value)
}

// LogoutFromRequest logs the user in `rq` out and rewrites the cookie in `w`.
func LogoutFromRequest(w http.ResponseWriter, rq *http.Request) {
	cookieFromUser, err := rq.Cookie("mycorrhiza_token")
	if err == nil {
		http.SetCookie(w, cookie("token", "", time.Unix(0, 0)))
		terminateSession(cookieFromUser.Value)
	}
}

// Register registers the given user. If it fails, a non-nil error is returned.
func Register(username, password, group, source string, force bool) error {
	username = util.CanonicalName(username)

	switch {
	case !IsValidUsername(username):
		return fmt.Errorf("illegal username ‘%s’", username)
	case !ValidGroup(group):
		return fmt.Errorf("invalid group ‘%s’", group)
	case !ValidSource(source):
		return fmt.Errorf("invalid source ‘%s’", source)
	case HasUsername(username):
		return fmt.Errorf("username ‘%s’ is already taken", username)
	case !force && cfg.RegistrationLimit > 0 && Count() >= cfg.RegistrationLimit:
		return fmt.Errorf("reached the limit of registered users (%d)", cfg.RegistrationLimit)
	}

	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return err
	}

	u := User{
		Name:         username,
		Group:        group,
		Source:       source,
		Password:     string(hash),
		RegisteredAt: time.Now(),
	}
	users.Store(username, &u)
	return SaveUserDatabase()
}

// LoginDataHTTP logs such user in and returns string representation of an error if there is any.
//
// The HTTP parameters are used for setting header status (bad request, if it is bad) and saving a cookie.
func LoginDataHTTP(w http.ResponseWriter, rq *http.Request, username, password string) string {
	w.Header().Set("Content-Type", "text/html;charset=utf-8")
	if !HasUsername(username) {
		w.WriteHeader(http.StatusBadRequest)
		log.Println("Unknown username", username, "was entered")
		return "unknown username"
	}
	if !CredentialsOK(username, password) {
		w.WriteHeader(http.StatusBadRequest)
		log.Println("A wrong password was entered for username", username)
		return "wrong password"
	}
	token, err := AddSession(username)
	if err != nil {
		log.Println(err)
		w.WriteHeader(http.StatusBadRequest)
		return err.Error()
	}
	http.SetCookie(w, cookie("token", token, time.Now().Add(365*24*time.Hour)))
	return ""
}

// AddSession saves a session for `username` and returns a token to use.
func AddSession(username string) (string, error) {
	token, err := util.RandomString(16)
	if err == nil {
		commenceSession(username, token)
		log.Println("New token for", username, "is", token)
	}
	return token, err
}

// A handy cookie constructor
func cookie(nameSuffix, val string, t time.Time) *http.Cookie {
	return &http.Cookie{
		Name:    "mycorrhiza_" + nameSuffix,
		Value:   val,
		Expires: t,
		Path:    "/",
	}
}

// TelegramAuthParamsAreValid is true if the given params are ok.
func TelegramAuthParamsAreValid(params map[string][]string) bool {
	// According to the Telegram documentation,
	// > You can verify the authentication and the integrity of the data received by comparing the received hash parameter with the hexadecimal representation of the HMAC-SHA-256 signature of the data-check-string with the SHA256 hash of the bot's token used as a secret key.
	tokenHash := sha256.New()
	tokenHash.Write([]byte(cfg.TelegramBotToken))
	secretKey := tokenHash.Sum(nil)

	hash := hmac.New(sha256.New, secretKey)
	hash.Write([]byte(telegramDataCheckString(params)))
	hexHash := hex.EncodeToString(hash.Sum(nil))

	passedHash := params["hash"][0]
	return passedHash == hexHash
}

// According to the Telegram documentation,
// > Data-check-string is a concatenation of all received fields, sorted in alphabetical order, in the format key=<value> with a line feed character ('\n', 0x0A) used as separator – e.g., 'auth_date=<auth_date>\nfirst_name=<first_name>\nid=<id>\nusername=<username>'.
//
// Note that hash is not used here.
func telegramDataCheckString(params map[string][]string) string {
	var lines []string
	for key, value := range params {
		if key == "hash" {
			continue
		}
		lines = append(lines, fmt.Sprintf("%s=%s", key, value[0]))
	}
	sort.Strings(lines)
	return strings.Join(lines, "\n")
}
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+								package user
 								import (
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+									"crypto/hmac"
 									"crypto/sha256"
 									"encoding/hex"
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+									"fmt"
 									"log"
 									"net/http"
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+									"sort"
 									"strings"
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+									"time"
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
-												Actually check for illegal username, pretty errors

											
										
										
											2021-07-01 08:45:03 +00:00
+									"github.com/bouncepaw/mycorrhiza/cfg"
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+									"github.com/bouncepaw/mycorrhiza/util"
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+									"golang.org/x/crypto/bcrypt"
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+								)
 								// CanProceed returns `true` if the user in `rq` has enough rights to access `route`.
 								func CanProceed(rq *http.Request, route string) bool {
 									return FromRequest(rq).CanProceed(route)
 								}
 								// FromRequest returns user from `rq`. If there is no user, an anon user is returned instead.
 								func FromRequest(rq *http.Request) *User {
 									cookie, err := rq.Cookie("mycorrhiza_token")
 									if err != nil {
-												Move the user link to the header links

											
										
										
											2021-01-24 07:30:14 +00:00
+										return EmptyUser()
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+									}
-												Housekeeping with linter

'I do as the golint guides'

											
										
										
											2021-10-01 17:12:16 +00:00
+									return ByToken(cookie.Value)
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+								}
 								// LogoutFromRequest logs the user in `rq` out and rewrites the cookie in `w`.
 								func LogoutFromRequest(w http.ResponseWriter, rq *http.Request) {
 									cookieFromUser, err := rq.Cookie("mycorrhiza_token")
 									if err == nil {
 										http.SetCookie(w, cookie("token", "", time.Unix(0, 0)))
 										terminateSession(cookieFromUser.Value)
 									}
 								}
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+								// Register registers the given user. If it fails, a non-nil error is returned.
-												Mark user's source: local or telegram

											
										
										
											2021-07-14 21:00:35 +00:00
+								func Register(username, password, group, source string, force bool) error {
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+									username = util.CanonicalName(username)
-												Add -create-admin flag

It allows for interactive creation of admin account from the terminal
for new wikis. Because we have a chicken-and-egg problem here with the
user panel -- you need an admin account to appoint someone as an admin,
right?

											
										
										
											2021-07-02 10:25:13 +00:00
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+									switch {
-												Improve validation helpers

Still, there are a lot of bugs in the shroom module to be fixed later.

											
										
										
											2021-10-27 06:43:01 +00:00
+									case !IsValidUsername(username):
-												Get rid of " in some places

Violently

											
										
										
											2021-08-12 12:12:53 +00:00
+										return fmt.Errorf("illegal username ‘%s’", username)
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
+									case !ValidGroup(group):
-												Get rid of " in some places

Violently

											
										
										
											2021-08-12 12:12:53 +00:00
+										return fmt.Errorf("invalid group ‘%s’", group)
-												Mark user's source: local or telegram

											
										
										
											2021-07-14 21:00:35 +00:00
+									case !ValidSource(source):
-												Get rid of " in some places

Violently

											
										
										
											2021-08-12 12:12:53 +00:00
+										return fmt.Errorf("invalid source ‘%s’", source)
-												New user form in /admin/users/

											
										
										
											2021-07-02 12:02:42 +00:00
+									case HasUsername(username):
-												Get rid of " in some places

Violently

											
										
										
											2021-08-12 12:12:53 +00:00
+										return fmt.Errorf("username ‘%s’ is already taken", username)
-												Add -create-admin flag

It allows for interactive creation of admin account from the terminal
for new wikis. Because we have a chicken-and-egg problem here with the
user panel -- you need an admin account to appoint someone as an admin,
right?

											
										
										
											2021-07-02 10:25:13 +00:00
+									case !force && cfg.RegistrationLimit > 0 && Count() >= cfg.RegistrationLimit:
 										return fmt.Errorf("reached the limit of registered users (%d)", cfg.RegistrationLimit)
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+									}
-												Add -create-admin flag

It allows for interactive creation of admin account from the terminal
for new wikis. Because we have a chicken-and-egg problem here with the
user panel -- you need an admin account to appoint someone as an admin,
right?

											
										
										
											2021-07-02 10:25:13 +00:00
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+									hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 									if err != nil {
 										return err
 									}
-												Add -create-admin flag

It allows for interactive creation of admin account from the terminal
for new wikis. Because we have a chicken-and-egg problem here with the
user panel -- you need an admin account to appoint someone as an admin,
right?

											
										
										
											2021-07-02 10:25:13 +00:00
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+									u := User{
-												Drop fixed authorization

Important changes:
- UseFixedAuth is now UseAuth and toggles all kinds of authorization and
  registration
- UseRegistration is now AllowRegistration to better reflect the meaning
- LimitRegistration is now RegistrationLimit because it's not a boolean,
  it's a value (not "limit registration?", but "registration limit is
  ...")
- registered-users.json is now users.json, because all users are stored
  there
- user.AuthUsed is dropped in favor of new cfg.UseAuth which has the
  same meaning

I hope I have not forgotten anything.

											
										
										
											2021-07-02 08:20:03 +00:00
+										Name:         username,
-												Add -create-admin flag

It allows for interactive creation of admin account from the terminal
for new wikis. Because we have a chicken-and-egg problem here with the
user panel -- you need an admin account to appoint someone as an admin,
right?

											
										
										
											2021-07-02 10:25:13 +00:00
+										Group:        group,
-												Migrate to gorilla/mux for web needs

What a wonderful package!

											
										
										
											2021-07-15 17:46:35 +00:00
+										Source:       source,
-												Drop fixed authorization

Important changes:
- UseFixedAuth is now UseAuth and toggles all kinds of authorization and
  registration
- UseRegistration is now AllowRegistration to better reflect the meaning
- LimitRegistration is now RegistrationLimit because it's not a boolean,
  it's a value (not "limit registration?", but "registration limit is
  ...")
- registered-users.json is now users.json, because all users are stored
  there
- user.AuthUsed is dropped in favor of new cfg.UseAuth which has the
  same meaning

I hope I have not forgotten anything.

											
										
										
											2021-07-02 08:20:03 +00:00
+										Password:     string(hash),
 										RegisteredAt: time.Now(),
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+									}
 									users.Store(username, &u)
-												Add -create-admin flag

It allows for interactive creation of admin account from the terminal
for new wikis. Because we have a chicken-and-egg problem here with the
user panel -- you need an admin account to appoint someone as an admin,
right?

											
										
										
											2021-07-02 10:25:13 +00:00
+									return SaveUserDatabase()
-												You can now register, but the new account is not saved on disk

											
										
										
											2021-04-19 16:39:25 +00:00
+								}
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+								// LoginDataHTTP logs such user in and returns string representation of an error if there is any.
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
+								//
 								// The HTTP parameters are used for setting header status (bad request, if it is bad) and saving a cookie.
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+								func LoginDataHTTP(w http.ResponseWriter, rq *http.Request, username, password string) string {
 									w.Header().Set("Content-Type", "text/html;charset=utf-8")
 									if !HasUsername(username) {
 										w.WriteHeader(http.StatusBadRequest)
 										log.Println("Unknown username", username, "was entered")
 										return "unknown username"
 									}
 									if !CredentialsOK(username, password) {
 										w.WriteHeader(http.StatusBadRequest)
 										log.Println("A wrong password was entered for username", username)
 										return "wrong password"
 									}
 									token, err := AddSession(username)
 									if err != nil {
 										log.Println(err)
 										w.WriteHeader(http.StatusBadRequest)
 										return err.Error()
 									}
 									http.SetCookie(w, cookie("token", token, time.Now().Add(365*24*time.Hour)))
 									return ""
 								}
 								// AddSession saves a session for `username` and returns a token to use.
 								func AddSession(username string) (string, error) {
 									token, err := util.RandomString(16)
 									if err == nil {
 										commenceSession(username, token)
 										log.Println("New token for", username, "is", token)
 									}
 									return token, err
 								}
 								// A handy cookie constructor
-												Housekeeping with linter

'I do as the golint guides'

											
										
										
											2021-10-01 17:12:16 +00:00
+								func cookie(nameSuffix, val string, t time.Time) *http.Cookie {
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+									return &http.Cookie{
-												Housekeeping with linter

'I do as the golint guides'

											
										
										
											2021-10-01 17:12:16 +00:00
+										Name:    "mycorrhiza_" + nameSuffix,
-												Make account system concurrent-safe and refactor it a little

											
										
										
											2021-01-09 20:49:48 +00:00
+										Value:   val,
 										Expires: t,
 										Path:    "/",
 									}
 								}
-												Implement initial Telegram integration

											
										
										
											2021-07-14 19:51:55 +00:00
 								// TelegramAuthParamsAreValid is true if the given params are ok.
 								func TelegramAuthParamsAreValid(params map[string][]string) bool {
 									// According to the Telegram documentation,
 									// > You can verify the authentication and the integrity of the data received by comparing the received hash parameter with the hexadecimal representation of the HMAC-SHA-256 signature of the data-check-string with the SHA256 hash of the bot's token used as a secret key.
 									tokenHash := sha256.New()
 									tokenHash.Write([]byte(cfg.TelegramBotToken))
 									secretKey := tokenHash.Sum(nil)
 									hash := hmac.New(sha256.New, secretKey)
 									hash.Write([]byte(telegramDataCheckString(params)))
 									hexHash := hex.EncodeToString(hash.Sum(nil))
 									passedHash := params["hash"][0]
 									return passedHash == hexHash
 								}
 								// According to the Telegram documentation,
 								// > Data-check-string is a concatenation of all received fields, sorted in alphabetical order, in the format key=<value> with a line feed character ('\n', 0x0A) used as separator – e.g., 'auth_date=<auth_date>\nfirst_name=<first_name>\nid=<id>\nusername=<username>'.
 								//
 								// Note that hash is not used here.
 								func telegramDataCheckString(params map[string][]string) string {
 									var lines []string
 									for key, value := range params {
 										if key == "hash" {
 											continue
 										}
 										lines = append(lines, fmt.Sprintf("%s=%s", key, value[0]))
 									}
 									sort.Strings(lines)
 									return strings.Join(lines, "\n")
 								}