mirror of
https://github.com/jech/galene.git
synced 2024-11-24 17:45:58 +01:00
127 lines
2.7 KiB
Go
127 lines
2.7 KiB
Go
package group
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"errors"
|
|
"hash"
|
|
"net"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
"golang.org/x/crypto/pbkdf2"
|
|
|
|
"github.com/jech/galene/conn"
|
|
)
|
|
|
|
type RawPassword struct {
|
|
Type string `json:"type,omitempty"`
|
|
Hash string `json:"hash,omitempty"`
|
|
Key *string `json:"key,omitempty"`
|
|
Salt string `json:"salt,omitempty"`
|
|
Iterations int `json:"iterations,omitempty"`
|
|
}
|
|
|
|
type Password RawPassword
|
|
|
|
func (p Password) Match(pw string) (bool, error) {
|
|
switch p.Type {
|
|
case "":
|
|
return false, nil
|
|
case "plain":
|
|
if p.Key == nil {
|
|
return false, errors.New("missing key")
|
|
}
|
|
return *p.Key == pw, nil
|
|
case "wildcard":
|
|
return true, nil
|
|
case "pbkdf2":
|
|
if p.Key == nil {
|
|
return false, errors.New("missing key")
|
|
}
|
|
key, err := hex.DecodeString(*p.Key)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
salt, err := hex.DecodeString(p.Salt)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
var h func() hash.Hash
|
|
switch p.Hash {
|
|
case "sha-256":
|
|
h = sha256.New
|
|
default:
|
|
return false, errors.New("unknown hash type")
|
|
}
|
|
theirKey := pbkdf2.Key(
|
|
[]byte(pw), salt, p.Iterations, len(key), h,
|
|
)
|
|
return bytes.Equal(key, theirKey), nil
|
|
case "bcrypt":
|
|
if p.Key == nil {
|
|
return false, errors.New("missing key")
|
|
}
|
|
err := bcrypt.CompareHashAndPassword([]byte(*p.Key), []byte(pw))
|
|
if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
|
|
return false, nil
|
|
}
|
|
return err == nil, err
|
|
default:
|
|
return false, errors.New("unknown password type")
|
|
}
|
|
}
|
|
|
|
func (p *Password) UnmarshalJSON(b []byte) error {
|
|
var k string
|
|
err := json.Unmarshal(b, &k)
|
|
if err == nil {
|
|
*p = Password{
|
|
Type: "plain",
|
|
Key: &k,
|
|
}
|
|
return nil
|
|
}
|
|
var r RawPassword
|
|
err = json.Unmarshal(b, &r)
|
|
if err == nil {
|
|
*p = Password(r)
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (p Password) MarshalJSON() ([]byte, error) {
|
|
if p.Type == "plain" && p.Hash == "" && p.Salt == "" && p.Iterations == 0 {
|
|
return json.Marshal(p.Key)
|
|
}
|
|
return json.Marshal(RawPassword(p))
|
|
}
|
|
|
|
type ClientPattern struct {
|
|
Username string `json:"username,omitempty"`
|
|
Password *Password `json:"password,omitempty"`
|
|
}
|
|
|
|
type ClientCredentials struct {
|
|
System bool
|
|
Username *string
|
|
Password string
|
|
Token string
|
|
}
|
|
|
|
type Client interface {
|
|
Group() *Group
|
|
Addr() net.Addr
|
|
Id() string
|
|
Username() string
|
|
SetUsername(string)
|
|
Permissions() []string
|
|
SetPermissions([]string)
|
|
Data() map[string]interface{}
|
|
PushConn(g *Group, id string, conn conn.Up, tracks []conn.UpTrack, replace string) error
|
|
RequestConns(target Client, g *Group, id string) error
|
|
Joined(group, kind string) error
|
|
PushClient(group, kind, id, username string, perms []string, data map[string]interface{}) error
|
|
Kick(id string, user *string, message string) error
|
|
}
|