diff options
| author | Jacky Zhao <[email protected]> | 2020-05-15 18:53:37 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2020-05-15 18:53:37 -0700 |
| commit | 2e4a87393d6fdf0320696faedecdc7699289fffb (patch) | |
| tree | 7afe72a155fd9f6afd1bdded4a214b6fbba77fa0 /backend/cache | |
| parent | Merge pull request #24 from jackyzha0/update-readme (diff) | |
| parent | Add comments and clean up encryption (diff) | |
| download | ctrl-v-2e4a87393d6fdf0320696faedecdc7699289fffb.tar.xz ctrl-v-2e4a87393d6fdf0320696faedecdc7699289fffb.zip | |
Merge pull request #25 from jackyzha0/security
Add encryption to content when password is specified
Diffstat (limited to 'backend/cache')
| -rw-r--r-- | backend/cache/cache.go | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/backend/cache/cache.go b/backend/cache/cache.go index 71007e5..43e615a 100644 --- a/backend/cache/cache.go +++ b/backend/cache/cache.go @@ -2,7 +2,7 @@ package cache import ( "errors" - "github.com/jackyzha0/ctrl-v/hashing" + "github.com/jackyzha0/ctrl-v/security" "sync" "github.com/jackyzha0/ctrl-v/db" @@ -46,9 +46,22 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) { // if there is a password, check the provided one against it if p.Password != "" { // if passwords do not match, the user is unauthorized - if !hashing.PasswordsEqual(p.Password, userPassword) { + if !security.PasswordsEqual(p.Password, userPassword) { return db.Paste{}, UserUnauthorized } + + // if password matches, decrypt content + key, _, err := security.DeriveKey(userPassword, p.Salt) + if err != nil { + return db.Paste{}, security.EncryptionError + } + + decryptedContent, err := security.Decrypt(key, p.Content) + if err != nil { + return db.Paste{}, security.EncryptionError + } + + p.Content = decryptedContent } return p, nil |