diff options
| author | Ryan Mehri <[email protected]> | 2020-05-15 17:58:09 -0600 |
|---|---|---|
| committer | Ryan Mehri <[email protected]> | 2020-05-15 17:58:09 -0600 |
| commit | 5d037e8297a192996b7281af0ca761c160aaed30 (patch) | |
| tree | 68a21642cfb9396e734f16e8d636af3efdee49a0 /backend/cache | |
| parent | Merge pull request #24 from jackyzha0/update-readme (diff) | |
| download | ctrl-v-5d037e8297a192996b7281af0ca761c160aaed30.tar.xz ctrl-v-5d037e8297a192996b7281af0ca761c160aaed30.zip | |
Add encryption to content when password is specified
Diffstat (limited to 'backend/cache')
| -rw-r--r-- | backend/cache/cache.go | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/backend/cache/cache.go b/backend/cache/cache.go index 71007e5..6d5eb42 100644 --- a/backend/cache/cache.go +++ b/backend/cache/cache.go @@ -2,7 +2,7 @@ package cache import ( "errors" - "github.com/jackyzha0/ctrl-v/hashing" + "github.com/jackyzha0/ctrl-v/security" "sync" "github.com/jackyzha0/ctrl-v/db" @@ -17,6 +17,7 @@ var C *Cache var PasteNotFound = errors.New("could not find a paste with that hash") var UserUnauthorized = errors.New("paste is password protected") +var EncryptionError = errors.New("could not encrypt the given content") func init() { C = &Cache{ @@ -46,9 +47,22 @@ func (c *Cache) Get(hash, userPassword string) (db.Paste, error) { // if there is a password, check the provided one against it if p.Password != "" { // if passwords do not match, the user is unauthorized - if !hashing.PasswordsEqual(p.Password, userPassword) { + if !security.PasswordsEqual(p.Password, userPassword) { return db.Paste{}, UserUnauthorized } + + // if password matches, decrypt content + key, _, err := security.DeriveKey([]byte(userPassword), p.Salt) + if err != nil { + return db.Paste{}, EncryptionError + } + + decryptedBytes, err := security.Decrypt(key, []byte(p.Content)) + if err != nil { + return db.Paste{}, EncryptionError + } + + p.Content = string(decryptedBytes) } return p, nil |