diff options
| author | Ryan Mehri <[email protected]> | 2020-05-10 17:32:31 -0600 |
|---|---|---|
| committer | Ryan Mehri <[email protected]> | 2020-05-10 17:32:31 -0600 |
| commit | 01d3631b893b09ec4c5f9daade727e8f88aa8d22 (patch) | |
| tree | e35a25eef106f58ebc7d222e3f51ac5013f04f6e /backend | |
| parent | Update post to return hash and password (diff) | |
| download | ctrl-v-01d3631b893b09ec4c5f9daade727e8f88aa8d22.tar.xz ctrl-v-01d3631b893b09ec4c5f9daade727e8f88aa8d22.zip | |
Add password hashing
Diffstat (limited to 'backend')
| -rw-r--r-- | backend/api/routes.go | 8 | ||||
| -rw-r--r-- | backend/db/db.go | 45 | ||||
| -rw-r--r-- | backend/go.mod | 1 | ||||
| -rw-r--r-- | backend/hashing/hash.go | 6 |
4 files changed, 41 insertions, 19 deletions
diff --git a/backend/api/routes.go b/backend/api/routes.go index 3b08781..d578632 100644 --- a/backend/api/routes.go +++ b/backend/api/routes.go @@ -31,7 +31,7 @@ func insertFunc(w http.ResponseWriter, r *http.Request) { log.Infof("got content '%s' and ip '%s'", content, ip) // insert content - paste, err := db.New(ip, content, expiry, title, password) + hash, err := db.New(ip, content, expiry, title, password) if err != nil { w.WriteHeader(http.StatusBadRequest) fmt.Fprintf(w, "got err: %s", err.Error()) @@ -40,8 +40,7 @@ func insertFunc(w http.ResponseWriter, r *http.Request) { // if successful return paste hash w.Header().Set("Content-Type", "application/json") pasteMap := map[string]interface{}{ - "hash": paste.Hash, - "password": paste.Password, + "hash": hash, } jsonData, _ := json.Marshal(pasteMap) @@ -59,10 +58,11 @@ func getHashFunc(w http.ResponseWriter, r *http.Request) { return } - // otherwise, return paste content and current time + // otherwise, return paste content, title, and current time w.Header().Set("Content-Type", "application/json") pasteMap := map[string]interface{}{ "timestamp": time.Now(), + "title": paste.Title, "content": paste.Content, } diff --git a/backend/db/db.go b/backend/db/db.go index d40de87..9bfe55a 100644 --- a/backend/db/db.go +++ b/backend/db/db.go @@ -27,22 +27,21 @@ func init() { const TitleLimit = 100 const ContentLimit = 100000 -// creates a new paste with title, content and hash -func New(ip, content, expiry, title, password string) (Paste, error) { +// creates a new paste with title, content and hash, returns the hash of the created paste +func New(ip, content, expiry, title, password string) (string, error) { // generate hash from ip hash := hashing.GenerateURI(ip) // check for size of title and content - errs := "" - if len(title) > TitleLimit { - errs += fmt.Sprintf("title is longer than character limit of %d\n", TitleLimit) - } - if len(content) > ContentLimit { - errs += fmt.Sprintf("content is longer than character limit of %d\n", ContentLimit) + errs := checkLengths(title, content) + if errs != nil { + return "", errs } - // if any errors were found - if errs != "" { - return Paste{}, fmt.Errorf(errs) + + // hash given password + hashedPass, err := hashing.HashPassword(password) + if err != nil { + return "", fmt.Errorf("could not hash password: %s", err.Error()) } // create new struct @@ -50,7 +49,7 @@ func New(ip, content, expiry, title, password string) (Paste, error) { Hash: hash, Content: content, Title: title, - Password: password, + Password: hashedPass, } // check if expiry @@ -59,12 +58,12 @@ func New(ip, content, expiry, title, password string) (Paste, error) { // if time format not current if err != nil { - return Paste{}, err + return "", err } // time is in the past if time.Now().After(t) { - return Paste{}, fmt.Errorf("time %s is in the past", t.String()) + return "", fmt.Errorf("time %s is in the past", t.String()) } new.Expiry = t @@ -77,7 +76,23 @@ func New(ip, content, expiry, title, password string) (Paste, error) { // insert struct log.Infof("create new paste with hash %s", hash) insertErr := insert(new) - return new, insertErr + return hash, insertErr +} + +func checkLengths(title string, content string) error { + errs := "" + if len(title) > TitleLimit { + errs += fmt.Sprintf("title is longer than character limit of %d\n", TitleLimit) + } + if len(content) > ContentLimit { + errs += fmt.Sprintf("content is longer than character limit of %d\n", ContentLimit) + } + // if any errors were found + if errs != "" { + return fmt.Errorf(errs) + } + + return nil } // lookup diff --git a/backend/go.mod b/backend/go.mod index fc4b4dd..0832637 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -8,6 +8,7 @@ require ( github.com/joho/godotenv v1.3.0 github.com/kr/pretty v0.2.0 // indirect github.com/sirupsen/logrus v1.6.0 + golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect ) diff --git a/backend/hashing/hash.go b/backend/hashing/hash.go index 400659e..93a9cf9 100644 --- a/backend/hashing/hash.go +++ b/backend/hashing/hash.go @@ -3,6 +3,7 @@ package hashing import ( "crypto/md5" "encoding/hex" + "golang.org/x/crypto/bcrypt" "math/big" "time" ) @@ -23,4 +24,9 @@ func hashString(text string) string { bi := big.NewInt(0) bi.SetString(hexStr, 16) return bi.Text(62) +} + +func HashPassword(password string) (string, error) { + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + return string(hashedPassword), err }
\ No newline at end of file |