-
Notifications
You must be signed in to change notification settings - Fork 0
/
dbmodels.go
86 lines (66 loc) · 1.61 KB
/
dbmodels.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package uos
import (
"crypto/rand"
"fmt"
"golang.org/x/crypto/scrypt"
"gorm.io/gorm"
)
// AppUser represents a user account.
type AppUser struct {
gorm.Model
Name string `gorm:"unique"`
Language string
PasswordHash string
Salt string
IsAdmin bool
csrfToken string
}
func (AppUser) TableName() string {
return "internal_app_users"
}
// CreateAppUser creates, saves and returns a new AppUser object.
func CreateAppUser(name string, password string) (AppUser, error) {
var (
salt = passwordSalt()
hash = passwordHash(password, salt)
)
if salt == nil || hash == "" {
return AppUser{}, fmt.Errorf("could not create user: password hashing failed")
}
user := AppUser{
Name: name,
PasswordHash: hash,
Salt: base64encode(salt),
}
return user, DB.Create(&user).Error
}
// GetAppUser returns an AppUser object. Checks password.
func GetAppUser(name string, password string) (AppUser, error) {
var user = AppUser{Name: name}
err := DB.Where(&user).First(&user).Error
if err != nil {
return AppUser{}, err
}
hash := passwordHash(password, base64decode(user.Salt))
if hash != user.PasswordHash {
return AppUser{}, ErrorInvalidPassword
}
return user, nil
}
func passwordSalt() []byte {
salt := make([]byte, 16)
_, err := rand.Read(salt)
if err != nil {
Log.WarnError("could not generate salt", err)
return nil
}
return salt
}
func passwordHash(password string, salt []byte) string {
hash, err := scrypt.Key([]byte(password), salt, 32768, 8, 1, 32)
if err != nil {
Log.WarnError("could not generate password hash", err)
return ""
}
return base64encode(hash)
}