-
Notifications
You must be signed in to change notification settings - Fork 0
/
service.go
99 lines (78 loc) · 2.47 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package auth
import (
"context"
"crypto/rand"
"crypto/subtle"
"encoding/base64"
"time"
"github.com/viddrobnic/sparovec/models"
)
const saltLenght = 16
func (a *Auth) Authenticate(ctx context.Context, username, password string) (*models.User, error) {
user, err := a.repository.GetByUsername(ctx, username)
if err != nil {
a.log.Error("Failed to get user", "error", err)
return nil, models.ErrInternalServer
}
if user == nil {
a.log.Info("User not found", "username", username)
return nil, models.ErrInvalidCredentials
}
if !doPasswordsMatch(user.Password, user.Salt, password) {
return nil, models.ErrInvalidCredentials
}
return &user.User, nil
}
func (a *Auth) CreateSession(user *models.User) (*models.Session, error) {
// Create session
expiresAt := time.Now().Add(time.Duration(a.conf.Auth.SessionTtl) * time.Second)
sess := &models.Session{
User: user,
ExpiresAt: expiresAt,
}
signatureBytes, err := signSession(sess, a.conf.Auth.SigningKey)
if err != nil {
a.log.Error("Failed to sign session", "error", err)
return nil, models.ErrInternalServer
}
sess.Signature = base64.StdEncoding.EncodeToString(signatureBytes)
return sess, nil
}
func (a *Auth) ValidateSession(session *models.Session) error {
if session.ExpiresAt.Before(time.Now()) {
return models.ErrInvalidCredentials
}
signatureBytes, err := signSession(session, a.conf.Auth.SigningKey)
if err != nil {
a.log.Error("Failed to sign session", "error", err)
return models.ErrInternalServer
}
signatureBytes2, err := base64.StdEncoding.DecodeString(session.Signature)
if err != nil {
return models.ErrInvalidCredentials
}
if subtle.ConstantTimeCompare(signatureBytes, signatureBytes2) != 1 {
return models.ErrInvalidCredentials
}
return nil
}
func (a *Auth) CreateUser(ctx context.Context, username, password string) (*models.User, error) {
// Create saltBytes
saltBytes := make([]byte, saltLenght)
_, err := rand.Read(saltBytes)
if err != nil {
a.log.Error("Failed to generate salt", "error", err)
return nil, models.ErrInternalServer
}
salt := base64.StdEncoding.EncodeToString(saltBytes)
// Hash password
hashedPasswordBytes := hashPassword([]byte(password), saltBytes)
hashedPassword := base64.StdEncoding.EncodeToString(hashedPasswordBytes)
// Insert user
user, err := a.repository.Insert(ctx, username, hashedPassword, salt)
if err != nil {
a.log.Error("Failed to insert user", "error", err)
return nil, models.ErrInternalServer
}
return &user.User, nil
}