mirror of
https://github.com/Walter-Sparrow/lunar-tear.git
synced 2026-07-02 05:43:41 +03:00
Add --no-register flag and register-account CLI
Build and Push Docker images to Docker Hub / build-and-push (push) Has been cancelled
Build and Push Docker images to Docker Hub / build-and-push (push) Has been cancelled
Author: https://github.com/REUSS-dev
This commit is contained in:
@@ -0,0 +1,103 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrUserExists = errors.New("username already taken")
|
||||
ErrInvalidCreds = errors.New("invalid username or password")
|
||||
)
|
||||
|
||||
type AuthUser struct {
|
||||
ID int64
|
||||
Username string
|
||||
}
|
||||
|
||||
type AuthStore struct {
|
||||
db *sql.DB
|
||||
}
|
||||
|
||||
func NewAuthStore(db *sql.DB) (*AuthStore, error) {
|
||||
_, err := db.Exec(`
|
||||
CREATE TABLE IF NOT EXISTS auth_users (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
username TEXT NOT NULL UNIQUE,
|
||||
password BLOB NOT NULL,
|
||||
created_at TEXT NOT NULL
|
||||
)
|
||||
`)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("create auth_users table: %w", err)
|
||||
}
|
||||
return &AuthStore{db: db}, nil
|
||||
}
|
||||
|
||||
func (s *AuthStore) CreateUser(username, password string) (AuthUser, error) {
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return AuthUser{}, fmt.Errorf("hash password: %w", err)
|
||||
}
|
||||
|
||||
res, err := s.db.Exec(
|
||||
`INSERT INTO auth_users (username, password, created_at) VALUES (?, ?, ?)`,
|
||||
username, hash, time.Now().UTC().Format(time.RFC3339),
|
||||
)
|
||||
if err != nil {
|
||||
if isUniqueViolation(err) {
|
||||
return AuthUser{}, ErrUserExists
|
||||
}
|
||||
return AuthUser{}, fmt.Errorf("insert user: %w", err)
|
||||
}
|
||||
|
||||
id, _ := res.LastInsertId()
|
||||
return AuthUser{ID: id, Username: username}, nil
|
||||
}
|
||||
|
||||
func (s *AuthStore) VerifyUser(username, password string) (AuthUser, error) {
|
||||
var id int64
|
||||
var hash []byte
|
||||
err := s.db.QueryRow(
|
||||
`SELECT id, password FROM auth_users WHERE username = ?`, username,
|
||||
).Scan(&id, &hash)
|
||||
if err != nil {
|
||||
return AuthUser{}, ErrInvalidCreds
|
||||
}
|
||||
|
||||
if err := bcrypt.CompareHashAndPassword(hash, []byte(password)); err != nil {
|
||||
return AuthUser{}, ErrInvalidCreds
|
||||
}
|
||||
|
||||
return AuthUser{ID: id, Username: username}, nil
|
||||
}
|
||||
|
||||
func (s *AuthStore) UserExists(username string) bool {
|
||||
var n int
|
||||
err := s.db.QueryRow(`SELECT 1 FROM auth_users WHERE username = ?`, username).Scan(&n)
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func isUniqueViolation(err error) bool {
|
||||
return err != nil && (errors.Is(err, sql.ErrNoRows) ||
|
||||
// modernc.org/sqlite returns error strings containing "UNIQUE constraint failed"
|
||||
fmt.Sprintf("%v", err) == fmt.Sprintf("%v", err) &&
|
||||
contains(err.Error(), "UNIQUE constraint failed"))
|
||||
}
|
||||
|
||||
func contains(s, substr string) bool {
|
||||
return len(s) >= len(substr) && searchStr(s, substr)
|
||||
}
|
||||
|
||||
func searchStr(s, sub string) bool {
|
||||
for i := 0; i <= len(s)-len(sub); i++ {
|
||||
if s[i:i+len(sub)] == sub {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
@@ -0,0 +1,102 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
)
|
||||
|
||||
const TokenTTL = 24 * time.Hour
|
||||
|
||||
var (
|
||||
ErrTokenInvalid = errors.New("invalid token")
|
||||
ErrTokenExpired = errors.New("token expired")
|
||||
)
|
||||
|
||||
type TokenClaims struct {
|
||||
Sub int64 `json:"sub"`
|
||||
Name string `json:"name"`
|
||||
Iat int64 `json:"iat"`
|
||||
Exp int64 `json:"exp"`
|
||||
}
|
||||
|
||||
type TokenService struct {
|
||||
secret []byte
|
||||
}
|
||||
|
||||
func NewTokenService(secret []byte) *TokenService {
|
||||
return &TokenService{secret: secret}
|
||||
}
|
||||
|
||||
func (t *TokenService) Generate(user AuthUser) (string, error) {
|
||||
now := time.Now().Unix()
|
||||
claims := TokenClaims{
|
||||
Sub: user.ID,
|
||||
Name: user.Username,
|
||||
Iat: now,
|
||||
Exp: now + int64(TokenTTL.Seconds()),
|
||||
}
|
||||
|
||||
payload, err := json.Marshal(claims)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("marshal claims: %w", err)
|
||||
}
|
||||
|
||||
enc := base64.RawURLEncoding
|
||||
payloadB64 := enc.EncodeToString(payload)
|
||||
|
||||
mac := hmac.New(sha256.New, t.secret)
|
||||
mac.Write(payload)
|
||||
sig := enc.EncodeToString(mac.Sum(nil))
|
||||
|
||||
return payloadB64 + "." + sig, nil
|
||||
}
|
||||
|
||||
func (t *TokenService) Validate(token string) (TokenClaims, error) {
|
||||
dot := -1
|
||||
for i := range token {
|
||||
if token[i] == '.' {
|
||||
dot = i
|
||||
break
|
||||
}
|
||||
}
|
||||
if dot < 0 {
|
||||
return TokenClaims{}, ErrTokenInvalid
|
||||
}
|
||||
|
||||
payloadB64 := token[:dot]
|
||||
sigB64 := token[dot+1:]
|
||||
|
||||
enc := base64.RawURLEncoding
|
||||
|
||||
payload, err := enc.DecodeString(payloadB64)
|
||||
if err != nil {
|
||||
return TokenClaims{}, ErrTokenInvalid
|
||||
}
|
||||
|
||||
sig, err := enc.DecodeString(sigB64)
|
||||
if err != nil {
|
||||
return TokenClaims{}, ErrTokenInvalid
|
||||
}
|
||||
|
||||
mac := hmac.New(sha256.New, t.secret)
|
||||
mac.Write(payload)
|
||||
if !hmac.Equal(mac.Sum(nil), sig) {
|
||||
return TokenClaims{}, ErrTokenInvalid
|
||||
}
|
||||
|
||||
var claims TokenClaims
|
||||
if err := json.Unmarshal(payload, &claims); err != nil {
|
||||
return TokenClaims{}, ErrTokenInvalid
|
||||
}
|
||||
|
||||
if time.Now().Unix() > claims.Exp {
|
||||
return TokenClaims{}, ErrTokenExpired
|
||||
}
|
||||
|
||||
return claims, nil
|
||||
}
|
||||
Reference in New Issue
Block a user