git.r.bdr.sh / rbdr / mobius / blame
| Commit | Line | Data |
|---|---|---|
| 6988a057 JH |
1 | package hotline |
| 2 | ||
| 3 | import ( | |
| d2810ae9 | 4 | "encoding/binary" |
| 95159e55 | 5 | "fmt" |
| d2810ae9 | 6 | "golang.org/x/crypto/bcrypt" |
| b129b7cb | 7 | "io" |
| b129b7cb | 8 | "slices" |
| 6988a057 JH |
9 | ) |
| 10 | ||
| 11 | const GuestAccount = "guest" // default account used when no login is provided for a connection | |
| 12 | ||
| 13 | type Account struct { | |
| 187d6dc5 JH |
14 | Login string `yaml:"Login"` |
| 15 | Name string `yaml:"Name"` | |
| 16 | Password string `yaml:"Password"` | |
| fd740bc4 | 17 | Access AccessBitmap `yaml:"Access,flow"` |
| dcd23d53 | 18 | FileRoot string `yaml:"FileRoot"` |
| 95159e55 JH |
19 | |
| 20 | readOffset int // Internal offset to track read progress | |
| 6988a057 JH |
21 | } |
| 22 | ||
| fd740bc4 | 23 | func NewAccount(login, name, password string, access AccessBitmap) *Account { |
| a2ef262a JH |
24 | return &Account{ |
| 25 | Login: login, | |
| 26 | Name: name, | |
| fd740bc4 | 27 | Password: HashAndSalt([]byte(password)), |
| a2ef262a JH |
28 | Access: access, |
| 29 | } | |
| 30 | } | |
| 31 | ||
| 926c7f55 | 32 | // Read implements io.Reader interface for Account |
| 95159e55 | 33 | func (a *Account) Read(p []byte) (int, error) { |
| d2810ae9 | 34 | fields := []Field{ |
| d005ef04 | 35 | NewField(FieldUserName, []byte(a.Name)), |
| fd740bc4 | 36 | NewField(FieldUserLogin, EncodeString([]byte(a.Login))), |
| d005ef04 | 37 | NewField(FieldUserAccess, a.Access[:]), |
| d2810ae9 JH |
38 | } |
| 39 | ||
| 40 | if bcrypt.CompareHashAndPassword([]byte(a.Password), []byte("")) != nil { | |
| d005ef04 | 41 | fields = append(fields, NewField(FieldUserPassword, []byte("x"))) |
| d2810ae9 JH |
42 | } |
| 43 | ||
| 44 | fieldCount := make([]byte, 2) | |
| 45 | binary.BigEndian.PutUint16(fieldCount, uint16(len(fields))) | |
| 46 | ||
| b129b7cb | 47 | var fieldBytes []byte |
| d2810ae9 | 48 | for _, field := range fields { |
| 95159e55 JH |
49 | b, err := io.ReadAll(&field) |
| 50 | if err != nil { | |
| 51 | return 0, fmt.Errorf("error reading field: %w", err) | |
| 52 | } | |
| 53 | fieldBytes = append(fieldBytes, b...) | |
| 54 | } | |
| 55 | ||
| 56 | buf := slices.Concat(fieldCount, fieldBytes) | |
| 57 | if a.readOffset >= len(buf) { | |
| 58 | return 0, io.EOF // All bytes have been read | |
| d2810ae9 JH |
59 | } |
| 60 | ||
| 95159e55 JH |
61 | n := copy(p, buf[a.readOffset:]) |
| 62 | a.readOffset += n | |
| 63 | ||
| 64 | return n, nil | |
| 6988a057 | 65 | } |
| 69af8ddb | 66 | |
| fd740bc4 JH |
67 | // HashAndSalt generates a password hash from a users obfuscated plaintext password |
| 68 | func HashAndSalt(pwd []byte) string { | |
| a2ef262a | 69 | hash, _ := bcrypt.GenerateFromPassword(pwd, bcrypt.MinCost) |
| 69af8ddb JH |
70 | |
| 71 | return string(hash) | |
| 72 | } |