git.r.bdr.sh - rbdr/mobius/blob - hotline/account.go

   1 package hotline
   2
   3 import (
   4         "encoding/binary"
   5         "fmt"
   6         "golang.org/x/crypto/bcrypt"
   7         "io"
   8         "slices"
   9 )
  10
  11 const GuestAccount = "guest" // default account used when no login is provided for a connection
  12
  13 type Account struct {
  14         Login    string       `yaml:"Login"`
  15         Name     string       `yaml:"Name"`
  16         Password string       `yaml:"Password"`
  17         Access   AccessBitmap `yaml:"Access,flow"`
  18
  19         readOffset int // Internal offset to track read progress
  20 }
  21
  22 func NewAccount(login, name, password string, access AccessBitmap) *Account {
  23         return &Account{
  24                 Login:    login,
  25                 Name:     name,
  26                 Password: HashAndSalt([]byte(password)),
  27                 Access:   access,
  28         }
  29 }
  30
  31 // Read implements io.Reader interface for Account
  32 func (a *Account) Read(p []byte) (int, error) {
  33         fields := []Field{
  34                 NewField(FieldUserName, []byte(a.Name)),
  35                 NewField(FieldUserLogin, EncodeString([]byte(a.Login))),
  36                 NewField(FieldUserAccess, a.Access[:]),
  37         }
  38
  39         if bcrypt.CompareHashAndPassword([]byte(a.Password), []byte("")) != nil {
  40                 fields = append(fields, NewField(FieldUserPassword, []byte("x")))
  41         }
  42
  43         fieldCount := make([]byte, 2)
  44         binary.BigEndian.PutUint16(fieldCount, uint16(len(fields)))
  45
  46         var fieldBytes []byte
  47         for _, field := range fields {
  48                 b, err := io.ReadAll(&field)
  49                 if err != nil {
  50                         return 0, fmt.Errorf("error reading field: %w", err)
  51                 }
  52                 fieldBytes = append(fieldBytes, b...)
  53         }
  54
  55         buf := slices.Concat(fieldCount, fieldBytes)
  56         if a.readOffset >= len(buf) {
  57                 return 0, io.EOF // All bytes have been read
  58         }
  59
  60         n := copy(p, buf[a.readOffset:])
  61         a.readOffset += n
  62
  63         return n, nil
  64 }
  65
  66 // HashAndSalt generates a password hash from a users obfuscated plaintext password
  67 func HashAndSalt(pwd []byte) string {
  68         hash, _ := bcrypt.GenerateFromPassword(pwd, bcrypt.MinCost)
  69
  70         return string(hash)
  71 }