luzifer/twitch-bot
1
0
Fork 0
mirror of https://github.com/Luzifer/twitch-bot.git synced 2024-09-19 10:02:55 +00:00
Code Issues Projects Releases Wiki Activity
v3.30.0
twitch-bot/authMiddleware.go
Knut Ahlers 29b0e41218
[overlays] Add WebDAV support for remote Overlay editing 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-01-01 19:52:42 +01:00

70 lines
1.6 KiB
Go
Raw Permalink Blame History

package main
import (
"crypto/rand"
"encoding/base64"
"fmt"
"net/http"
"github.com/gofrs/uuid/v3"
"github.com/pkg/errors"
"golang.org/x/crypto/argon2"
)
const (
// OWASP recommendations - 2023-07-07
// https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
argonFmt = "$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s"
argonHashLen = 16
argonMemory = 46 * 1024
argonSaltLength = 8
argonThreads = 1
argonTime = 1
)
func fillAuthToken(token *configAuthToken) error {
token.Token = uuid.Must(uuid.NewV4()).String()
salt := make([]byte, argonSaltLength)
if _, err := rand.Read(salt); err != nil {
return errors.Wrap(err, "reading salt")
}
token.Hash = fmt.Sprintf(
argonFmt,
argon2.Version,
argonMemory, argonTime, argonThreads,
base64.RawStdEncoding.EncodeToString(salt),
base64.RawStdEncoding.EncodeToString(argon2.IDKey([]byte(token.Token), salt, argonTime, argonMemory, argonThreads, argonHashLen)),
)
return nil
}
func writeAuthMiddleware(h http.Handler, module string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_, pass, hasBasicAuth := r.BasicAuth()
var token string
switch {
case hasBasicAuth && pass != "":
token = pass
case r.Header.Get("Authorization") != "":
token = r.Header.Get("Authorization")
default:
http.Error(w, "auth not successful", http.StatusForbidden)
return
}
err := authService.ValidateTokenFor(token, module)
if err != nil {
http.Error(w, "auth not successful", http.StatusForbidden)
return
}
h.ServeHTTP(w, r)
})
}
Reference in New Issue View Git Blame Copy Permalink