save bytes

This commit is contained in:
Azareal 2020-04-05 13:18:36 +10:00
parent 22af6f19cd
commit 709b0d5541
13 changed files with 91 additions and 91 deletions

View File

@ -17,7 +17,7 @@ import (
"strings" "strings"
"github.com/Azareal/Gosora/common/gauth" "github.com/Azareal/Gosora/common/gauth"
"github.com/Azareal/Gosora/query_gen" qgen "github.com/Azareal/Gosora/query_gen"
//"golang.org/x/crypto/argon2" //"golang.org/x/crypto/argon2"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
@ -66,16 +66,16 @@ var HashPrefixes = map[string]string{
// AuthInt is the main authentication interface. // AuthInt is the main authentication interface.
type AuthInt interface { type AuthInt interface {
Authenticate(username string, password string) (uid int, err error, requiresExtraAuth bool) Authenticate(name, password string) (uid int, err error, requiresExtraAuth bool)
ValidateMFAToken(mfaToken string, uid int) error ValidateMFAToken(mfaToken string, uid int) error
Logout(w http.ResponseWriter, uid int) Logout(w http.ResponseWriter, uid int)
ForceLogout(uid int) error ForceLogout(uid int) error
SetCookies(w http.ResponseWriter, uid int, session string) SetCookies(w http.ResponseWriter, uid int, session string)
SetProvisionalCookies(w http.ResponseWriter, uid int, session string, signedSession string) // To avoid logging someone in until they've passed the MFA check SetProvisionalCookies(w http.ResponseWriter, uid int, session, signedSession string) // To avoid logging someone in until they've passed the MFA check
GetCookies(r *http.Request) (uid int, session string, err error) GetCookies(r *http.Request) (uid int, session string, err error)
SessionCheck(w http.ResponseWriter, r *http.Request) (user *User, halt bool) SessionCheck(w http.ResponseWriter, r *http.Request) (u *User, halt bool)
CreateSession(uid int) (session string, err error) CreateSession(uid int) (session string, err error)
CreateProvisionalSession(uid int) (provSession string, signedSession string, err error) // To avoid logging someone in until they've passed the MFA check CreateProvisionalSession(uid int) (provSession, signedSession string, err error) // To avoid logging someone in until they've passed the MFA check
} }
// DefaultAuth is the default authenticator used by Gosora, may be swapped with an alternate authenticator in some situations. E.g. To support LDAP. // DefaultAuth is the default authenticator used by Gosora, may be swapped with an alternate authenticator in some situations. E.g. To support LDAP.
@ -98,9 +98,9 @@ func NewDefaultAuth() (*DefaultAuth, error) {
// Authenticate checks if a specific username and password is valid and returns the UID for the corresponding user, if so. Otherwise, a user safe error. // Authenticate checks if a specific username and password is valid and returns the UID for the corresponding user, if so. Otherwise, a user safe error.
// IF MFA is enabled, then pass it back a flag telling the caller that authentication isn't complete yet // IF MFA is enabled, then pass it back a flag telling the caller that authentication isn't complete yet
// TODO: Find a better way of handling errors we don't want to reach the user // TODO: Find a better way of handling errors we don't want to reach the user
func (auth *DefaultAuth) Authenticate(username string, password string) (uid int, err error, requiresExtraAuth bool) { func (auth *DefaultAuth) Authenticate(name string, password string) (uid int, err error, requiresExtraAuth bool) {
var realPassword, salt string var realPassword, salt string
err = auth.login.QueryRow(username).Scan(&uid, &realPassword, &salt) err = auth.login.QueryRow(name).Scan(&uid, &realPassword, &salt)
if err == ErrNoRows { if err == ErrNoRows {
return 0, ErrNoUserByName, false return 0, ErrNoUserByName, false
} else if err != nil { } else if err != nil {
@ -295,7 +295,7 @@ func (auth *DefaultAuth) CreateProvisionalSession(uid int) (provSession string,
return provSession, hex.EncodeToString(h.Sum(nil)), nil return provSession, hex.EncodeToString(h.Sum(nil)), nil
} }
func CheckPassword(realPassword string, password string, salt string) (err error) { func CheckPassword(realPassword, password, salt string) (err error) {
blasted := strings.Split(realPassword, "$") blasted := strings.Split(realPassword, "$")
prefix := blasted[0] prefix := blasted[0]
if len(blasted) > 1 { if len(blasted) > 1 {
@ -309,7 +309,7 @@ func CheckPassword(realPassword string, password string, salt string) (err error
return checker(realPassword, password, salt) return checker(realPassword, password, salt)
} }
func GeneratePassword(password string) (hash string, salt string, err error) { func GeneratePassword(password string) (hash, salt string, err error) {
gen, ok := GeneratePasswordFuncs[DefaultHashAlgo] gen, ok := GeneratePasswordFuncs[DefaultHashAlgo]
if !ok { if !ok {
return "", "", ErrHashNotExist return "", "", ErrHashNotExist
@ -317,12 +317,12 @@ func GeneratePassword(password string) (hash string, salt string, err error) {
return gen(password) return gen(password)
} }
func BcryptCheckPassword(realPassword string, password string, salt string) (err error) { func BcryptCheckPassword(realPassword, password, salt string) (err error) {
return bcrypt.CompareHashAndPassword([]byte(realPassword), []byte(password+salt)) return bcrypt.CompareHashAndPassword([]byte(realPassword), []byte(password+salt))
} }
// Note: The salt is in the hash, therefore the salt parameter is blank // Note: The salt is in the hash, therefore the salt parameter is blank
func BcryptGeneratePassword(password string) (hash string, salt string, err error) { func BcryptGeneratePassword(password string) (hash, salt string, err error) {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil { if err != nil {
return "", "", err return "", "", err
@ -337,7 +337,7 @@ func BcryptGeneratePassword(password string) (hash string, salt string, err erro
argon2KeyLen uint32 = 32 argon2KeyLen uint32 = 32
) )
func Argon2CheckPassword(realPassword string, password string, salt string) (err error) { func Argon2CheckPassword(realPassword, password, salt string) (err error) {
split := strings.Split(realPassword, "$") split := strings.Split(realPassword, "$")
// TODO: Better validation // TODO: Better validation
if len(split) < 5 { if len(split) < 5 {
@ -355,7 +355,7 @@ func Argon2CheckPassword(realPassword string, password string, salt string) (err
return nil return nil
} }
func Argon2GeneratePassword(password string) (hash string, salt string, err error) { func Argon2GeneratePassword(password string) (hash, salt string, err error) {
sbytes := make([]byte, SaltLength) sbytes := make([]byte, SaltLength)
_, err = rand.Read(sbytes) _, err = rand.Read(sbytes)
if err != nil { if err != nil {
@ -380,7 +380,7 @@ func FriendlyGAuthSecret(secret string) (out string) {
func GenerateGAuthSecret() (string, error) { func GenerateGAuthSecret() (string, error) {
return GenerateStd32SafeString(14) return GenerateStd32SafeString(14)
} }
func VerifyGAuthToken(secret string, token string) (bool, error) { func VerifyGAuthToken(secret, token string) (bool, error) {
trueToken, err := gauth.GetTOTPToken(secret) trueToken, err := gauth.GetTOTPToken(secret)
return subtle.ConstantTimeCompare([]byte(trueToken), []byte(token)) == 1, err return subtle.ConstantTimeCompare([]byte(trueToken), []byte(token)) == 1, err
} }

View File

@ -8,7 +8,7 @@ for(let i = 0; item = items[i]; i++) menuItems[i] = item.getAttribute("data-miid
Sortable.create(document.getElementById("panel_menu_item_holder"), { Sortable.create(document.getElementById("panel_menu_item_holder"), {
sort: true, sort: true,
onEnd: (evt) => { onEnd: evt => {
console.log("pre menuItems",menuItems) console.log("pre menuItems",menuItems)
console.log("evt",evt) console.log("evt",evt)
let oldMiid = menuItems[evt.newIndex]; let oldMiid = menuItems[evt.newIndex];
@ -37,8 +37,8 @@ document.getElementById("panel_menu_items_order_button").addEventListener("click
pushNotice(phraseBox["panel"]["panel.themes_menus_items_order_updated"]); pushNotice(phraseBox["panel"]["panel.themes_menus_items_order_updated"]);
if(resp.success==1) return; if(resp.success==1) return;
} }
} catch(ex) { } catch(e) {
console.error("ex", ex) console.error("e",e)
} }
console.trace(); console.trace();
} }

View File

@ -13,7 +13,7 @@
<div class="rowblock topic_reply_form quick_create_form"aria-label="{{lang "topic.reply_aria"}}"> <div class="rowblock topic_reply_form quick_create_form"aria-label="{{lang "topic.reply_aria"}}">
<form id="quick_post_form"enctype="multipart/form-data"action="/reply/create/?s={{.CurrentUser.Session}}"method="post"></form> <form id="quick_post_form"enctype="multipart/form-data"action="/reply/create/?s={{.CurrentUser.Session}}"method="post"></form>
<input form="quick_post_form"name="tid"value='{{.Topic.ID}}'type="hidden"> <input form="quick_post_form"name="tid"value='{{.Topic.ID}}'type="hidden">
<input form="quick_post_form" id="has_poll_input" name="has_poll" value=0 type="hidden"> <input form="quick_post_form"id="has_poll_input"name="has_poll"type="hidden"value=0>
<div class="formrow real_first_child"> <div class="formrow real_first_child">
<div class="formitem"> <div class="formitem">
<textarea id="input_content"form="quick_post_form"name="content"placeholder="{{lang "topic.reply_content_alt"}}" required></textarea> <textarea id="input_content"form="quick_post_form"name="content"placeholder="{{lang "topic.reply_content_alt"}}" required></textarea>

View File

@ -1,6 +1,6 @@
{{template "header.html" . }} {{template "header.html" . }}
<main id="topicsItemList" itemscope itemtype="http://schema.org/ItemList"> <main id="topicsItemList" itemscope itemtype="http://schema.org/ItemList">
{{if not .CurrentUser.Loggedin}}<link rel="canonical"href="//{{.Site.URL}}/topics/{{if eq .Sort.SortBy "mostviewed"}}most-viewed/{{end}}{{if gt .Page 1}}?page={{.Page}}{{end}}"/>{{end}} {{if not .CurrentUser.Loggedin}}<link rel="canonical"href="//{{.Site.URL}}/topics/{{if eq .Sort.SortBy "mostviewed"}}most-viewed/{{end}}{{if gt .Page 1}}?page={{.Page}}{{end}}">{{end}}
<div class="rowblock rowhead topic_list_title_block{{if .CurrentUser.Loggedin}} has_opt{{end}}"> <div class="rowblock rowhead topic_list_title_block{{if .CurrentUser.Loggedin}} has_opt{{end}}">
<div class="rowitem topic_list_title"><h1 itemprop="name">{{.Title}}</h1></div> <div class="rowitem topic_list_title"><h1 itemprop="name">{{.Title}}</h1></div>
@ -59,7 +59,7 @@
<div class="topic_meta"> <div class="topic_meta">
<div class="formrow topic_board_row real_first_child"> <div class="formrow topic_board_row real_first_child">
<div class="formitem"><select form="quick_post_form" id="topic_board_input" name="board"> <div class="formitem"><select form="quick_post_form" id="topic_board_input" name="board">
{{range .ForumList}}<option{{if eq .ID $.DefaultForum}} selected{{end}} value="{{.ID}}">{{.Name}}</option>{{end}} {{range .ForumList}}<option value="{{.ID}}"{{if eq .ID $.DefaultForum}}selected{{end}}>{{.Name}}</option>{{end}}
</select></div> </select></div>
</div> </div>
<div class="formrow topic_name_row"> <div class="formrow topic_name_row">