381ce3083a
Refactored the code to use switches instead of if blocks in some places. Refactored the Dashboard to make it easier to add icons to it like I did with Cosora. You can now use maps in transpiled templates. Made progress on Cosora's footer. Swapped out the ThemeName property in the HeaderVars struct for a more general and flexible Theme property. Added the colstack CSS class to make it easier to style the layouts for the Control Panel and profile. Renamed the FStore variable to Forums. Renamed the Fpstore variable to FPStore. Renamed the Gstore variable to Groups. Split the MemoryTopicStore into DefaultTopicStore and MemoryTopicCache. Split the MemoryUserStore into DefaultUserStore and MemoryUserCache. Removed the NullUserStore, SQLUserStore, and SQLTopicStore. Added the NullTopicCache and NullUserCache. Moved the Reload method out of the TopicCache interface and into the TopicStore one. Moved the Reload method out of the UserCache interface and into the UserStore one. Added the SetCache and GetCache methods to the TopicStore and UserStore. Added the BypassGetAll method to the WordFilterMap type. Renamed routePanelSetting to routePanelSettingEdit. Renamed routePanelSettingEdit to routePanelSettingEditSubmit. Moved the page titles into the english language pack. Split main() into main and afterDBInit to avoid code duplication in general_test.go Added the ReqIsJson method so that we don't have to sniff the headers every time. Added the LogStore interface. Added the SQLModLogStore and the SQLAdminLogStore. Refactored the phrase system to use getPhrasePlaceholder instead of hard-coding the string to return in a bunch of functions. Removed a redundant rank check. Added the GuildStore to plugin_guilds. Added the about_segment_title and about_segment_body settings. Refactored the setting system to use predefined errors to make it easier for an upstream caller to filter out sensitive error messages as opposed to safe errors. Added the BypassGetAll method to the SettingMap type. Added the Update method to the SettingMap type. BulkGet is now exposed via the MemoryUserCache. Refactored more logs in the template transpiler to reduce the amount of indentation. Refactored the tests to take up fewer lines. Further improved the Cosora theme's colours, padding, and profiles. Added styling for the Control Panel Dashboard to the Cosora Theme. Reduced the amount of code duplication in the installer query generator and opened the door to certain types of auto-migrations. Refactored the Control Panel Dashboard to reduce the amount of code duplication. Refactored the modlog route to reduce the amount of code duplication and string concatenation.
179 lines
5.5 KiB
Go
179 lines
5.5 KiB
Go
/*
|
|
*
|
|
* Gosora Authentication Interface
|
|
* Copyright Azareal 2017 - 2018
|
|
*
|
|
*/
|
|
package common
|
|
|
|
import "errors"
|
|
import "strconv"
|
|
import "net/http"
|
|
import "database/sql"
|
|
|
|
import "golang.org/x/crypto/bcrypt"
|
|
import "../query_gen/lib"
|
|
|
|
var Auth AuthInt
|
|
|
|
// ErrMismatchedHashAndPassword is thrown whenever a hash doesn't match it's unhashed password
|
|
var ErrMismatchedHashAndPassword = bcrypt.ErrMismatchedHashAndPassword
|
|
|
|
// nolint
|
|
// ErrPasswordTooLong is silly, but we don't want bcrypt to bork on us
|
|
var ErrPasswordTooLong = errors.New("The password you selected is too long")
|
|
var ErrWrongPassword = errors.New("That's not the correct password.")
|
|
var ErrSecretError = errors.New("There was a glitch in the system. Please contact your local administrator.")
|
|
var ErrNoUserByName = errors.New("We couldn't find an account with that username.")
|
|
|
|
// AuthInt is the main authentication interface.
|
|
type AuthInt interface {
|
|
Authenticate(username string, password string) (uid int, err error)
|
|
Logout(w http.ResponseWriter, uid int)
|
|
ForceLogout(uid int) error
|
|
SetCookies(w http.ResponseWriter, uid int, session string)
|
|
GetCookies(r *http.Request) (uid int, session string, err error)
|
|
SessionCheck(w http.ResponseWriter, r *http.Request) (user *User, halt bool)
|
|
CreateSession(uid int) (session string, err error)
|
|
}
|
|
|
|
// DefaultAuth is the default authenticator used by Gosora, may be swapped with an alternate authenticator in some situations. E.g. To support LDAP.
|
|
type DefaultAuth struct {
|
|
login *sql.Stmt
|
|
logout *sql.Stmt
|
|
updateSession *sql.Stmt
|
|
}
|
|
|
|
// NewDefaultAuth is a factory for spitting out DefaultAuths
|
|
func NewDefaultAuth() (*DefaultAuth, error) {
|
|
acc := qgen.Builder.Accumulator()
|
|
return &DefaultAuth{
|
|
login: acc.Select("users").Columns("uid, password, salt").Where("name = ?").Prepare(),
|
|
logout: acc.Update("users").Set("session = ''").Where("uid = ?").Prepare(),
|
|
updateSession: acc.Update("users").Set("session = ?").Where("uid = ?").Prepare(),
|
|
}, acc.FirstError()
|
|
}
|
|
|
|
// Authenticate checks if a specific username and password is valid and returns the UID for the corresponding user, if so. Otherwise, a user safe error.
|
|
func (auth *DefaultAuth) Authenticate(username string, password string) (uid int, err error) {
|
|
var realPassword, salt string
|
|
err = auth.login.QueryRow(username).Scan(&uid, &realPassword, &salt)
|
|
if err == ErrNoRows {
|
|
return 0, ErrNoUserByName
|
|
} else if err != nil {
|
|
LogError(err)
|
|
return 0, ErrSecretError
|
|
}
|
|
|
|
if salt == "" {
|
|
// Send an email to admin for this?
|
|
LogError(errors.New("Missing salt for user #" + strconv.Itoa(uid) + ". Potential security breach."))
|
|
return 0, ErrSecretError
|
|
}
|
|
|
|
err = CheckPassword(realPassword, password, salt)
|
|
if err == ErrMismatchedHashAndPassword {
|
|
return 0, ErrWrongPassword
|
|
} else if err != nil {
|
|
LogError(err)
|
|
return 0, ErrSecretError
|
|
}
|
|
|
|
return uid, nil
|
|
}
|
|
|
|
// ForceLogout logs the user out of every computer, not just the one they logged out of
|
|
func (auth *DefaultAuth) ForceLogout(uid int) error {
|
|
_, err := auth.logout.Exec(uid)
|
|
if err != nil {
|
|
LogError(err)
|
|
return ErrSecretError
|
|
}
|
|
|
|
// Flush the user out of the cache
|
|
ucache := Users.GetCache()
|
|
if ucache != nil {
|
|
ucache.Remove(uid)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Logout logs you out of the computer you requested the logout for, but not the other computers you're logged in with
|
|
func (auth *DefaultAuth) Logout(w http.ResponseWriter, _ int) {
|
|
cookie := http.Cookie{Name: "uid", Value: "", Path: "/", MaxAge: Year}
|
|
http.SetCookie(w, &cookie)
|
|
cookie = http.Cookie{Name: "session", Value: "", Path: "/", MaxAge: Year}
|
|
http.SetCookie(w, &cookie)
|
|
}
|
|
|
|
// TODO: Set the cookie domain
|
|
// SetCookies sets the two cookies required for the current user to be recognised as a specific user in future requests
|
|
func (auth *DefaultAuth) SetCookies(w http.ResponseWriter, uid int, session string) {
|
|
cookie := http.Cookie{Name: "uid", Value: strconv.Itoa(uid), Path: "/", MaxAge: Year}
|
|
http.SetCookie(w, &cookie)
|
|
cookie = http.Cookie{Name: "session", Value: session, Path: "/", MaxAge: Year}
|
|
http.SetCookie(w, &cookie)
|
|
}
|
|
|
|
// GetCookies fetches the current user's session cookies
|
|
func (auth *DefaultAuth) GetCookies(r *http.Request) (uid int, session string, err error) {
|
|
// Are there any session cookies..?
|
|
cookie, err := r.Cookie("uid")
|
|
if err != nil {
|
|
return 0, "", err
|
|
}
|
|
uid, err = strconv.Atoi(cookie.Value)
|
|
if err != nil {
|
|
return 0, "", err
|
|
}
|
|
cookie, err = r.Cookie("session")
|
|
if err != nil {
|
|
return 0, "", err
|
|
}
|
|
return uid, cookie.Value, err
|
|
}
|
|
|
|
// SessionCheck checks if a user has session cookies and whether they're valid
|
|
func (auth *DefaultAuth) SessionCheck(w http.ResponseWriter, r *http.Request) (user *User, halt bool) {
|
|
uid, session, err := auth.GetCookies(r)
|
|
if err != nil {
|
|
return &GuestUser, false
|
|
}
|
|
|
|
// Is this session valid..?
|
|
user, err = Users.Get(uid)
|
|
if err == ErrNoRows {
|
|
return &GuestUser, false
|
|
} else if err != nil {
|
|
InternalError(err, w, r)
|
|
return &GuestUser, true
|
|
}
|
|
|
|
if user.Session == "" || session != user.Session {
|
|
return &GuestUser, false
|
|
}
|
|
|
|
return user, false
|
|
}
|
|
|
|
// CreateSession generates a new session to allow a remote client to stay logged in as a specific user
|
|
func (auth *DefaultAuth) CreateSession(uid int) (session string, err error) {
|
|
session, err = GenerateSafeString(SessionLength)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
_, err = auth.updateSession.Exec(session, uid)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// Flush the user data from the cache
|
|
ucache := Users.GetCache()
|
|
if ucache != nil {
|
|
ucache.Remove(uid)
|
|
}
|
|
return session, nil
|
|
}
|