feat: add key creation
This commit is contained in:
@@ -0,0 +1,24 @@
|
||||
package security
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"orbits-server/internal/shared/utility"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
func GenerateSafeCategoryName(category utility.MediaType, ext string) string {
|
||||
return uuid.New().String() + "_" + string(category) + ext
|
||||
}
|
||||
|
||||
func GenerateSafeName() string {
|
||||
return uuid.New().String()
|
||||
}
|
||||
|
||||
func GenerateChars(byteLen int) string {
|
||||
b := make([]byte, byteLen)
|
||||
rand.Read(b)
|
||||
|
||||
return base64.StdEncoding.EncodeToString(b)
|
||||
}
|
||||
@@ -0,0 +1,71 @@
|
||||
package security
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/sha512"
|
||||
"crypto/subtle"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/argon2"
|
||||
)
|
||||
|
||||
const (
|
||||
argonTime = 3
|
||||
argonMemory = 64 * 1024
|
||||
argonThreads = 2
|
||||
argonSaltLen = 16
|
||||
argonKeyLen = 64
|
||||
)
|
||||
|
||||
func HashFileReader(r io.Reader) (string, error) {
|
||||
h := sha512.New()
|
||||
if _, err := io.Copy(h, r); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
// return in b64 encoding
|
||||
return base64.StdEncoding.EncodeToString(h.Sum(nil)), nil
|
||||
}
|
||||
|
||||
func HashKey(key string) (string, error) {
|
||||
salt := make([]byte, argonSaltLen)
|
||||
rand.Read(salt)
|
||||
|
||||
hash := argon2.IDKey([]byte(key), salt, argonTime, argonMemory, argonThreads, argonKeyLen)
|
||||
|
||||
// encode internally (NOT in handler)
|
||||
b64Salt := base64.RawStdEncoding.EncodeToString(salt)
|
||||
b64Hash := base64.RawStdEncoding.EncodeToString(hash)
|
||||
|
||||
// single stored string
|
||||
encoded := fmt.Sprintf("v1:%s:%s", b64Salt, b64Hash)
|
||||
|
||||
return encoded, nil
|
||||
}
|
||||
|
||||
func CompareKey(key, candidate string) bool {
|
||||
parts := strings.Split(candidate, ":")
|
||||
if len(parts) != 3 {
|
||||
return false
|
||||
}
|
||||
//version := parts[0]
|
||||
b64Salt := parts[1]
|
||||
b64Hash := parts[2]
|
||||
|
||||
salt, err := base64.RawStdEncoding.DecodeString(b64Salt)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
expected, err := base64.RawStdEncoding.DecodeString(b64Hash)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
actual := argon2.IDKey([]byte(key), salt, argonTime, argonMemory, argonThreads, argonKeyLen)
|
||||
|
||||
return subtle.ConstantTimeCompare(actual, expected) == 1
|
||||
}
|
||||
@@ -1,25 +0,0 @@
|
||||
package utility
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"encoding/hex"
|
||||
"io"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
func GenerateHashFromReader(r io.Reader) (string, error) {
|
||||
h := sha512.New()
|
||||
if _, err := io.Copy(h, r); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
// return the sha checksum in hex
|
||||
return hex.EncodeToString(h.Sum(nil)), nil
|
||||
// alternatively return in base64
|
||||
//return base64.StdEncoding.EncodeToString(h.Sum(nil)), nil
|
||||
}
|
||||
|
||||
func GenerateSafeName(category MediaType, ext string) string {
|
||||
return uuid.New().String() + "_" + string(category) + ext
|
||||
}
|
||||
Reference in New Issue
Block a user