diff options
Diffstat (limited to 'verification.go')
-rw-r--r-- | verification.go | 249 |
1 files changed, 123 insertions, 126 deletions
diff --git a/verification.go b/verification.go index 555e9ee..c575ae4 100644 --- a/verification.go +++ b/verification.go @@ -25,32 +25,31 @@ import ( "strings" ) - type Verify struct { - Type string + Type string Identifier string - Code string - Created string - Board string + Code string + Created string + Board string } type VerifyCooldown struct { Identifier string - Code string - Time int + Code string + Time int } type Signature struct { - KeyId string - Headers []string + KeyId string + Headers []string Signature string - Algorithm string + Algorithm string } func DeleteBoardMod(db *sql.DB, verify Verify) { query := `select code from boardaccess where identifier=$1 and board=$1` - rows, err := db.Query(query, verify.Identifier, verify.Board) + rows, err := db.Query(query, verify.Identifier, verify.Board) CheckError(err, "could not select code from boardaccess") @@ -62,25 +61,25 @@ func DeleteBoardMod(db *sql.DB, verify Verify) { if code != "" { query := `delete from crossverification where code=$1` - + _, err := db.Exec(query, code) - + CheckError(err, "could not delete code from crossverification") query = `delete from boardaccess where identifier=$1 and board=$2` - _, err = db.Exec(query, verify.Identifier, verify.Board) - - CheckError(err, "could not delete identifier from boardaccess") + _, err = db.Exec(query, verify.Identifier, verify.Board) + + CheckError(err, "could not delete identifier from boardaccess") } } -func GetBoardMod(db *sql.DB, identifier string) Verify{ +func GetBoardMod(db *sql.DB, identifier string) Verify { var nVerify Verify query := `select code, board, type, identifier from boardaccess where identifier=$1` - rows, err := db.Query(query, identifier) + rows, err := db.Query(query, identifier) CheckError(err, "could not select boardaccess query") @@ -97,14 +96,14 @@ func CreateBoardMod(db *sql.DB, verify Verify) { query := `select code from verification where identifier=$1 and type=$2` - rows, err := db.Query(query, verify.Board, verify.Type) + rows, err := db.Query(query, verify.Board, verify.Type) CheckError(err, "could not select verifcaiton query") defer rows.Close() var code string - + rows.Next() rows.Scan(&code) @@ -112,8 +111,8 @@ func CreateBoardMod(db *sql.DB, verify Verify) { query := `select identifier from boardaccess where identifier=$1 and board=$2` - rows, err := db.Query(query, verify.Identifier, verify.Board) - + rows, err := db.Query(query, verify.Identifier, verify.Board) + CheckError(err, "could not select idenifier from boardaccess") defer rows.Close() @@ -126,14 +125,14 @@ func CreateBoardMod(db *sql.DB, verify Verify) { query := `insert into crossverification (verificationcode, code) values ($1, $2)` - _, err := db.Exec(query, code, pass) - + _, err := db.Exec(query, code, pass) + CheckError(err, "could not insert new crossverification") query = `insert into boardaccess (identifier, code, board, type) values ($1, $2, $3, $4)` _, err = db.Exec(query, verify.Identifier, pass, verify.Board, verify.Type) - + CheckError(err, "could not insert new boardaccess") fmt.Printf("Board access - Board: %s, Identifier: %s, Code: %s\n", verify.Board, verify.Identifier, pass) @@ -144,7 +143,7 @@ func CreateBoardMod(db *sql.DB, verify Verify) { func CreateVerification(db *sql.DB, verify Verify) { query := `insert into verification (type, identifier, code, created) values ($1, $2, $3, $4)` - _, err := db.Exec(query, verify.Type, verify.Identifier, verify.Code, time.Now().UTC().Format(time.RFC3339)) + _, err := db.Exec(query, verify.Type, verify.Identifier, verify.Code, time.Now().UTC().Format(time.RFC3339)) CheckError(err, "error creating verify") } @@ -154,20 +153,20 @@ func GetVerificationByEmail(db *sql.DB, email string) Verify { query := `select type, identifier, code, board from boardaccess where identifier=$1` - rows, err := db.Query(query, email) + rows, err := db.Query(query, email) defer rows.Close() - CheckError(err, "error getting verify by email query") + CheckError(err, "error getting verify by email query") defer rows.Close() for rows.Next() { err := rows.Scan(&verify.Type, &verify.Identifier, &verify.Code, &verify.Board) - CheckError(err, "error getting verify by email scan") + CheckError(err, "error getting verify by email scan") } - + return verify } @@ -176,7 +175,7 @@ func GetVerificationByCode(db *sql.DB, code string) Verify { query := `select type, identifier, code, board from boardaccess where code=$1` - rows, err := db.Query(query, code) + rows, err := db.Query(query, code) defer rows.Close() @@ -188,9 +187,9 @@ func GetVerificationByCode(db *sql.DB, code string) Verify { for rows.Next() { err := rows.Scan(&verify.Type, &verify.Identifier, &verify.Code, &verify.Board) - CheckError(err, "error getting verify by code scan") + CheckError(err, "error getting verify by code scan") } - + return verify } @@ -199,7 +198,7 @@ func GetVerificationCode(db *sql.DB, verify Verify) Verify { query := `select type, identifier, code, board from boardaccess where identifier=$1 and board=$2` - rows, err := db.Query(query, verify.Identifier, verify.Board) + rows, err := db.Query(query, verify.Identifier, verify.Board) defer rows.Close() @@ -211,9 +210,9 @@ func GetVerificationCode(db *sql.DB, verify Verify) Verify { for rows.Next() { err := rows.Scan(&nVerify.Type, &nVerify.Identifier, &nVerify.Code, &nVerify.Board) - CheckError(err, "error getting verify by code scan") + CheckError(err, "error getting verify by code scan") } - + return nVerify } @@ -222,29 +221,29 @@ func VerifyCooldownCurrent(db *sql.DB, auth string) VerifyCooldown { query := `select identifier, code, time from verificationcooldown where code=$1` - rows, err := db.Query(query, auth) + rows, err := db.Query(query, auth) - defer rows.Close() + defer rows.Close() if err != nil { query := `select identifier, code, time from verificationcooldown where identifier=$1` - rows, err := db.Query(query, auth) + rows, err := db.Query(query, auth) defer rows.Close() - + if err != nil { return current } - + defer rows.Close() for rows.Next() { err = rows.Scan(¤t.Identifier, ¤t.Code, ¤t.Time) CheckError(err, "error scanning current verify cooldown verification") - } + } } defer rows.Close() @@ -261,7 +260,7 @@ func VerifyCooldownCurrent(db *sql.DB, auth string) VerifyCooldown { func VerifyCooldownAdd(db *sql.DB, verify Verify) { query := `insert into verficationcooldown (identifier, code) values ($1, $2)` - _, err := db.Exec(query, verify.Identifier, verify.Code) + _, err := db.Exec(query, verify.Identifier, verify.Code) CheckError(err, "error adding verify to cooldown") } @@ -272,23 +271,23 @@ func VerficationCooldown(db *sql.DB) { rows, err := db.Query(query) - defer rows.Close() + defer rows.Close() CheckError(err, "error with verifiy cooldown query ") defer rows.Close() for rows.Next() { - var verify VerifyCooldown + var verify VerifyCooldown err = rows.Scan(&verify.Identifier, &verify.Code, &verify.Time) CheckError(err, "error with verifiy cooldown scan ") - nTime := verify.Time - 1; + nTime := verify.Time - 1 query = `update set time=$1 where identifier=$2` - _, err := db.Exec(query, nTime, verify.Identifier) + _, err := db.Exec(query, nTime, verify.Identifier) CheckError(err, "error with update cooldown query") @@ -318,11 +317,10 @@ func SendVerification(verify Verify) { "Subject: Image Board Verification\n\n" + body - err := smtp.SendMail(SiteEmailServer + ":" + SiteEmailPort, + err := smtp.SendMail(SiteEmailServer+":"+SiteEmailPort, smtp.PlainAuth("", from, pass, SiteEmailServer), from, []string{to}, []byte(msg)) - CheckError(err, "error with smtp") } @@ -341,8 +339,8 @@ func IsEmailSetup() bool { if SiteEmailPort == "" { return false - } - + } + return true } @@ -354,7 +352,7 @@ func HasAuth(db *sql.DB, code string, board string) bool { return true } - return false; + return false } func HasAuthCooldown(db *sql.DB, auth string) bool { @@ -363,7 +361,7 @@ func HasAuthCooldown(db *sql.DB, auth string) bool { return true } - fmt.Println("has auth is false") + fmt.Println("has auth is false") return false } @@ -377,19 +375,19 @@ func GetVerify(db *sql.DB, access string) Verify { return verify } -func CreateNewCaptcha(db *sql.DB){ - id := RandomID(8) +func CreateNewCaptcha(db *sql.DB) { + id := RandomID(8) file := "public/" + id + ".png" - + for true { if _, err := os.Stat("./" + file); err == nil { - id = RandomID(8) + id = RandomID(8) file = "public/" + id + ".png" - }else{ + } else { break } } - + captcha := Captcha() var pattern string @@ -398,53 +396,53 @@ func CreateNewCaptcha(db *sql.DB){ srnd := string(rnd) switch srnd { - case "0" : + case "0": pattern = "pattern:verticalbricks" break - case "1" : + case "1": pattern = "pattern:verticalsaw" break - - case "2" : + + case "2": pattern = "pattern:hs_cross" - break + break } - + cmd := exec.Command("convert", "-size", "200x98", pattern, "-transparent", "white", file) err := cmd.Run() CheckError(err, "error with captcha first pass") - - cmd = exec.Command("convert", file, "-fill", "blue", "-pointsize", "62", "-annotate", "+0+70", captcha, "-tile", "pattern:left30", "-gravity", "center", "-transparent", "white", file) + + cmd = exec.Command("convert", file, "-fill", "blue", "-pointsize", "62", "-annotate", "+0+70", captcha, "-tile", "pattern:left30", "-gravity", "center", "-transparent", "white", file) err = cmd.Run() CheckError(err, "error with captcha second pass") - rnd = fmt.Sprintf("%d", rand.Intn(24) - 12) - - cmd = exec.Command("convert", file, "-rotate", rnd, "-wave", "5x35", "-distort", "Arc", "20", "-wave", "2x35", "-transparent", "white", file) + rnd = fmt.Sprintf("%d", rand.Intn(24)-12) + + cmd = exec.Command("convert", file, "-rotate", rnd, "-wave", "5x35", "-distort", "Arc", "20", "-wave", "2x35", "-transparent", "white", file) err = cmd.Run() - CheckError(err, "error with captcha third pass") + CheckError(err, "error with captcha third pass") var verification Verify - verification.Type = "captcha" - verification.Code = captcha + verification.Type = "captcha" + verification.Code = captcha verification.Identifier = file CreateVerification(db, verification) } func CreateBoardAccess(db *sql.DB, verify Verify) { - if(!HasBoardAccess(db, verify)){ - query := `insert into boardaccess (identifier, board) values($1, $2)` + if !HasBoardAccess(db, verify) { + query := `insert into boardaccess (identifier, board) values($1, $2)` - _, err := db.Exec(query, verify.Identifier, verify.Board) + _, err := db.Exec(query, verify.Identifier, verify.Board) CheckError(err, "could not instert verification and board into board access") } @@ -453,18 +451,18 @@ func CreateBoardAccess(db *sql.DB, verify Verify) { func HasBoardAccess(db *sql.DB, verify Verify) bool { query := `select count(*) from boardaccess where identifier=$1 and board=$2` - rows, err := db.Query(query, verify.Identifier, verify.Board) + rows, err := db.Query(query, verify.Identifier, verify.Board) - defer rows.Close() + defer rows.Close() - CheckError(err, "could not select boardaccess based on verify") + CheckError(err, "could not select boardaccess based on verify") var count int rows.Next() rows.Scan(&count) - if(count > 0) { + if count > 0 { return true } else { return false @@ -475,11 +473,11 @@ func BoardHasAuthType(db *sql.DB, board string, auth string) bool { authTypes := GetActorAuth(db, board) for _, e := range authTypes { - if(e == auth){ + if e == auth { return true } } - + return false } @@ -491,39 +489,39 @@ func Captcha() string { for i := 0; i < rng; i++ { newID += string(domain[rand.Intn(len(domain))]) } - + return newID -} +} func CreatePem(db *sql.DB, actor Actor) { privatekey, err := rsa.GenerateKey(crand.Reader, 2048) CheckError(err, "error creating private pem key") privateKeyBytes := x509.MarshalPKCS1PrivateKey(privatekey) - + privateKeyBlock := &pem.Block{ Type: "RSA PRIVATE KEY", Bytes: privateKeyBytes, } - + privatePem, err := os.Create("./pem/board/" + actor.Name + "-private.pem") - CheckError(err, "error creating private pem file for " + actor.Name) - + CheckError(err, "error creating private pem file for "+actor.Name) + err = pem.Encode(privatePem, privateKeyBlock) CheckError(err, "error encoding private pem") publickey := &privatekey.PublicKey publicKeyBytes, err := x509.MarshalPKIXPublicKey(publickey) - CheckError(err, "error Marshaling public key to X509") - + CheckError(err, "error Marshaling public key to X509") + publicKeyBlock := &pem.Block{ Type: "PUBLIC KEY", Bytes: publicKeyBytes, } - + publicPem, err := os.Create("./pem/board/" + actor.Name + "-public.pem") - CheckError(err, "error creating public pem file for " + actor.Name) - + CheckError(err, "error creating public pem file for "+actor.Name) + err = pem.Encode(publicPem, publicKeyBlock) CheckError(err, "error encoding public pem") @@ -534,13 +532,13 @@ func CreatePem(db *sql.DB, actor Actor) { StorePemToDB(db, actor) } - fmt.Println(`Created PEM keypair for the "` + actor.Name +`" board. Please keep in mind that + fmt.Println(`Created PEM keypair for the "` + actor.Name + `" board. Please keep in mind that the PEM key is crucial in identifying yourself as the legitimate owner of the board, -so DO NOT LOSE IT!!! If you lose it, YOU WILL LOSE ACCESS TO YOUR BOARD!`); +so DO NOT LOSE IT!!! If you lose it, YOU WILL LOSE ACCESS TO YOUR BOARD!`) } -func CreatePublicKeyFromPrivate(db *sql.DB, actor *Actor, publicKeyPem string) error{ - publicFilename := GetActorPemFileFromDB(db, publicKeyPem); +func CreatePublicKeyFromPrivate(db *sql.DB, actor *Actor, publicKeyPem string) error { + publicFilename := GetActorPemFileFromDB(db, publicKeyPem) privateFilename := strings.ReplaceAll(publicFilename, "public.pem", "private.pem") _, err := os.Stat(privateFilename) if err == nil { @@ -551,7 +549,7 @@ func CreatePublicKeyFromPrivate(db *sql.DB, actor *Actor, publicKeyPem string) e if block == nil || block.Type != "RSA PRIVATE KEY" { return errors.New("failed to decode PEM block containing public key") } - + key, err := x509.ParsePKCS1PrivateKey(block.Bytes) CheckError(err, "failed to parse private key") @@ -562,13 +560,13 @@ func CreatePublicKeyFromPrivate(db *sql.DB, actor *Actor, publicKeyPem string) e Headers: nil, Bytes: publicKeyDer, } - + publicFileWriter, err := os.Create(publicFilename) - CheckError(err, "error creating public pem file for " + actor.Name) + CheckError(err, "error creating public pem file for "+actor.Name) err = pem.Encode(publicFileWriter, &pubKeyBlock) CheckError(err, "error encoding public pem") - }else{ + } else { fmt.Println(`\nUnable to locate private key from public key generation. Now, this means that you are now missing the proof that you are the owner of the "` + actor.Name + `" board. If you are the developer, @@ -584,15 +582,15 @@ accepting your posts from your board from this site. Good luck ;)`) func StorePemToDB(db *sql.DB, actor Actor) { query := "select publicKeyPem from actor where id=$1" rows, err := db.Query(query, actor.Id) - - CheckError(err, "error selecting publicKeyPem id from actor") + + CheckError(err, "error selecting publicKeyPem id from actor") var result string defer rows.Close() rows.Next() rows.Scan(&result) - if(result != "") { + if result != "" { return } @@ -619,22 +617,22 @@ func ActivitySign(db *sql.DB, actor Actor, signature string) (string, error) { rows.Next() rows.Scan(&file) - file = strings.ReplaceAll(file, "public.pem", "private.pem") + file = strings.ReplaceAll(file, "public.pem", "private.pem") _, err = os.Stat(file) if err == nil { - publickey, err:= ioutil.ReadFile(file) + publickey, err := ioutil.ReadFile(file) CheckError(err, "error reading file") block, _ := pem.Decode(publickey) pub, _ := x509.ParsePKCS1PrivateKey(block.Bytes) - rng :=crand.Reader + rng := crand.Reader hashed := sha256.New() - hashed.Write([]byte(signature)) + hashed.Write([]byte(signature)) cipher, _ := rsa.SignPKCS1v15(rng, pub, crypto.SHA256, hashed.Sum(nil)) return base64.StdEncoding.EncodeToString(cipher), nil - }else{ + } else { fmt.Println(`\n Unable to locate private key. Now, this means that you are now missing the proof that you are the owner of the "` + actor.Name + `" board. If you are the developer, @@ -666,22 +664,21 @@ func ActivityVerify(actor Actor, signature string, verify string) error { func VerifyHeaderSignature(r *http.Request, actor Actor) bool { s := ParseHeaderSignature(r.Header.Get("Signature")) - var method string - var path string - var host string - var date string - var digest string - var contentLength string + var method string + var path string + var host string + var date string + var digest string + var contentLength string var sig string for i, e := range s.Headers { var nl string - if i < len(s.Headers) - 1 { + if i < len(s.Headers)-1 { nl = "\n" } - - + if e == "(request-target)" { method = strings.ToLower(r.Method) path = r.URL.Path @@ -709,9 +706,9 @@ func VerifyHeaderSignature(r *http.Request, actor Actor) bool { if e == "content-length" { contentLength = r.Header.Get("content-length") - sig += "content-length: " + contentLength + "" + nl + sig += "content-length: " + contentLength + "" + nl continue - } + } } if s.KeyId != actor.PublicKey.Id { @@ -720,14 +717,14 @@ func VerifyHeaderSignature(r *http.Request, actor Actor) bool { t, _ := time.Parse(time.RFC1123, date) - if(time.Now().UTC().Sub(t).Seconds() > 75) { + if time.Now().UTC().Sub(t).Seconds() > 75 { return false } - + if ActivityVerify(actor, s.Signature, sig) != nil { return false } - + return true } @@ -737,7 +734,7 @@ func ParseHeaderSignature(signature string) Signature { keyId := regexp.MustCompile(`keyId=`) headers := regexp.MustCompile(`headers=`) sig := regexp.MustCompile(`signature=`) - algo := regexp.MustCompile(`algorithm=`) + algo := regexp.MustCompile(`algorithm=`) signature = strings.ReplaceAll(signature, "\"", "") parts := strings.Split(signature, ",") @@ -747,7 +744,7 @@ func ParseHeaderSignature(signature string) Signature { nsig.KeyId = keyId.ReplaceAllString(e, "") continue } - + if headers.MatchString(e) { header := headers.ReplaceAllString(e, "") nsig.Headers = strings.Split(header, " ") @@ -762,7 +759,7 @@ func ParseHeaderSignature(signature string) Signature { if algo.MatchString(e) { nsig.Algorithm = algo.ReplaceAllString(e, "") continue - } + } } return nsig |