diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index a9a9e45..5a2fbbd 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -5,14 +5,17 @@ WORKDIR /app ARG GO_VERSION ARG GOLANGCI_LINT_VERSION ARG MIGRATE_VERSION +ARG AIR_VERSION RUN apt update &&\ apt install git wget curl -y &&\ wget https://go.dev/dl/go$GO_VERSION.linux-amd64.tar.gz &&\ rm -rf /usr/local/go && tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz &&\ - curl -sSfL https://raw.githubusercontent.com/air-verse/air/master/install.sh | sh -s -- -b /usr/local/go/bin &&\ wget https://github.com/golangci/golangci-lint/releases/download/v$GOLANGCI_LINT_VERSION/golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\ dpkg -i golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\ wget https://github.com/golang-migrate/migrate/releases/download/v$MIGRATE_VERSION/migrate.linux-amd64.deb &&\ dpkg -i migrate.linux-amd64.deb &&\ + wget https://github.com/air-verse/air/releases/download/v$AIR_VERSION/air_${AIR_VERSION}_linux_amd64 &&\ + chmod +x air_${AIR_VERSION}_linux_amd64 &&\ + mv air_${AIR_VERSION}_linux_amd64 /usr/local/go/bin/air &&\ echo "export PATH=$PATH:/usr/local/go/bin" > /root/.bashrc \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 3432c1e..2f0d0d9 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -6,7 +6,8 @@ "args": { "GO_VERSION": "1.24.1", "GOLANGCI_LINT_VERSION": "1.64.5", - "MIGRATE_VERSION": "4.18.2" + "MIGRATE_VERSION": "4.18.2", + "AIR_VERSION": "1.61.7" } }, "customizations": { diff --git a/go.mod b/go.mod index 15d4a83..cab4140 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,13 @@ module gitea.qpismont.fr/qpismont/trepa go 1.24.0 require ( + github.com/go-playground/validator/v10 v10.25.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/jackc/pgx v3.6.2+incompatible github.com/jmoiron/sqlx v1.4.0 github.com/joho/godotenv v1.5.1 github.com/magiconair/properties v1.8.9 + github.com/matthewhartstonge/argon2 v1.2.0 github.com/stretchr/testify v1.10.0 ) @@ -17,16 +19,15 @@ require ( github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.25.0 // indirect github.com/gofrs/uuid v4.4.0+incompatible // indirect github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect github.com/leodido/go-urn v1.4.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/crypto v0.33.0 // indirect + golang.org/x/crypto v0.36.0 // indirect golang.org/x/net v0.34.0 // indirect - golang.org/x/sys v0.30.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/text v0.23.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index c4f4b80..7ba8b2c 100644 --- a/go.sum +++ b/go.sum @@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= @@ -32,6 +34,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM= github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/matthewhartstonge/argon2 v1.2.0 h1:oHo0H92JcmG4q5Ax6MuwDHa6iuJPz97RLwSfqcrjsSY= +github.com/matthewhartstonge/argon2 v1.2.0/go.mod h1:2zMl2u3Ooe9zkpeU61cmcAJ4vgMC3YfvRbKWnPg0wAU= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -42,14 +46,14 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= -golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/internal/accounts/service/account.go b/internal/accounts/service/account.go index 9925549..b6a13fa 100644 --- a/internal/accounts/service/account.go +++ b/internal/accounts/service/account.go @@ -19,7 +19,12 @@ func (s *Service) Login(login domain.AccountLogin) (*domain.Account, *core.HTTPE return nil, domain.ErrAccountNotFound } - if !core.ComparePassword(login.Password, account.Password) { + ok, err := core.ComparePassword(login.Password, account.Password) + if err != nil { + return nil, domain.ErrBadPassword + } + + if !ok { return nil, domain.ErrBadPassword } diff --git a/internal/core/hash.go b/internal/core/hash.go index f5cb3e6..16a60ae 100644 --- a/internal/core/hash.go +++ b/internal/core/hash.go @@ -1,12 +1,29 @@ package core -import "golang.org/x/crypto/argon2" +import ( + "github.com/matthewhartstonge/argon2" +) -func HashPassword(password string) string { - return string(argon2.IDKey([]byte(password), nil, 1, 64*1024, 4, 32)) +func HashPassword(password string) (string, error) { + argon := instanceArgon2() + + hash, err := argon.HashEncoded([]byte(password)) + if err != nil { + return "", err + } + + return string(hash), nil } -func ComparePassword(password string, hash string) bool { - hashedPassword := HashPassword(password) - return hashedPassword == hash +func ComparePassword(password string, hash string) (bool, error) { + ok, err := argon2.VerifyEncoded([]byte(password), []byte(hash)) + if err != nil { + return false, err + } + + return ok, nil +} + +func instanceArgon2() argon2.Config { + return argon2.DefaultConfig() } diff --git a/internal/core/hash_test.go b/internal/core/hash_test.go index ff194d1..4e61e39 100644 --- a/internal/core/hash_test.go +++ b/internal/core/hash_test.go @@ -8,14 +8,11 @@ import ( func TestHashPassword(t *testing.T) { password := "password" - hashedPassword := HashPassword(password) - assert.NotEmpty(t, hashedPassword) - t.Log(hashedPassword) - assert.Equal(t, hashedPassword, "LOLPASSWORD") -} + hashedPassword, err := HashPassword(password) -func TestComparePassword(t *testing.T) { - password := "password" - hashedPassword := HashPassword(password) - assert.True(t, ComparePassword(password, hashedPassword)) + assert.NoError(t, err) + + hashedOk, err := ComparePassword(password, hashedPassword) + assert.NoError(t, err) + assert.True(t, hashedOk) }