From 3e8171162bc2bf1f7ddd61962288b6ba0102d412 Mon Sep 17 00:00:00 2001 From: qpismont Date: Tue, 18 Mar 2025 21:19:49 +0000 Subject: [PATCH] Update dependencies, improve password handling, and enhance devcontainer configuration. Bump Go version to 1.24.1, add Air version to Dockerfile, and refactor password hashing and comparison functions to return errors. Update tests accordingly. --- .devcontainer/Dockerfile | 5 ++++- .devcontainer/devcontainer.json | 3 ++- go.mod | 9 +++++---- go.sum | 16 +++++++++------ internal/accounts/service/account.go | 7 ++++++- internal/core/hash.go | 29 ++++++++++++++++++++++------ internal/core/hash_test.go | 15 ++++++-------- 7 files changed, 56 insertions(+), 28 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index a9a9e45..5a2fbbd 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -5,14 +5,17 @@ WORKDIR /app ARG GO_VERSION ARG GOLANGCI_LINT_VERSION ARG MIGRATE_VERSION +ARG AIR_VERSION RUN apt update &&\ apt install git wget curl -y &&\ wget https://go.dev/dl/go$GO_VERSION.linux-amd64.tar.gz &&\ rm -rf /usr/local/go && tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz &&\ - curl -sSfL https://raw.githubusercontent.com/air-verse/air/master/install.sh | sh -s -- -b /usr/local/go/bin &&\ wget https://github.com/golangci/golangci-lint/releases/download/v$GOLANGCI_LINT_VERSION/golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\ dpkg -i golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\ wget https://github.com/golang-migrate/migrate/releases/download/v$MIGRATE_VERSION/migrate.linux-amd64.deb &&\ dpkg -i migrate.linux-amd64.deb &&\ + wget https://github.com/air-verse/air/releases/download/v$AIR_VERSION/air_${AIR_VERSION}_linux_amd64 &&\ + chmod +x air_${AIR_VERSION}_linux_amd64 &&\ + mv air_${AIR_VERSION}_linux_amd64 /usr/local/go/bin/air &&\ echo "export PATH=$PATH:/usr/local/go/bin" > /root/.bashrc \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 3432c1e..2f0d0d9 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -6,7 +6,8 @@ "args": { "GO_VERSION": "1.24.1", "GOLANGCI_LINT_VERSION": "1.64.5", - "MIGRATE_VERSION": "4.18.2" + "MIGRATE_VERSION": "4.18.2", + "AIR_VERSION": "1.61.7" } }, "customizations": { diff --git a/go.mod b/go.mod index 15d4a83..cab4140 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,13 @@ module gitea.qpismont.fr/qpismont/trepa go 1.24.0 require ( + github.com/go-playground/validator/v10 v10.25.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/jackc/pgx v3.6.2+incompatible github.com/jmoiron/sqlx v1.4.0 github.com/joho/godotenv v1.5.1 github.com/magiconair/properties v1.8.9 + github.com/matthewhartstonge/argon2 v1.2.0 github.com/stretchr/testify v1.10.0 ) @@ -17,16 +19,15 @@ require ( github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.25.0 // indirect github.com/gofrs/uuid v4.4.0+incompatible // indirect github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect github.com/leodido/go-urn v1.4.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/crypto v0.33.0 // indirect + golang.org/x/crypto v0.36.0 // indirect golang.org/x/net v0.34.0 // indirect - golang.org/x/sys v0.30.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/text v0.23.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index c4f4b80..7ba8b2c 100644 --- a/go.sum +++ b/go.sum @@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= +github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= @@ -32,6 +34,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM= github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/matthewhartstonge/argon2 v1.2.0 h1:oHo0H92JcmG4q5Ax6MuwDHa6iuJPz97RLwSfqcrjsSY= +github.com/matthewhartstonge/argon2 v1.2.0/go.mod h1:2zMl2u3Ooe9zkpeU61cmcAJ4vgMC3YfvRbKWnPg0wAU= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -42,14 +46,14 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= -golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/internal/accounts/service/account.go b/internal/accounts/service/account.go index 9925549..b6a13fa 100644 --- a/internal/accounts/service/account.go +++ b/internal/accounts/service/account.go @@ -19,7 +19,12 @@ func (s *Service) Login(login domain.AccountLogin) (*domain.Account, *core.HTTPE return nil, domain.ErrAccountNotFound } - if !core.ComparePassword(login.Password, account.Password) { + ok, err := core.ComparePassword(login.Password, account.Password) + if err != nil { + return nil, domain.ErrBadPassword + } + + if !ok { return nil, domain.ErrBadPassword } diff --git a/internal/core/hash.go b/internal/core/hash.go index f5cb3e6..16a60ae 100644 --- a/internal/core/hash.go +++ b/internal/core/hash.go @@ -1,12 +1,29 @@ package core -import "golang.org/x/crypto/argon2" +import ( + "github.com/matthewhartstonge/argon2" +) -func HashPassword(password string) string { - return string(argon2.IDKey([]byte(password), nil, 1, 64*1024, 4, 32)) +func HashPassword(password string) (string, error) { + argon := instanceArgon2() + + hash, err := argon.HashEncoded([]byte(password)) + if err != nil { + return "", err + } + + return string(hash), nil } -func ComparePassword(password string, hash string) bool { - hashedPassword := HashPassword(password) - return hashedPassword == hash +func ComparePassword(password string, hash string) (bool, error) { + ok, err := argon2.VerifyEncoded([]byte(password), []byte(hash)) + if err != nil { + return false, err + } + + return ok, nil +} + +func instanceArgon2() argon2.Config { + return argon2.DefaultConfig() } diff --git a/internal/core/hash_test.go b/internal/core/hash_test.go index ff194d1..4e61e39 100644 --- a/internal/core/hash_test.go +++ b/internal/core/hash_test.go @@ -8,14 +8,11 @@ import ( func TestHashPassword(t *testing.T) { password := "password" - hashedPassword := HashPassword(password) - assert.NotEmpty(t, hashedPassword) - t.Log(hashedPassword) - assert.Equal(t, hashedPassword, "LOLPASSWORD") -} + hashedPassword, err := HashPassword(password) -func TestComparePassword(t *testing.T) { - password := "password" - hashedPassword := HashPassword(password) - assert.True(t, ComparePassword(password, hashedPassword)) + assert.NoError(t, err) + + hashedOk, err := ComparePassword(password, hashedPassword) + assert.NoError(t, err) + assert.True(t, hashedOk) }