Start refactoring
This commit is contained in:
Aurélie Delhaie
109
config/config.go
109
config/config.go
@@ -1,84 +1,69 @@
|
||||
package config
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"gopkg.in/yaml.v3"
|
||||
"log"
|
||||
"os"
|
||||
)
|
||||
|
||||
type Configuration struct {
|
||||
Server ServerConfiguration `yaml:"server"`
|
||||
Database DatabaseConfiguration `yaml:"database"`
|
||||
Features FeaturesConfiguration `yaml:"features"`
|
||||
Path PathConfiguration `yaml:"path"`
|
||||
}
|
||||
type (
|
||||
Configuration struct {
|
||||
Server ServerConfiguration `yaml:"server"`
|
||||
Database DatabaseConfiguration `yaml:"database"`
|
||||
Features FeaturesConfiguration `yaml:"features"`
|
||||
Path PathConfiguration `yaml:"path"`
|
||||
}
|
||||
|
||||
type PathConfiguration struct {
|
||||
Cache string `yaml:"cache"`
|
||||
Storage string `yaml:"storage"`
|
||||
}
|
||||
PathConfiguration struct {
|
||||
Cache string `yaml:"cache"`
|
||||
Storage string `yaml:"storage"`
|
||||
RSAKey string `yaml:"rsa_key"`
|
||||
}
|
||||
|
||||
type ServerConfiguration struct {
|
||||
Port int `yaml:"port"`
|
||||
}
|
||||
ServerConfiguration struct {
|
||||
Port int `yaml:"port"`
|
||||
PingEndPoint bool `yaml:"ping"`
|
||||
Compress bool `yaml:"compress"`
|
||||
}
|
||||
|
||||
type DatabaseConfiguration struct {
|
||||
Host string `yaml:"host"`
|
||||
Port int `yaml:"port"`
|
||||
Username string `yaml:"username"`
|
||||
Password *string `yaml:"password"`
|
||||
}
|
||||
DatabaseConfiguration struct {
|
||||
URL string `yaml:"url"`
|
||||
}
|
||||
|
||||
type FeaturesConfiguration struct {
|
||||
AllowRegister bool `yaml:"allow_register"`
|
||||
PasswordHashCost *int `yaml:"password_hash_cost"`
|
||||
}
|
||||
FeaturesConfiguration struct {
|
||||
AllowRegister bool `yaml:"allow_register"`
|
||||
PasswordHashCost *int `yaml:"password_hash_cost"`
|
||||
}
|
||||
)
|
||||
|
||||
var currentConfig *Configuration
|
||||
|
||||
func Init() {
|
||||
path := flag.String("config", "./config.yml", "Set the configuration file path")
|
||||
flag.Parse()
|
||||
configYamlContent, err := os.ReadFile(*path)
|
||||
func Load(path string) (Configuration, error) {
|
||||
configYamlContent, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
return Configuration{}, err
|
||||
}
|
||||
err = yaml.Unmarshal(configYamlContent, ¤tConfig)
|
||||
if err != nil {
|
||||
log.Fatalf("error: %s", err)
|
||||
var config Configuration
|
||||
if err := yaml.Unmarshal(configYamlContent, &config); err != nil {
|
||||
return Configuration{}, err
|
||||
}
|
||||
checkConfig()
|
||||
if err := checkConfig(config); err != nil {
|
||||
return Configuration{}, err
|
||||
}
|
||||
return config, nil
|
||||
}
|
||||
|
||||
func checkConfig() {
|
||||
if currentConfig.Features.PasswordHashCost == nil {
|
||||
currentConfig.Features.PasswordHashCost = new(int)
|
||||
*currentConfig.Features.PasswordHashCost = bcrypt.DefaultCost
|
||||
} else if *currentConfig.Features.PasswordHashCost < bcrypt.MinCost && *currentConfig.Features.PasswordHashCost > bcrypt.MaxCost {
|
||||
log.Fatalf("password_hash_cost is not on the supported range (%d < x < %d)", bcrypt.MinCost, bcrypt.MaxCost)
|
||||
func checkConfig(c Configuration) error {
|
||||
if c.Features.PasswordHashCost == nil {
|
||||
c.Features.PasswordHashCost = new(int)
|
||||
*c.Features.PasswordHashCost = bcrypt.DefaultCost
|
||||
} else if *c.Features.PasswordHashCost < bcrypt.MinCost && *c.Features.PasswordHashCost > bcrypt.MaxCost {
|
||||
return fmt.Errorf("password_hash_cost is not on the supported range (%d < x < %d)", bcrypt.MinCost, bcrypt.MaxCost)
|
||||
}
|
||||
if _, err := os.Stat(currentConfig.Path.Storage); err != nil {
|
||||
log.Fatal(err)
|
||||
if _, err := os.Stat(c.Path.Storage); err != nil {
|
||||
return nil
|
||||
}
|
||||
if _, err := os.Stat(currentConfig.Path.Cache); err != nil {
|
||||
log.Fatal(err)
|
||||
if _, err := os.Stat(c.Path.Cache); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
func Database() *DatabaseConfiguration {
|
||||
return ¤tConfig.Database
|
||||
}
|
||||
|
||||
func Features() *FeaturesConfiguration {
|
||||
return ¤tConfig.Features
|
||||
}
|
||||
|
||||
func Path() *PathConfiguration {
|
||||
return ¤tConfig.Path
|
||||
}
|
||||
|
||||
func Server() *ServerConfiguration {
|
||||
return ¤tConfig.Server
|
||||
return nil
|
||||
}
|
||||
|
||||
118
config/security/security.go
Normal file
118
config/security/security.go
Normal file
@@ -0,0 +1,118 @@
|
||||
package security
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"golang.org/x/crypto/ssh"
|
||||
"log"
|
||||
"os"
|
||||
"path"
|
||||
)
|
||||
|
||||
const (
|
||||
defaultPrivateKeyName = "id_rsa"
|
||||
defaultPublicKeyName = "id_rsa.pub"
|
||||
)
|
||||
|
||||
// GenerateNewRSAKey generates a new RSA key, writes it to a file and return the private key
|
||||
func GenerateNewRSAKey(savePath string, bitSize uint16) (*rsa.PrivateKey, error) {
|
||||
pkPath := path.Join(savePath, defaultPrivateKeyName)
|
||||
pubPath := path.Join(savePath, defaultPublicKeyName)
|
||||
|
||||
privateKey, err := generatePrivateKey(int(bitSize))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
publicKeyBytes, err := generatePublicKey(&privateKey.PublicKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
privateKeyBytes := encodePrivateKeyToPEM(privateKey)
|
||||
|
||||
if err := writeKeyToFile(privateKeyBytes, pkPath); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := writeKeyToFile(publicKeyBytes, pubPath); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return privateKey, nil
|
||||
}
|
||||
|
||||
func LoadPrivateKey(folderPath string) (*rsa.PrivateKey, error) {
|
||||
pkPath := path.Join(folderPath, defaultPrivateKeyName)
|
||||
f, err := os.ReadFile(pkPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
block, _ := pem.Decode(f)
|
||||
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return key, nil
|
||||
}
|
||||
|
||||
func generatePrivateKey(bitSize int) (*rsa.PrivateKey, error) {
|
||||
// Private Key generation
|
||||
privateKey, err := rsa.GenerateKey(rand.Reader, bitSize)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Validate Private Key
|
||||
err = privateKey.Validate()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
log.Println("Private Key generated")
|
||||
return privateKey, nil
|
||||
}
|
||||
|
||||
// encodePrivateKeyToPEM encodes Private Key from RSA to PEM format
|
||||
func encodePrivateKeyToPEM(privateKey *rsa.PrivateKey) []byte {
|
||||
// Get ASN.1 DER format
|
||||
privDER := x509.MarshalPKCS1PrivateKey(privateKey)
|
||||
|
||||
// pem.Block
|
||||
privBlock := pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Headers: nil,
|
||||
Bytes: privDER,
|
||||
}
|
||||
|
||||
// Private key in PEM format
|
||||
privatePEM := pem.EncodeToMemory(&privBlock)
|
||||
|
||||
return privatePEM
|
||||
}
|
||||
|
||||
// generatePublicKey take a rsa.PublicKey and return bytes suitable for writing to .pub file
|
||||
// returns in the format "ssh-rsa ..."
|
||||
func generatePublicKey(privatekey *rsa.PublicKey) ([]byte, error) {
|
||||
publicRsaKey, err := ssh.NewPublicKey(privatekey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pubKeyBytes := ssh.MarshalAuthorizedKey(publicRsaKey)
|
||||
|
||||
log.Println("Public key generated")
|
||||
return pubKeyBytes, nil
|
||||
}
|
||||
|
||||
// writePemToFile writes keys to a file
|
||||
func writeKeyToFile(keyBytes []byte, saveFileTo string) error {
|
||||
err := os.WriteFile(saveFileTo, keyBytes, 0600)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("Key saved to: %s", saveFileTo)
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user