Add Auth functions

2025-05-10 18:38:22 +00:00 · 2023-05-14 03:23:11 +02:00 · 2023-05-14 03:23:11 +02:00 · e8f697003e
commit e8f697003e
parent 24ed25da3f
1 changed files with 47 additions and 0 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@ -0,0 +1,47 @@
+package auth
+
+import (
+	"fmt"
+	"math/rand"
+	"time"
+
+	"github.com/tredoe/osutil/user/crypt/sha512_crypt"
+	"nfsense.net/nfsense/internal/definitions/config"
+)
+
+func AuthenticateUser(conf config.Config, username, password string) error {
+	user, ok := conf.System.Users[username]
+	if !ok {
+		return fmt.Errorf("User not found")
+	}
+
+	// Using sha512 to be compatible with /etc/shadow
+	c := sha512_crypt.New()
+	hash, err := c.Generate([]byte(password), []byte(user.Salt))
+	if err != nil {
+		return fmt.Errorf("Hashing Password: %w", err)
+	}
+
+	if hash == user.Hash {
+		return nil
+	}
+
+	return fmt.Errorf("Invalid Password")
+}
+
+func GenerateHash(password string) (string, string, error) {
+	const charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
+	s := make([]byte, 8)
+	for i := range s {
+		s[i] = charset[seededRand.Intn(len(charset))]
+	}
+	salt := []byte(fmt.Sprintf("$6$%s", s))
+
+	c := sha512_crypt.New()
+	hash, err := c.Generate([]byte(password), []byte(salt))
+	if err != nil {
+		return "", "", fmt.Errorf("Hashing Password: %w", err)
+	}
+	return hash, string(salt), nil
+}