From e8f697003e7d927f91aa83ed942de8cc05b1a5b3 Mon Sep 17 00:00:00 2001
From: Samuel Lorch <sam@soontm.de>
Date: Sun, 14 May 2023 03:23:11 +0200
Subject: [PATCH] Add Auth functions

---
 internal/auth/auth.go | 47 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 internal/auth/auth.go

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
new file mode 100644
index 0000000..11617b0
--- /dev/null
+++ b/internal/auth/auth.go
@@ -0,0 +1,47 @@
+package auth
+
+import (
+	"fmt"
+	"math/rand"
+	"time"
+
+	"github.com/tredoe/osutil/user/crypt/sha512_crypt"
+	"nfsense.net/nfsense/internal/definitions/config"
+)
+
+func AuthenticateUser(conf config.Config, username, password string) error {
+	user, ok := conf.System.Users[username]
+	if !ok {
+		return fmt.Errorf("User not found")
+	}
+
+	// Using sha512 to be compatible with /etc/shadow
+	c := sha512_crypt.New()
+	hash, err := c.Generate([]byte(password), []byte(user.Salt))
+	if err != nil {
+		return fmt.Errorf("Hashing Password: %w", err)
+	}
+
+	if hash == user.Hash {
+		return nil
+	}
+
+	return fmt.Errorf("Invalid Password")
+}
+
+func GenerateHash(password string) (string, string, error) {
+	const charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
+	s := make([]byte, 8)
+	for i := range s {
+		s[i] = charset[seededRand.Intn(len(charset))]
+	}
+	salt := []byte(fmt.Sprintf("$6$%s", s))
+
+	c := sha512_crypt.New()
+	hash, err := c.Generate([]byte(password), []byte(salt))
+	if err != nil {
+		return "", "", fmt.Errorf("Hashing Password: %w", err)
+	}
+	return hash, string(salt), nil
+}