feat: preparing structures for validation features;
feat: config variables for password requirements; feat: util function for validating passwords
This commit is contained in:
@@ -1,31 +1,33 @@
|
||||
package models
|
||||
|
||||
type Tokens struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
AccessToken string `json:"access_token"`
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
}
|
||||
|
||||
type RegistrationBeginRequest struct {
|
||||
Username string `json:"username"`
|
||||
Email *string `json:"email"`
|
||||
Password string `json:"password"` // TODO: password checking
|
||||
Username string `json:"username" binding:"required,min=3,max=20"`
|
||||
Email *string `json:"email" binding:"email"`
|
||||
Password string `json:"password" binding:"required,password"` // TODO: password checking
|
||||
}
|
||||
|
||||
// TODO: length check
|
||||
type RegistrationCompleteRequest struct {
|
||||
Username string `json:"username"`
|
||||
VerificationCode string `json:"verification_code"`
|
||||
Name string `json:"name"`
|
||||
Username string `json:"username" binding:"required"`
|
||||
VerificationCode string `json:"verification_code" binding:"required"`
|
||||
Name string `json:"name" binding:"required,max=75"`
|
||||
Birthday *string `json:"birthday"`
|
||||
AvatarUrl *string `json:"avatar_url"`
|
||||
AvatarUrl *string `json:"avatar_url" binding:"http_url,max=255"`
|
||||
}
|
||||
|
||||
type RegistrationCompleteResponse struct {
|
||||
Tokens
|
||||
}
|
||||
|
||||
// TODO: length check
|
||||
type LoginRequest struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
Username string `json:"username" binding:"required"`
|
||||
Password string `json:"password" binding:"required"`
|
||||
TOTP *string `json:"totp"`
|
||||
}
|
||||
|
||||
@@ -33,8 +35,9 @@ type LoginResponse struct {
|
||||
Tokens
|
||||
}
|
||||
|
||||
// TODO: length check
|
||||
type RefreshRequest struct {
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
RefreshToken string `json:"refresh_token" binding:"required"`
|
||||
}
|
||||
|
||||
type RefreshResponse struct {
|
||||
|
||||
63
backend/internal/utils/security.go
Normal file
63
backend/internal/utils/security.go
Normal file
@@ -0,0 +1,63 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"easywish/config"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
func GenerateSecure6DigitNumber() (string, error) {
|
||||
// Generate a random number between 0 and 999999 (inclusive)
|
||||
// This ensures we get a 6-digit number, including those starting with 0
|
||||
max := 1000000 // Upper bound (exclusive)
|
||||
b := make([]byte, 4) // A 4-byte slice is sufficient for a 32-bit integer
|
||||
|
||||
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
||||
return "", fmt.Errorf("failed to read random bytes: %w", err)
|
||||
}
|
||||
|
||||
// Convert bytes to an integer
|
||||
// We use a simple modulo operation to get a number within our desired range.
|
||||
// While this introduces a slight bias for very large ranges, for 1,000,000
|
||||
// it's negligible and simpler than more complex methods like rejection sampling.
|
||||
num := int(uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])) % max
|
||||
|
||||
return fmt.Sprintf("%06d", num), nil
|
||||
}
|
||||
|
||||
func ValidatePassword(password string) error {
|
||||
cfg := config.GetConfig()
|
||||
|
||||
if cfg.PasswordCheckLength {
|
||||
passwordLength := len(password); if passwordLength < 8 || passwordLength > 100 {
|
||||
return errors.New("Password must be between 8 and 100 characters")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckNumbers {
|
||||
numbersPresent := regexp.MustCompile(`[0-9]`).MatchString(password); if !numbersPresent {
|
||||
return errors.New("Password must contain at least 1 number")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckCases {
|
||||
differentCasesPresent := regexp.MustCompile(`(?=.*[a-z])(?=.*[A-Z])`).MatchString(password); if !differentCasesPresent {
|
||||
return errors.New("Password must contain at least 1 number")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckSymbols {
|
||||
symbolsPresent := regexp.MustCompile(`[.,/;'[\]\-=_+{}:"<>?\/|!@#$%^&*()~]`).MatchString(password); if !symbolsPresent {
|
||||
return errors.New("Password must contain at least one special symbol")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckLeaked {
|
||||
// TODO: implement checking leaked passwords via rockme.txt
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
func GenerateSecure6DigitNumber() (string, error) {
|
||||
// Generate a random number between 0 and 999999 (inclusive)
|
||||
// This ensures we get a 6-digit number, including those starting with 0
|
||||
max := 1000000 // Upper bound (exclusive)
|
||||
b := make([]byte, 4) // A 4-byte slice is sufficient for a 32-bit integer
|
||||
|
||||
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
||||
return "", fmt.Errorf("failed to read random bytes: %w", err)
|
||||
}
|
||||
|
||||
// Convert bytes to an integer
|
||||
// We use a simple modulo operation to get a number within our desired range.
|
||||
// While this introduces a slight bias for very large ranges, for 1,000,000
|
||||
// it's negligible and simpler than more complex methods like rejection sampling.
|
||||
num := int(uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])) % max
|
||||
|
||||
return fmt.Sprintf("%06d", num), nil
|
||||
}
|
||||
Reference in New Issue
Block a user