feat: preparing structures for validation features;
feat: config variables for password requirements; feat: util function for validating passwords
This commit is contained in:
63
backend/internal/utils/security.go
Normal file
63
backend/internal/utils/security.go
Normal file
@@ -0,0 +1,63 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"easywish/config"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
func GenerateSecure6DigitNumber() (string, error) {
|
||||
// Generate a random number between 0 and 999999 (inclusive)
|
||||
// This ensures we get a 6-digit number, including those starting with 0
|
||||
max := 1000000 // Upper bound (exclusive)
|
||||
b := make([]byte, 4) // A 4-byte slice is sufficient for a 32-bit integer
|
||||
|
||||
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
||||
return "", fmt.Errorf("failed to read random bytes: %w", err)
|
||||
}
|
||||
|
||||
// Convert bytes to an integer
|
||||
// We use a simple modulo operation to get a number within our desired range.
|
||||
// While this introduces a slight bias for very large ranges, for 1,000,000
|
||||
// it's negligible and simpler than more complex methods like rejection sampling.
|
||||
num := int(uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])) % max
|
||||
|
||||
return fmt.Sprintf("%06d", num), nil
|
||||
}
|
||||
|
||||
func ValidatePassword(password string) error {
|
||||
cfg := config.GetConfig()
|
||||
|
||||
if cfg.PasswordCheckLength {
|
||||
passwordLength := len(password); if passwordLength < 8 || passwordLength > 100 {
|
||||
return errors.New("Password must be between 8 and 100 characters")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckNumbers {
|
||||
numbersPresent := regexp.MustCompile(`[0-9]`).MatchString(password); if !numbersPresent {
|
||||
return errors.New("Password must contain at least 1 number")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckCases {
|
||||
differentCasesPresent := regexp.MustCompile(`(?=.*[a-z])(?=.*[A-Z])`).MatchString(password); if !differentCasesPresent {
|
||||
return errors.New("Password must contain at least 1 number")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckSymbols {
|
||||
symbolsPresent := regexp.MustCompile(`[.,/;'[\]\-=_+{}:"<>?\/|!@#$%^&*()~]`).MatchString(password); if !symbolsPresent {
|
||||
return errors.New("Password must contain at least one special symbol")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckLeaked {
|
||||
// TODO: implement checking leaked passwords via rockme.txt
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"fmt"
|
||||
"io"
|
||||
)
|
||||
|
||||
func GenerateSecure6DigitNumber() (string, error) {
|
||||
// Generate a random number between 0 and 999999 (inclusive)
|
||||
// This ensures we get a 6-digit number, including those starting with 0
|
||||
max := 1000000 // Upper bound (exclusive)
|
||||
b := make([]byte, 4) // A 4-byte slice is sufficient for a 32-bit integer
|
||||
|
||||
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
||||
return "", fmt.Errorf("failed to read random bytes: %w", err)
|
||||
}
|
||||
|
||||
// Convert bytes to an integer
|
||||
// We use a simple modulo operation to get a number within our desired range.
|
||||
// While this introduces a slight bias for very large ranges, for 1,000,000
|
||||
// it's negligible and simpler than more complex methods like rejection sampling.
|
||||
num := int(uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])) % max
|
||||
|
||||
return fmt.Sprintf("%06d", num), nil
|
||||
}
|
||||
Reference in New Issue
Block a user