"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "internal/home/auth.go" between
AdGuardHome-0.105.1.tar.gz and AdGuardHome-0.105.2.tar.gz

About: AdGuard Home is a network-wide ads & trackers blocking DNS server. It operates as a DNS server that re-routes tracking domains to a "black hole," thus preventing your devices from connecting to those servers.

auth.go  (AdGuardHome-0.105.1):auth.go  (AdGuardHome-0.105.2)
package home package home
import ( import (
"crypto/rand" "crypto/rand"
"crypto/sha256"
"encoding/binary" "encoding/binary"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
"math"
"math/big"
"net/http" "net/http"
"strings" "strings"
"sync" "sync"
"time" "time"
"github.com/AdguardTeam/golibs/log" "github.com/AdguardTeam/golibs/log"
"go.etcd.io/bbolt" "go.etcd.io/bbolt"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
) )
const ( const (
cookieTTL = 365 * 24 // in hours // cookieTTL is given in hours.
cookieTTL = 365 * 24
sessionCookieName = "agh_session" sessionCookieName = "agh_session"
// sessionTokenSize is the length of session token in bytes.
sessionTokenSize = 16
) )
type session struct { type session struct {
userName string userName string
expire uint32 // expiration time (in seconds) expire uint32 // expiration time (in seconds)
} }
func (s *session) serialize() []byte { func (s *session) serialize() []byte {
const ( const (
expireLen = 4 expireLen = 4
skipping to change at line 288 skipping to change at line 289
delete(a.sessions, sess) delete(a.sessions, sess)
a.lock.Unlock() a.lock.Unlock()
a.removeSession(key) a.removeSession(key)
} }
type loginJSON struct { type loginJSON struct {
Name string `json:"name"` Name string `json:"name"`
Password string `json:"password"` Password string `json:"password"`
} }
func getSession(u *User) ([]byte, error) { // newSessionToken returns cryptographically secure randomly generated slice of
maxSalt := big.NewInt(math.MaxUint32) // bytes of sessionTokenSize length.
salt, err := rand.Int(rand.Reader, maxSalt) //
// TODO(e.burkov): Think about using byte array instead of byte slice.
func newSessionToken() (data []byte, err error) {
randData := make([]byte, sessionTokenSize)
_, err = rand.Read(randData)
if err != nil { if err != nil {
return nil, err return nil, err
} }
d := []byte(fmt.Sprintf("%s%s%s", salt, u.Name, u.PasswordHash)) return randData, nil
hash := sha256.Sum256(d) }
return hash[:], nil
// cookieTimeFormat is the format to be used in (time.Time).Format for cookie's
// expiry field.
const cookieTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
// cookieExpiryFormat returns the formatted exp to be used in cookie string.
// It's quite simple for now, but probably will be expanded in the future.
func cookieExpiryFormat(exp time.Time) (formatted string) {
return exp.Format(cookieTimeFormat)
} }
func (a *Auth) httpCookie(req loginJSON) (string, error) { func (a *Auth) httpCookie(req loginJSON) (string, error) {
u := a.UserFind(req.Name, req.Password) u := a.UserFind(req.Name, req.Password)
if len(u.Name) == 0 { if len(u.Name) == 0 {
return "", nil return "", nil
} }
sess, err := getSession(&u) sess, err := newSessionToken()
if err != nil { if err != nil {
return "", err return "", err
} }
now := time.Now().UTC() now := time.Now().UTC()
expire := now.Add(cookieTTL * time.Hour)
expstr := expire.Format(time.RFC1123)
expstr = expstr[:len(expstr)-len("UTC")] // "UTC" -> "GMT"
expstr += "GMT"
s := session{}
s.userName = u.Name
s.expire = uint32(now.Unix()) + a.sessionTTL
a.addSession(sess, &s)
return fmt.Sprintf("%s=%s; Path=/; HttpOnly; Expires=%s", a.addSession(sess, &session{
sessionCookieName, hex.EncodeToString(sess), expstr), nil userName: u.Name,
expire: uint32(now.Unix()) + a.sessionTTL,
})
return fmt.Sprintf(
"%s=%s; Path=/; HttpOnly; Expires=%s",
sessionCookieName, hex.EncodeToString(sess),
cookieExpiryFormat(now.Add(cookieTTL*time.Hour)),
), nil
} }
func handleLogin(w http.ResponseWriter, r *http.Request) { func handleLogin(w http.ResponseWriter, r *http.Request) {
req := loginJSON{} req := loginJSON{}
err := json.NewDecoder(r.Body).Decode(&req) err := json.NewDecoder(r.Body).Decode(&req)
if err != nil { if err != nil {
httpError(w, http.StatusBadRequest, "json decode: %s", err) httpError(w, http.StatusBadRequest, "json decode: %s", err)
return return
} }
 End of changes. 9 change blocks. 
22 lines changed or deleted 35 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)