added validation for user fields on sqlboiler.BeforeInsertHook, added hashing of secret before insert

author: Alexander Kavon <me+git@alexkavon.com> 2024-01-22 14:56:36 -0500
committer: Alexander Kavon <me+git@alexkavon.com> 2024-01-22 14:56:36 -0500
commit: a1df83e8b5737a198a3fba4de23ca2c80828f623 (patch)
tree: 95ae9bc9a87b945e149373d9753c8e158f003a6f /src
parent: 4f15e271f541ecd525268efa40992e0f5c057e12 (diff)
3 files changed, 79 insertions, 30 deletions
diff --git a/src/user/hooks.go b/src/user/hooks.go
new file mode 100644
index 0000000..0ab5ab0
--- /dev/null
+++ b/src/user/hooks.go
@@ -0,0 +1,72 @@
+package user
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+
+	validation "github.com/go-ozzo/ozzo-validation/v4"
+	"github.com/go-ozzo/ozzo-validation/v4/is"
+	"github.com/volatiletech/sqlboiler/v4/boil"
+	"gitlab.com/alexkavon/newsstand/src/models"
+	"golang.org/x/crypto/argon2"
+)
+
+func init() {
+	models.AddUserHook(boil.BeforeInsertHook, validate)
+	// should always be last
+	models.AddUserHook(boil.BeforeInsertHook, hashSecret)
+}
+
+func validate(ctx context.Context, exec boil.ContextExecutor, u *models.User) error {
+	// validate user
+	err := validation.ValidateStruct(u,
+		validation.Field(&u.Username, validation.Required, validation.Length(3, 50)),
+		validation.Field(&u.Secret, validation.Required, validation.Length(8, 128)),
+		validation.Field(&u.Email, validation.Required, is.Email),
+	)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func hashSecret(ctx context.Context, exec boil.ContextExecutor, u *models.User) error {
+	hashconf := &struct {
+		memory      uint32
+		iterations  uint32
+		parallelism uint8
+		keyLength   uint32
+		saltLength  uint32
+	}{64 * 1024, 3, 2, 12, 16}
+	salt := make([]byte, hashconf.saltLength)
+	_, err := rand.Read(salt)
+	if err != nil {
+		return err
+	}
+
+	hash := argon2.IDKey(
+		[]byte(u.Secret),
+		salt,
+		hashconf.iterations,
+		hashconf.memory,
+		hashconf.parallelism,
+		hashconf.keyLength,
+	)
+	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
+	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
+	encodedHash := fmt.Sprintf(
+		"$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
+		argon2.Version,
+		hashconf.memory,
+		hashconf.iterations,
+		hashconf.parallelism,
+		b64Salt,
+		b64Hash,
+	)
+
+	u.Secret = encodedHash
+	return nil
+}
diff --git a/src/user/routes.go b/src/user/routes.go
index b163fb7..7cbd3fb 100644
--- a/src/user/routes.go
+++ b/src/user/routes.go
@@ -4,7 +4,6 @@ import (
 	"log"
 	"net/http"
 
-	"github.com/go-playground/validator/v10"
 	"github.com/volatiletech/sqlboiler/v4/boil"
 	"gitlab.com/alexkavon/newsstand/src/models"
 	"gitlab.com/alexkavon/newsstand/src/server"
@@ -70,23 +69,10 @@ func Store(s *server.Server) http.HandlerFunc {
 		user.Username = r.PostFormValue("username")
 		user.Secret = r.PostFormValue("secret")
 		user.Email = r.PostFormValue("email")
-		// Validate User Input
-		v := validator.New()
-		err := v.Struct(user)
-		if err != nil {
-			log.Fatal("Validator failed", err.(validator.ValidationErrors))
-		}
-
-		// Hash secret
-		secret := &Secret{Raw: user.Secret}
-		err = secret.HashSecret()
-		if err != nil {
-			log.Fatal("Hash failure", err)
-		}
-		user.Secret = secret.Hash()
 
-		// Store user
-		err = user.Insert(r.Context(), s.Db.ToSqlDb(), boil.Infer())
+		// Store user, this package (user) will init
+		// a validation hook to check values and hash secret
+		err := user.Insert(r.Context(), s.Db.ToSqlDb(), boil.Infer())
 		if err != nil {
 			log.Fatal("Insert Error", err)
 		}
diff --git a/src/user/secret.go b/src/user/secret.go
index 55b8bc6..b6382fe 100644
--- a/src/user/secret.go
+++ b/src/user/secret.go
@@ -8,12 +8,7 @@ import (
 	"golang.org/x/crypto/argon2"
 )
 
-type Secret struct {
-	Raw  string
-	hash string
-}
-
-func (s Secret) HashSecret() error {
+func HashSecret(secret string) (string, error) {
 	hashconf := &struct {
 		memory      uint32
 		iterations  uint32
@@ -24,11 +19,11 @@ func (s Secret) HashSecret() error {
 	salt := make([]byte, hashconf.saltLength)
 	_, err := rand.Read(salt)
 	if err != nil {
-		return err
+		return "", err
 	}
 
 	hash := argon2.IDKey(
-		[]byte(s.Raw),
+		[]byte(secret),
 		salt,
 		hashconf.iterations,
 		hashconf.memory,
@@ -46,10 +41,6 @@ func (s Secret) HashSecret() error {
 		b64Salt,
 		b64Hash,
 	)
-	s.hash = encodedHash
-	return err
-}
 
-func (s *Secret) Hash() string {
-	return s.hash
+	return encodedHash, nil
 }
author	Alexander Kavon <me+git@alexkavon.com>	2024-01-22 14:56:36 -0500
committer	Alexander Kavon <me+git@alexkavon.com>	2024-01-22 14:56:36 -0500
commit	a1df83e8b5737a198a3fba4de23ca2c80828f623 (patch)
tree	95ae9bc9a87b945e149373d9753c8e158f003a6f /src
parent	4f15e271f541ecd525268efa40992e0f5c057e12 (diff)