Make user login based on database entries

.gitignore

@@ -1 +1,6 @@
-credentials.json
+credentials.json
+web/browserconfig.xml
+web/fonts
+web/css/bootstrap.css
+web/js/vender/bootstrap.js
+sql/database.custom.sql

auth.go

@@ -1,12 +1,18 @@
 package main
 
 import (
+	"bytes"
 	"container/heap"
 	"crypto/rand"
+	"crypto/sha1"
+	"database/sql"
 	"encoding/base64"
 	"errors"
+	_ "github.com/lib/pq"
+	"golang.org/x/crypto/pbkdf2"
 	"log"
 	"net/http"
+	"strings"
 	"time"
 )
 
@@ -52,6 +58,7 @@ func (pq *SessionQueue) Pop() interface{} {
 var (
 	sessions     = make(map[string]*SessionData)
 	sessionQueue = make(SessionQueue, 0)
+	db           *sql.DB
 )
 
 func sessionExpirer() {
@@ -66,6 +73,17 @@ func sessionExpirer() {
 
 func init() {
 	go sessionExpirer()
+
+	connStr := "user=levyraati password=levyraati dbname=levyraati sslmode=disable"
+	var err error
+	db, err = sql.Open("postgres", connStr)
+	if err != nil {
+		log.Fatal(err)
+	}
+	_, err = db.Query("SELECT 1")
+	if err != nil {
+		log.Fatal(err)
+	}
 }
 
 func addSession(data *SessionData) {
@@ -73,12 +91,70 @@ func addSession(data *SessionData) {
 	heap.Push(&sessionQueue, data)
 }
 
-func userOk(username, password string) bool {
-	return (username == "Lamperi" && password == "paskaa")
+func generateHash(password string) (string, error) {
+	salt := make([]byte, 11)
+
+	if _, err := rand.Read(salt); err != nil {
+		log.Println(err)
+		return "", errors.New("Couldn't generate random string")
+	}
+
+	passwordBytes := []byte(password)
+	key := hashPasswordSalt(passwordBytes, salt)
+
+	saltStr := base64.StdEncoding.EncodeToString(salt)
+	keyStr := base64.StdEncoding.EncodeToString(key)
+	return saltStr + "$" + keyStr, nil
+}
+
+func hashOk(password, hashed string) (bool, error) {
+	parts := strings.Split(hashed, "$")
+	if len(parts) != 2 {
+		return false, errors.New("Invalid data stored in database for password")
+	}
+	salt, err := base64.StdEncoding.DecodeString(parts[0])
+	if err != nil {
+		return false, err
+	}
+	passwordHash, err := base64.StdEncoding.DecodeString(parts[1])
+	if err != nil {
+		return false, err
+	}
+	if len(passwordHash) != 32 {
+		return false, errors.New("Password hash was not 32 bytes long")
+	}
+
+	key := hashPasswordSalt([]byte(password), salt)
+	return bytes.Equal(key, passwordHash), nil
+}
+
+func hashPasswordSalt(password, salt []byte) []byte {
+	return pbkdf2.Key(password, salt, 4096, 32, sha1.New)
+}
+
+func userOk(username, password string) (bool, error) {
+	var hash string
+	err := db.QueryRow("SELECT u.password FROM public.user u WHERE lower(u.username) = lower($1)", username).Scan(&hash)
+	if err != nil {
+		if err.Error() == "sql: no rows in result set" {
+			return false, nil
+		} else {
+			return false, err
+		}
+	}
+
+	ok, err := hashOk(password, hash)
+	if err != nil {
+		return false, err
+	}
+	return ok, nil
 }
 
 func tryLogin(username, password string, longerTime bool) (http.Cookie, error) {
-	if exists := userOk(username, password); !exists {
+	if exists, err := userOk(username, password); !exists {
+		if err != nil {
+			return http.Cookie{}, err
+		}
 		return http.Cookie{},
 			errors.New("The username or password you entered isn't correct.")
 	}

auth_test.go

@@ -0,0 +1,32 @@
+package main
+
+import (
+	"testing"
+)
+
+func TestHash(t *testing.T) {
+	password := "kakka"
+	hash := "gLXSSyQqG9PVMGM=$HAl9O6m3eRuhWZIo8TgqNJO92mdts8he32N7OnX3Q9A="
+	ok, err := hashOk(password, hash)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !ok {
+		t.Fatal("Could not hash password")
+	}
+}
+
+func TestGeneratePasswordHash(t *testing.T) {
+	password := "toni"
+	hash, err := generateHash(password)
+	if err != nil {
+		t.Fatal("Error generating hash", err)
+	}
+	ok, err := hashOk(password, hash)
+	if err != nil {
+		t.Fatal("Error checking hash", err)
+	}
+	if !ok {
+		t.Fatal("Did not match!")
+	}
+}

sql/create-database.sql

@@ -0,0 +1,15 @@
+
+-- User: levyraati
+
+-- DROP USER levyraati;
+
+CREATE USER levyraati;
+
+-- Database: levyraati
+
+-- DROP DATABASE levyraati;
+
+CREATE DATABASE levyraati
+    WITH 
+    OWNER = levyraati
+    ENCODING = 'UTF8';

sql/database.sql

@@ -0,0 +1,19 @@
+-- Table: public."user"
+
+-- DROP TABLE public."user";
+
+CREATE TABLE public."user"
+(
+    id serial,
+    username text NOT NULL,
+    password character varying,
+    CONSTRAINT user_pkey PRIMARY KEY (id)
+);
+
+-- Index: user_lower_idx
+
+-- DROP INDEX public.user_lower_idx;
+
+CREATE UNIQUE INDEX user_lower_idx
+    ON public."user"
+    (lower(username));

sql/readme.txt

@@ -0,0 +1,5 @@
+Create databases:
+
+$ sudo -u postgres psql < create-database.sql
+$ sudo adduser levyraati
+$ sudo -u levyraati psql < database.sql

web.go

@@ -175,7 +175,8 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 	cookie, err := tryLogin(username, password, longer)
 
 	if err != nil {
-		http.Error(w, err.Error(), http.StatusForbidden)
+		log.Println("Error while trying to login", err.Error())
+		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
 		return
 	}