-
Notifications
You must be signed in to change notification settings - Fork 0
/
user.go
65 lines (56 loc) · 1.56 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package main
import (
"fmt"
"os"
"path/filepath"
"regexp"
)
// All user data is stored in a directory. Each user has a file named after
// their username. Username has to be [A-Za-z0-9_-]+
type userStore struct {
// path of the users directory
path string
}
func newUserStore(path string) (us userStore, err error) {
path = filepath.Clean(path)
if !filepath.IsAbs(path) {
err = fmt.Errorf("users directory has to be absolute path (is: %v)", path)
} else {
us = userStore{path: path}
}
return
}
var usernameRegex = regexp.MustCompile("^[A-Za-z0-9_-]+$")
func usernameIsSane(username string) error {
if !usernameRegex.MatchString(username) {
return fmt.Errorf("username does not match the usernameRegex (is %v)", username)
}
return nil
}
func (fm *userStore) userPassword(username string) (pwd [64]byte, err error) {
if err = usernameIsSane(username); err != nil {
return
}
filename := filepath.Join(fm.path, username)
content, err := os.ReadFile(filename) // #nosec G304: fm.path is trusted, username matches aggressive regex
if len(content) != 64 {
err = fmt.Errorf("corrupt user data (file %v)", filename)
return
}
if err == nil {
copy(pwd[:], content)
}
return
}
func (fm *userStore) setUserPassword(username string, pwd [64]byte) error {
if err := usernameIsSane(username); err != nil {
return err
}
filename := filepath.Join(fm.path, username)
return os.WriteFile(filename, pwd[:], 0600)
}
func (us userStore) deleteUser(name string) error {
// TODO: GC user files here?
filename := filepath.Join(us.path, name)
return os.Remove(filename)
}