💾 Archived View for gemini.rmf-dev.com › repo › Vaati › Gemigit › files › ff6a1ee2da5e4d6e1a650f5fd7… captured on 2023-04-19 at 23:32:41. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

0 package auth

1

2 import (

3 "errors"

4 "gemigit/config"

5 "gemigit/db"

6 "gemigit/access"

7 "time"

8

9 "github.com/pquerna/otp/totp"

10 )

11

12 var userAttempts = make(map[string]int)

13 var clientAttempts = make(map[string]int)

14 var registrationAttempts = make(map[string]int)

15 var loginToken = make(map[string]db.User)

16

17 func Decrease() {

18 for {

19 userAttempts = make(map[string]int)

20 clientAttempts = make(map[string]int)

21 registrationAttempts = make(map[string]int)

22 loginToken = make(map[string]db.User)

23 time.Sleep(time.Duration(config.Cfg.Protection.Reset) *

24 time.Second)

25 }

26 }

27

28 func try(attemps *map[string]int, key string, max int) bool {

29 value, exist := (*attemps)[key]

30 if exist {

31 if value < max {

32 (*attemps)[key]++

33 } else {

34 return true

35 }

36 } else {

37 (*attemps)[key] = 1

38 }

39 return false

40 }

41

42 // Check if credential are valid then add client signature

43 // as a connected user

44 func Connect(username string, password string,

45 signature string, ip string) error {

46

47 if try(&userAttempts, username, config.Cfg.Protection.Account) {

48 return errors.New("the account is locked, " +

49 "too many connections attempts")

50 }

51

52 if try(&clientAttempts, ip, config.Cfg.Protection.Ip) {

53 return errors.New("too many connections attempts")

54 }

55

56 err := access.Login(username, password, false, true)

57 if err != nil {

58 return err

59 }

60

61 user, err := db.FetchUser(username, signature)

62 if err == nil {

63 if user.Secret != "" {

64 loginToken[signature] = user

65 return errors.New("token required")

66 }

67 db.AddUserSession(signature, user)

68 return nil

69 }

70 if !config.Cfg.Ldap.Enabled {

71 return err

72 }

73 err = db.Register(username, "")

74 if err != nil {

75 return err

76 }

77 user, err = db.FetchUser(username, signature)

78 if err != nil {

79 return err

80 }

81 db.AddUserSession(signature, user)

82 return nil

83 }

84

85 func Register(username string, password string, ip string) error {

86 if try(&registrationAttempts, ip, config.Cfg.Protection.Registration) {

87 return errors.New("too many registration attempts")

88 }

89 return db.Register(username, password)

90 }

91

92 func LoginOTP(signature string, code string) error {

93 user, exist := loginToken[signature]

94 if !exist {

95 return errors.New("invalid request")

96 }

97 if !totp.Validate(code, user.Secret) {

98 return errors.New("wrong code")

99 }

100 db.AddUserSession(signature, user)

101 delete(loginToken, signature)

102 return nil

103 }

104