go-urlsh/internal/web/multifactor-setup.go

180 lines
5.1 KiB
Go

package web
import (
"bytes"
"context"
"encoding/base64"
"encoding/json"
"fmt"
"image/png"
"log"
"strconv"
"time"
"code.lila.network/adoralaura/go-urlsh/internal/constants"
"code.lila.network/adoralaura/go-urlsh/internal/db"
"code.lila.network/adoralaura/go-urlsh/internal/misc"
"code.lila.network/adoralaura/go-urlsh/models"
"github.com/gofiber/fiber/v2"
"github.com/pquerna/otp/totp"
)
func HandleAdminAccountMFASetupGet(c *fiber.Ctx) error {
if !db.IsCookieValid(c.Cookies(constants.LoginCookieName, "")) {
c.Location("/admin/")
c.Status(fiber.StatusSeeOther)
return nil
}
var mfaobject models.MFATemplateObject
var mfaconfig models.MFAConfig
mfaconfig.Active = false
mfaconfig.ExpiresAt = time.Now().Add(15 * time.Minute)
user, err := db.GetUserFromCookie(c.Cookies(constants.LoginCookieName))
if err != nil {
log.Println(err)
fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
scratchcodes := []models.MFAScratchCode{}
scratchcodeFailed := 0
// generate four unique(!) scratch codes for the user
for len(scratchcodes) != 4 {
if scratchcodeFailed > 15 {
//TODO: structurized error logging
fmt.Println("[HandleAdminAccountMFASetupPost] Failed to generate unique scratch code 15 times! Aborting")
return misc.New500Error()
}
code := misc.RandomString(8)
if db.ScratchCodeIsUnique(code) {
scratchcodes = append(scratchcodes, models.MFAScratchCode{
IsUsed: false, Code: code, UserName: user.UserName})
} else {
scratchcodeFailed++
}
}
mfaconfig.UserName = user.UserName
key, err := totp.Generate(totp.GenerateOpts{
Issuer: "go-urlsh",
AccountName: user.UserName,
})
if err != nil {
log.Println(err)
fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
mfaconfig.TOTPSecret = key.Secret()
mfaobject.Key = key.URL()
var buf bytes.Buffer
img, err := key.Image(200, 200)
if err != nil {
log.Println(err)
fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
png.Encode(&buf, img)
base64img := base64.StdEncoding.EncodeToString(buf.Bytes())
mfaobject.Image = base64img
_, err = models.DB.NewInsert().Model(&scratchcodes).Exec(context.Background())
if err != nil {
log.Printf("[HandleAdminAccountMFASetupGet] Error inserting scratch codes to DB: %q\n", err)
fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
_, err = models.DB.NewInsert().Model(&mfaconfig).Exec(context.Background())
if err != nil {
log.Printf("[HandleAdminAccountMFASetupGet] Error inserting mfaconfig to DB: %q\n", err)
fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
misc.SetMFASetupCookie(c, strconv.Itoa(int(mfaconfig.ID)))
return c.Render("setup-multifactor", mfaobject)
}
func HandleAdminAccountMFASetupPost(c *fiber.Ctx) error {
if !db.IsCookieValid(c.Cookies(constants.LoginCookieName, "")) {
c.Location("/admin/")
c.Status(fiber.StatusSeeOther)
return nil
}
var response models.MFASetupResponse
response.Error = true
var token models.TokenRequest
var config models.MFAConfig
var scratchcodes []models.MFAScratchCode
//var user models.User
err := json.Unmarshal(c.Body(), &token)
if err != nil {
log.Println(err.Error())
return fiber.NewError(fiber.StatusBadRequest, "400 Bad Request")
}
//if err := c.BodyParser(&token); err != nil {
// response.Message = "Token is invalid"
// c.Status(fiber.StatusBadRequest)
// c.JSON(response)
// return nil
//}
setupcookie := c.Cookies(constants.MFASetupCookieName, "")
if setupcookie == "" {
return fiber.NewError(fiber.StatusBadRequest, "400 Bad Request")
}
err = models.DB.NewSelect().Model(&config).Where("id = ?", setupcookie).Scan(context.Background())
if err != nil {
log.Printf("[HandleAdminAccountMFASetupPost] Error getting MFAConfig from DB: %q\n", err)
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
totpvalid := totp.Validate(token.Token, config.TOTPSecret)
if totpvalid {
response.Error = false
response.Message = "Multifactor authentication was successfully set up!"
err = models.DB.NewSelect().Model(&scratchcodes).Where("username = ?", config.UserName).Scan(context.Background())
if err != nil {
log.Printf("[HandleAdminAccountMFASetupPost] Error getting MFA scratch codes from DB: %q\n", err)
return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
}
var scratchcodeSlice []string
for _, code := range scratchcodes {
scratchcodeSlice = append(scratchcodeSlice, code.Code)
}
response.RecoveryTokens = scratchcodeSlice
config.Active = true
_, err := models.DB.NewUpdate().Model(&config).Column("active").WherePK().Exec(context.Background())
if err != nil {
log.Printf("[HandleAdminAccountMFASetupGet] Error getting MFAConfig from DB: %q\n", err)
response.Message = "500: DB Error, see logs"
c.Status(fiber.StatusInternalServerError)
c.JSON(response)
return nil
}
c.Status(fiber.StatusOK)
c.JSON(response)
} else {
response.Error = true
response.Message = "Token is invalid, please try again."
c.Status(fiber.StatusBadRequest)
c.JSON(response)
}
return nil
}