Home Esplora Aiuto
Accedi
TC
/
Zoraxy
mirror da https://git.hkwtc.org/TC/ReverseProxy
1
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): 955515c54e
Rami (Branch) Tag
Zoraxy
/
mod
/
auth
/
sso
/
users.go

users.go 2.4 KB
Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. package sso
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"time"
    6. 

  6. 

  7. 	"github.com/xlzd/gotp"
    8. 

  8. 	"imuslab.com/zoraxy/mod/auth"
    9. 

  9. )
    10. 

  10. 

  11. /*
    12. 

  12. 	users.go
    13. 

  13. 

  14. 	This file contains the user structure and user management
    15. 

  15. 	functions for the SSO module.
    16. 

  16. 

  17. 	If you are looking for handlers, please refer to handlers.go.
    18. 

  18. */
    19. 

  19. 

  20. type SubdomainAccessRule struct {
    21. 

  21. 	Subdomain   string
    22. 

  22. 	AllowAccess bool
    23. 

  23. }
    24. 

  24. 

  25. type UserEntry struct {
    26. 

  26. 	UserID       string                          //User ID, in UUIDv4 format
    27. 

  27. 	Username     string                          //Username
    28. 

  28. 	PasswordHash string                          //Password hash
    29. 

  29. 	TOTPCode     string                          //2FA TOTP code
    30. 

  30. 	Enable2FA    bool                            //Enable 2FA for this user
    31. 

  31. 	Subdomains   map[string]*SubdomainAccessRule //Subdomain and access rule
    32. 

  32. 	parent       *SSOHandler                     //Parent SSO handler
    33. 

  33. }
    34. 

  34. 

  35. func (s *SSOHandler) SSO_UserExists(userid string) bool {
    36. 

  36. 	//Check if the user exists in the database
    37. 

  37. 	var userEntry UserEntry
    38. 

  38. 	err := s.Config.Database.Read("sso_users", userid, &userEntry)
    39. 

  39. 	if err != nil {
    40. 

  40. 		return false
    41. 

  41. 	}
    42. 

  42. 	return true
    43. 

  43. }
    44. 

  44. 

  45. func (s *SSOHandler) SSO_GetUser(userid string) (UserEntry, error) {
    46. 

  46. 	//Load the user entry from database
    47. 

  47. 	var userEntry UserEntry
    48. 

  48. 	err := s.Config.Database.Read("sso_users", userid, &userEntry)
    49. 

  49. 	if err != nil {
    50. 

  50. 		return UserEntry{}, err
    51. 

  51. 	}
    52. 

  52. 	userEntry.parent = s
    53. 

  53. 	return userEntry, nil
    54. 

  54. }
    55. 

  55. 

  56. func (s *UserEntry) VerifyPassword(password string) bool {
    57. 

  57. 	return s.PasswordHash == auth.Hash(password)
    58. 

  58. }
    59. 

  59. 

  60. // Write changes in the user entry back to the database
    61. 

  61. func (u *UserEntry) Update() error {
    62. 

  62. 	js, _ := json.Marshal(u)
    63. 

  63. 	err := u.parent.Config.Database.Write("sso_users", u.UserID, string(js))
    64. 

  64. 	if err != nil {
    65. 

  65. 		return err
    66. 

  66. 	}
    67. 

  67. 	return nil
    68. 

  68. }
    69. 

  69. 

  70. // Reset and update the TOTP code for the current user
    71. 

  71. // Return the provision uri of the new TOTP code for Google Authenticator
    72. 

  72. func (u *UserEntry) ResetTotp(accountName string, issuerName string) (string, error) {
    73. 

  73. 	u.TOTPCode = gotp.RandomSecret(16)
    74. 

  74. 	totp := gotp.NewDefaultTOTP(u.TOTPCode)
    75. 

  75. 	err := u.Update()
    76. 

  76. 	if err != nil {
    77. 

  77. 		return "", err
    78. 

  78. 	}
    79. 

  79. 	return totp.ProvisioningUri(accountName, issuerName), nil
    80. 

  80. }
    81. 

  81. 

  82. // Verify the TOTP code at current time
    83. 

  83. func (u *UserEntry) VerifyTotp(enteredCode string) bool {
    84. 

  84. 	totp := gotp.NewDefaultTOTP(u.TOTPCode)
    85. 

  85. 	return totp.Verify(enteredCode, time.Now().Unix())
    86. 

  86. }
    87.