-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhtpasswd.go
90 lines (77 loc) · 1.74 KB
/
htpasswd.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package main
import (
"crypto/rand"
"crypto/sha1"
"encoding/base64"
"errors"
"github.com/ByteFlinger/htpasswd/crypto/md5apr"
"hash"
"io"
"log"
)
type htpasswd struct {
entries map[string][]byte // maps username to password byte slice.
}
type HashProvider struct {
provider hash.Hash
prefix string
formatter func([]byte) []byte
}
const (
SHA1 = iota
MD5
)
var algoNames = map[string]int{
"SHA1": SHA1,
"MD5": MD5,
}
var saltFunc = generateSalt
func NewHash(algo string) (*HashProvider, error) {
var hashProvider *HashProvider
switch algoNames[algo] {
case SHA1:
hashProvider = &HashProvider{
provider: sha1.New(),
prefix: "{SHA}",
formatter: func(src []byte) []byte {
dstStr := base64.StdEncoding.EncodeToString(src)
return []byte(dstStr)
},
}
case MD5:
salt := saltFunc()
hashProvider = &HashProvider{
provider: md5apr1.FromSalt(salt),
prefix: "$apr1$" + string(salt) + "$",
formatter: func(src []byte) []byte {
return src
},
}
default:
return nil, errors.New("Unsupported algorithm " + algo)
}
return hashProvider, nil
}
func generateSalt() []byte {
bs := make([]byte, 8)
_, err := io.ReadFull(rand.Reader, bs)
if err != nil {
log.Fatal(err)
}
dst := make([]byte, base64.StdEncoding.EncodedLen(len(bs)))
base64.RawStdEncoding.Encode(dst, bs)
n := len(dst)
if n > 8 {
n = 8
}
return dst[:n]
}
// Hashes a given password
func (h *HashProvider) hash(password string) string {
h.provider.Write([]byte(password))
return string(h.formatter(h.provider.Sum(nil)))
}
// Returns a properly formatted .htpasswd string based on the chosen hashing algorithm
func (h *HashProvider) FormattedAuth(username, password string) string {
return username + ":" + h.prefix + h.hash(password)
}