auth: add more context to errors
This commit is contained in:
parent
4c32801c34
commit
0bbe26f26a
35
auth/auth.go
35
auth/auth.go
|
@ -32,39 +32,49 @@ type CachedAuth struct {
|
||||||
func readCachedAuths() (map[string]string, error) {
|
func readCachedAuths() (map[string]string, error) {
|
||||||
p, err := authFilePath()
|
p, err := authFilePath()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf("failed to get auth file path: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
f, err := os.Open(p)
|
f, err := os.Open(p)
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf("failed to open cached auth file: %v", err)
|
||||||
}
|
}
|
||||||
defer f.Close()
|
defer f.Close()
|
||||||
|
|
||||||
auths := make(map[string]string)
|
auths := make(map[string]string)
|
||||||
err = json.NewDecoder(f).Decode(&auths)
|
if err := json.NewDecoder(f).Decode(&auths); err != nil {
|
||||||
return auths, err
|
return nil, fmt.Errorf("failed to read cached auth file: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return auths, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func saveAuths(auths map[string]string) error {
|
func saveAuths(auths map[string]string) error {
|
||||||
p, err := authFilePath()
|
p, err := authFilePath()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to get auth file path: %v", err)
|
||||||
}
|
}
|
||||||
f, err := os.Create(p)
|
f, err := os.Create(p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to create cached auth file: %v", err)
|
||||||
}
|
}
|
||||||
defer f.Close()
|
defer f.Close()
|
||||||
|
|
||||||
return json.NewEncoder(f).Encode(auths)
|
if err := json.NewEncoder(f).Encode(auths); err != nil {
|
||||||
|
return fmt.Errorf("failed to write cached auth file: %v", err)
|
||||||
|
}
|
||||||
|
if err := f.Close(); err != nil {
|
||||||
|
return fmt.Errorf("failed to close cached auth file: %v", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func encrypt(msg []byte, secretKey *[32]byte) (string, error) {
|
func encrypt(msg []byte, secretKey *[32]byte) (string, error) {
|
||||||
var nonce [24]byte
|
var nonce [24]byte
|
||||||
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
|
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
|
||||||
return "", err
|
return "", fmt.Errorf("failed to generate nonce: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
encrypted := secretbox.Seal(nonce[:], msg, &nonce, secretKey)
|
encrypted := secretbox.Seal(nonce[:], msg, &nonce, secretKey)
|
||||||
|
@ -74,7 +84,7 @@ func encrypt(msg []byte, secretKey *[32]byte) (string, error) {
|
||||||
func decrypt(encryptedString string, secretKey *[32]byte) ([]byte, error) {
|
func decrypt(encryptedString string, secretKey *[32]byte) ([]byte, error) {
|
||||||
encrypted, err := base64.StdEncoding.DecodeString(encryptedString)
|
encrypted, err := base64.StdEncoding.DecodeString(encryptedString)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf("invalid encrypted string: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var nonce [24]byte
|
var nonce [24]byte
|
||||||
|
@ -89,7 +99,7 @@ func decrypt(encryptedString string, secretKey *[32]byte) ([]byte, error) {
|
||||||
func EncryptAndSave(auth *CachedAuth, username string, secretKey *[32]byte) error {
|
func EncryptAndSave(auth *CachedAuth, username string, secretKey *[32]byte) error {
|
||||||
cleartext, err := json.Marshal(auth)
|
cleartext, err := json.Marshal(auth)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("failed to format cached auth: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
encrypted, err := encrypt(cleartext, secretKey)
|
encrypted, err := encrypt(cleartext, secretKey)
|
||||||
|
@ -151,11 +161,10 @@ func ListUsernames() ([]string, error) {
|
||||||
func GeneratePassword() (secretKey *[32]byte, password string, err error) {
|
func GeneratePassword() (secretKey *[32]byte, password string, err error) {
|
||||||
var key [32]byte
|
var key [32]byte
|
||||||
if _, err = io.ReadFull(rand.Reader, key[:]); err != nil {
|
if _, err = io.ReadFull(rand.Reader, key[:]); err != nil {
|
||||||
return
|
return nil, "", fmt.Errorf("failed to generate key: %v", err)
|
||||||
}
|
}
|
||||||
secretKey = &key
|
|
||||||
password = base64.StdEncoding.EncodeToString(key[:])
|
password = base64.StdEncoding.EncodeToString(key[:])
|
||||||
return
|
return &key, password, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type session struct {
|
type session struct {
|
||||||
|
|
Loading…
Reference in New Issue