Add basic account security
This adds a secret token associated with each account The token must then be sent with follow-up requests to ensure they get accepted This is _very_ basic security, and without TLS is completely vulnerable to MITM attacks, as well as brute force guessing (though it'd take a while to guess the a correct UUID)
This commit is contained in:
parent
df30a0d689
commit
92222127a6
7 changed files with 413 additions and 232 deletions
|
|
@ -3,6 +3,8 @@ package accounts
|
|||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// Account represents a registered user
|
||||
|
|
@ -29,7 +31,7 @@ func NewAccountant() *Accountant {
|
|||
// RegisterAccount adds an account to the set of internal accounts
|
||||
func (a *Accountant) RegisterAccount(name string) (acc Account, err error) {
|
||||
|
||||
// Set the account name
|
||||
// Set up the account info
|
||||
acc.Name = name
|
||||
acc.Data = make(map[string]string)
|
||||
|
||||
|
|
@ -43,12 +45,25 @@ func (a *Accountant) RegisterAccount(name string) (acc Account, err error) {
|
|||
// Set the creation time
|
||||
acc.Data["created"] = time.Now().String()
|
||||
|
||||
// Create a secret
|
||||
acc.Data["secret"] = uuid.New().String()
|
||||
|
||||
// Simply add the account to the map
|
||||
a.Accounts[acc.Name] = acc
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// VerifySecret verifies if an account secret is correct
|
||||
func (a *Accountant) VerifySecret(account string, secret string) (bool, error) {
|
||||
// Find the account matching the ID
|
||||
if this, ok := a.Accounts[account]; ok {
|
||||
return this.Data["secret"] == secret, nil
|
||||
}
|
||||
|
||||
return false, fmt.Errorf("no account found for id: %s", account)
|
||||
}
|
||||
|
||||
// AssignData assigns data to an account
|
||||
func (a *Accountant) AssignData(account string, key string, value string) error {
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue