-
Notifications
You must be signed in to change notification settings - Fork 1
/
service.go
132 lines (118 loc) · 3.36 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package vault
import (
"encoding/json"
"errors"
"github.com/go-kit/kit/endpoint"
"golang.org/x/crypto/bcrypt"
"golang.org/x/net/context"
"net/http"
)
type Service interface {
Hash(ctx context.Context, password string) (string, error)
Validate(ctx context.Context, password, hash string) (bool, error)
}
// NewService makes a new Service.
func NewService() Service {
return vaultService{}
}
type vaultService struct{}
func (vaultService) Hash(ctx context.Context, password string) (string, error) {
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return "", err
}
return string(hash), nil
}
func (vaultService) Validate(ctx context.Context, password, hash string) (bool, error) {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
if err != nil {
return false, nil
}
return true, nil
}
type hashRequest struct {
Password string `json:"password"`
}
type hashResponse struct {
Hash string `json:"hash"`
Err string `json:"err,omitempty"`
}
type validateRequest struct {
Password string `json:"password"`
Hash string `json:"hash"`
}
type validateResponse struct {
Valid bool `json:"valid"`
Err string `json:"err,omitempty"`
}
func decodeHashRequest(ctx context.Context, r *http.Request) (interface{}, error) {
var req hashRequest
err := json.NewDecoder(r.Body).Decode(&req)
if err != nil {
return nil, err
}
return req, nil
}
func decodeValidateRequest(ctx context.Context, r *http.Request) (interface{}, error) {
var req validateRequest
err := json.NewDecoder(r.Body).Decode(&req)
if err != nil {
return nil, err
}
return req, nil
}
func encodeResponse(ctx context.Context, w http.ResponseWriter, response interface{}) error {
return json.NewEncoder(w).Encode(response)
}
func MakeHashEndpoint(srv Service) endpoint.Endpoint {
return func(ctx context.Context, request interface{}) (interface{}, error) {
req := request.(hashRequest)
v, err := srv.Hash(ctx, req.Password)
if err != nil {
return hashResponse{v, err.Error()}, nil
}
return hashResponse{v, ""}, nil
}
}
func MakeValidateEndpoint(srv Service) endpoint.Endpoint {
return func(ctx context.Context, request interface{}) (interface{}, error) {
req := request.(validateRequest)
v, err := srv.Validate(ctx, req.Password, req.Hash)
if err != nil {
return validateResponse{false, err.Error()}, nil
}
return validateResponse{v, ""}, nil
}
}
// Endpoints represents all endpoints for the vault Service.
type Endpoints struct {
HashEndpoint endpoint.Endpoint
ValidateEndpoint endpoint.Endpoint
}
// Hash uses the HashEndpoint to hash a password.
func (e Endpoints) Hash(ctx context.Context, password string) (string, error) {
req := hashRequest{Password: password}
resp, err := e.HashEndpoint(ctx, req)
if err != nil {
return "", err
}
hashResp := resp.(hashResponse)
if hashResp.Err != "" {
return "", errors.New(hashResp.Err)
}
return hashResp.Hash, nil
}
// Validate uses the ValidateEndpoint to validate a password and hash pair.
func (e Endpoints) Validate(ctx context.Context, password,
hash string) (bool, error) {
req := validateRequest{Password: password, Hash: hash}
resp, err := e.ValidateEndpoint(ctx, req)
if err != nil {
return false, err
}
validateResp := resp.(validateResponse)
if validateResp.Err != "" {
return false, errors.New(validateResp.Err)
}
return validateResp.Valid, nil
}