auth

package module
v0.0.0-...-7df69da Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 29, 2020 License: GPL-3.0 Imports: 11 Imported by: 0

README

Authentication system with golang

Disclaimer

I mostly made this project to learn about password handling and authentication. You should not use this for anything that should be secure: use a real authentication system such as oauth2. I guess this code is secure, but I'm not a security expert, and anyways, using a real database solution will be much faster and efficient.

Introduction

The auth package allows you to easily create and store usernames and password without a database. It uses tokens so the password hasn't to be stored on the client side and uses hash with salt so it remains safe even with leaks.

Installation

To install go-auth, run:

go get gopkg.in/yaml.v2
go get github.com/Neirpyc/Go-auth

This package requires go-yaml so it can read the config file and store the accounts as a yaml file.

Setup

Once you're in your project file, just create these files (you can rename them as you want, but you'll have to modify some stuff later):

  • logs.log
  • settings.yml
  • accounts.yml

In settings.yml you have to put this (modify the paths if you changed the files names):

randomlevel: 1
debuglevel: 1
checkip: false
accountsfile: "accounts.yml"
logsfile: "logs.log"
tokenvalidity: 604800
Configuration
  • randomlevel should be 0 or 1.
    • 0 means using math.rand for random numbers generation, which is unsafe!
    • 1 means using crypto.rand which is cryptographically secure.
  • debuglevel should be 0 or 1
    • 0 means only log when there is a fatal error
    • 1 means log when a main function is called or when there is a fatal error
  • checkip: should be true or false
    • true means a token will be invalid when used with an incorrect ip
    • false means a token will be valid whatever ip is used
  • accountsfile: should be the path to the file in which the accounts are stored. Make sure this file exists and is readable.
  • logsfile: should be the path to the file in which the logs are stored. Make sure this file exists and is readable
  • tokenvalidity: should be the time in second during which a token is valid

License

The auth package is licensed under the GNU GPL license. Please see the LICENSE file for details.

Example

  • First you have to import the settings file: 
    package main

import goauth "github.com/Neirpyc/Go-auth"

func main(){
    goauth.SetSettingsFromFile("settings.yml")
}
  • Then you can register your first user: 
    err := goauth.Register("Username", "Password") //this is not a good
                          //practise (read the Good Practices part to learn more)
if err != nil{
    panic(err)
  }
  • One this is done you can login this user: 
    token, err := goauth.Login("Username", "Password", "0.0.0.0")
if err != nil{
    panic(err)
  }
fmt.Println(token.Token) //prints the 512 base64 characters of the token
  • When the user is already logged in, and you want to verify it's him, just ask him his token, and do the following: 
    valid, err := goauth.ValidateToken("Username", "0.0.0.0", token)
if err != nil{
    panic(err)
 }
if valid{
    fmt.Println("Valid!")
 else{
   fmt.Println("Unvalid :(")
 }

Good practices

  • Never store the password of the user
  • Never send the password from the client to the server and prefer to get it hashed 500-5000 times before it reaches your server with a secure algorithm such as sha512
  • Use the token system (do not use Login() every time!)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Register 

func Register(username string, password string) error

Creates a new accounts with the given username and password

func SetSettingsFromFile 

func SetSettingsFromFile(path string)

creates the settings from a yaml file storing theme. This must be called before calling any other functionfs from this package

func ValidateToken 

func ValidateToken(username string, ip string, token string) (bool, error)

returns true or false depending on wether a token is valid for a user and it's ip if you have set CheckIp in the config file to true, otherwise use "" or "0.0.0.0" as ip

Types

type Account 

type Account struct {
	Username string
	Password string
	Salt     string
	Tokens   []Token
}

used to store the data of an user

type Accounts 

type Accounts struct {
	Accounts []Account
}

used to store multiple accounts in one place

type SettingsStruct 

type SettingsStruct struct {
	RandomLevel int //0 -> math.rand (faster but unsafe)| 1 -> crypto.rand
	//(safer but slower)
	DebugLevel    int    //0-> only errors | 1 -> logs any main task done
	CheckIp       bool   //true -> check the user ip on login | false -> doesn't
	AccountsFile  string //path the where the accounst should be stored
	TokenValidity int64  //time in seconds a token is valid
	LogsFile      string //The file in which the logs are stored
}
var Settings SettingsStruct

type Token 

type Token struct {
	Token  string
	Ip     string
	Expire int64
}

stores a short time password (default 1 week) so the user doesn't have to type it's password every time.

func Login 

func Login(username string, password string, ip string) (Token, error)

returns a token for a user with a given username and password and ip if you have set CheckIp in the config file to true, otherwise use "" or "0.0.0.0" as ip

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.