commit 250836f69273f32bb2f71ce344cce731b0baf5c4
parent b54ec1c8f4cb6a3b082ee3130eec238460b82ebb
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Wed, 11 Jan 2023 10:48:55 -0800
cleanup
Diffstat:
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/pkg/database/tableChatRooms.go b/pkg/database/tableChatRooms.go
@@ -1,6 +1,8 @@
package database
import (
+ "dkforest/pkg/config"
+ "dkforest/pkg/utils"
"time"
hutils "dkforest/pkg/web/handlers/utils"
@@ -41,11 +43,23 @@ func CreateRoom(name string, passwordHash string, ownerID UserID, isListed bool)
return
}
+func GetRoomPasswordHash(password string) string {
+ return utils.Sha512([]byte(config.RoomPasswordSalt + password))
+}
+
+func GetRoomDecryptionKey(password string) string {
+ return utils.Sha256([]byte(config.RoomPasswordSalt + password))[:32]
+}
+
// IsOwned returns either or not a user created the room
func (r *ChatRoom) IsOwned() bool {
return r.OwnerUserID != nil
}
+func (r *ChatRoom) VerifyPasswordHash(passwordHash string) bool {
+ return r.Password == passwordHash
+}
+
func (r *ChatRoom) IsProtected() bool {
return r.Password != ""
}
@@ -89,7 +103,7 @@ func (r *ChatRoom) HasAccess(c echo.Context) bool {
if err != nil {
return false
}
- if cookie.Value != r.Password {
+ if !r.VerifyPasswordHash(cookie.Value) {
hutils.DeleteRoomCookie(c, int64(r.ID))
return false
}
diff --git a/pkg/web/handlers/chat.go b/pkg/web/handlers/chat.go
@@ -147,9 +147,9 @@ func handleChatPasswordPost(c echo.Context, data chatData, authUser *database.Us
}
// Verify room password is correct
- key := utils.Sha256([]byte(config.RoomPasswordSalt + data.RoomPassword))[:32]
- hashedPassword := utils.Sha512([]byte(config.RoomPasswordSalt + data.RoomPassword))
- if hashedPassword != room.Password {
+ key := database.GetRoomDecryptionKey(data.RoomPassword)
+ hashedPassword := database.GetRoomPasswordHash(data.RoomPassword)
+ if !room.VerifyPasswordHash(hashedPassword) {
data.Error = "Invalid room password"
return c.Render(http.StatusOK, "chat-password", data)
}
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -2280,7 +2280,7 @@ func ChatCreateRoomHandler(c echo.Context) error {
}
passwordHash := ""
if data.Password != "" {
- passwordHash = utils.Sha512([]byte(config.RoomPasswordSalt + data.Password))
+ passwordHash = database.GetRoomPasswordHash(data.Password)
}
if _, err := database.CreateRoom(data.RoomName, passwordHash, authUser.ID, data.IsListed); err != nil {
data.Error = err.Error()
