riwiwa/muzi
1
0
Fork 0
mirror of https://github.com/riwiwa/muzi.git synced 2026-02-28 03:46:57 -08:00
Code Issues Packages Projects Releases Wiki Activity

better password validation

Browse Source
This commit is contained in:
riwiwa
2026-02-08 00:51:15 -08:00
parent 9e21d0d5c7
commit 22f7f3cf46
3 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
templates/create_account.gohtml
View File

@@ -14,6 +14,16 @@
<label for="pass">Password:</label>
<input type="password" id="pass" name="pass"> <br> <br>
<input type="submit" value="Create Account">
{{if eq .Error "length"}}
<div class="login-error">
Password must be 8-64 chars (inclusive).
</div>
{{end}}
{{if eq .Error "session"}}
<div class="login-error">
Unable to create session. Please try again.
</div>
{{end}}
</form>
</div>
</body>

4
templates/login.gohtml
View File

@@ -14,12 +14,12 @@
<label for="pass">Password:</label>
<input type="password" id="pass" name="pass"> <br> <br>
<input type="submit" value="Login">
{{if eq .Error "1"}}
{{if eq .Error "invalid-creds"}}
<div class="login-error">
Invalid credentials. Please try again.
</div>
{{end}}
{{if eq .Error "2"}}
{{if eq .Error "session"}}
<div class="login-error">
Unable to create session. Please try again.
</div>

30
web/web.go
View File

@@ -5,6 +5,7 @@ import (
"crypto/rand"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"html/template"
"net/http"
@@ -136,12 +137,16 @@ func getUserIdByUsername(ctx context.Context, username string) (int, error) {
return userId, err
}
func hashPassword(pass []byte) string {
func hashPassword(pass []byte) (string, error) {
if len(pass) < 8 || len(pass) > 64 {
return "", errors.New("Error: Password must be greater than 8 chars.")
}
hashedPassword, err := bcrypt.GenerateFromPassword(pass, bcrypt.DefaultCost)
if err != nil {
fmt.Fprintf(os.Stderr, "Couldn't hash password: %v\n", err)
return "", err
}
return string(hashedPassword)
return string(hashedPassword), nil
}
func verifyPassword(hashedPassword string, enteredPassword []byte) bool {
@@ -158,9 +163,14 @@ func createAccount(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
username := r.FormValue("uname")
hashedPassword := hashPassword([]byte(r.FormValue("pass")))
hashedPassword, err := hashPassword([]byte(r.FormValue("pass")))
if err != nil {
fmt.Fprintf(os.Stderr, "Error hashing password: %v\n", err)
http.Redirect(w, r, "/createaccount?error=length", http.StatusSeeOther)
return
}
err := db.CreateUsersTable()
err = db.CreateUsersTable()
if err != nil {
fmt.Fprintf(os.Stderr, "Error ensuring users table exists: %v\n", err)
http.Redirect(w, r, "/createaccount", http.StatusSeeOther)
@@ -179,7 +189,7 @@ func createAccount(w http.ResponseWriter, r *http.Request) {
} else {
sessionID := createSession(username)
if sessionID == "" {
http.Redirect(w, r, "/login?error=2", http.StatusSeeOther)
http.Redirect(w, r, "/login?error=session", http.StatusSeeOther)
return
}
http.SetCookie(w, &http.Cookie{
@@ -196,7 +206,11 @@ func createAccount(w http.ResponseWriter, r *http.Request) {
func createAccountPageHandler() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
err := templates.ExecuteTemplate(w, "create_account.gohtml", nil)
type data struct {
Error string
}
d := data{Error: "len"}
err := templates.ExecuteTemplate(w, "create_account.gohtml", d)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
@@ -219,7 +233,7 @@ func loginSubmit(w http.ResponseWriter, r *http.Request) {
if verifyPassword(storedPassword, []byte(password)) {
sessionID := createSession(username)
if sessionID == "" {
http.Redirect(w, r, "/login?error=2", http.StatusSeeOther)
http.Redirect(w, r, "/login?error=session", http.StatusSeeOther)
return
}
http.SetCookie(w, &http.Cookie{
@@ -231,7 +245,7 @@ func loginSubmit(w http.ResponseWriter, r *http.Request) {
})
http.Redirect(w, r, "/profile/"+username, http.StatusSeeOther)
} else {
http.Redirect(w, r, "/login?error=1", http.StatusSeeOther)
http.Redirect(w, r, "/login?error=invalid-creds", http.StatusSeeOther)
}
}
}