Mozh/t489 configui basicauth #141
Conversation
…h/T500_graceful_restart
…h/T500_graceful_restart
vixentael
requested review from
Lagovas and
vixentael
and removed request for
Lagovas
| EventCodeErrorCantHashPassword = 555 | ||
| EventCodeErrorCantGetAuthData = 556 | ||
| EventCodeErrorCantParseAuthData = 557 | ||
| EventCodeErrorCantDumpConfig = 558 |
There was a problem hiding this comment.
after release 0.77 we should change error codes really carefully, because people will use them
There was a problem hiding this comment.
Sure, I thought exactly the same but solved with min effort)
cmd/acra_configui/acra_configui.go
Outdated
| } | ||
| line := 0 | ||
| for _, authString := range strings.Split(string(authDataSting), "\n") { | ||
| authItem := strings.Split(authString, ":") |
There was a problem hiding this comment.
what about to add function ParseArgon2Params and use it here? to encapsulate complexity of parsing and move it from handling http request?
cmd/acra_configui/acra_configui.go
Outdated
| log.WithError(err).Errorf("line[%v] DecodeString, user: %v", line, authItem[0]) | ||
| continue | ||
| } | ||
| argon2P := strings.Split(authItem[2], ",") |
There was a problem hiding this comment.
what about to use named indexes like
const (
PARAM1 = iota
PARAM2
PARAM3
SEPARATOR = ","
PARAM2_SEPARATOR
)
argon2P := strings.Split(authItem[PARAM2], PARAM2_SEPARATOR)
cmd/acra_configui/acra_configui.go
Outdated
| os.Exit(1) | ||
| } | ||
|
|
||
| err = getAuthData() |
There was a problem hiding this comment.
what about getAuthData -> loadAuthData? when I read getAuthData I expected that it will return some value (like getter) ...
cmd/acra_configui/acra_configui.go
Outdated
| return err | ||
| } | ||
| line := 0 | ||
| for _, authString := range strings.Split(string(authDataSting), "\n") { |
cmd/acra_configui/acra_configui.go
Outdated
| } | ||
| line := 0 | ||
| for _, authString := range strings.Split(string(authDataSting), "\n") { | ||
| authItem := strings.Split(authString, ":") |
cmd/acra_genauth/acra_genauth.go
Outdated
| if len(password) == 0 { | ||
| return errors.New("passwords is empty") | ||
| } | ||
| salt := cmd.RandomStringBytes(16) |
There was a problem hiding this comment.
better to move 16 to top of file to some constants block with comments
cmd/acra_genauth/acra_genauth.go
Outdated
| return err | ||
| } | ||
| a := cmd.UserAuth{Salt: salt, Hash: hashBytes, Argon2Params: argon2Params} | ||
| hp[name] = a.UserAuthString(":", ",") |
There was a problem hiding this comment.
would be more readable if : and , will be constants like DEFAULT_USER_PARAMS_DELIMETER and PARAMS_DELIMETER because I used ctrf+f to understand how this args will be used in UserAuthString and for what.
cmd/acra_genauth/acra_genauth.go
Outdated
| set := flag.Bool("set", false, "Add/update password for user") | ||
| remove := flag.Bool("remove", false, "Remove user") | ||
| user := flag.String("user", "", "User") | ||
| pwd := flag.String("pwd", "", "Password") |
There was a problem hiding this comment.
lets use full word as parameter (pwd -> password) if we use full versions of words in other params or use short everywhere (rm|set|usr|pwd|etc)
cmd/acraserver/auth.go
Outdated
| return data, nil | ||
| } | ||
|
|
||
| return nil, errors.New(fmt.Sprintf("No auth config [%v]", authPath)) |
There was a problem hiding this comment.
better to create new error variable because then in tests you will need write something like
authData, err := getAuthData("")
if err != errors.New(fmt.Sprintf("No auth config [%v]", authPath)) {
}
to check that error was in case when file not exists
cmd/utils.go
Outdated
|
|
||
| var randSrc = rand.NewSource(time.Now().UnixNano()) | ||
|
|
||
| func RandomStringBytes(n int) string { |
There was a problem hiding this comment.
add some short comment what it do or for what this function (why not rand.Read) because implementation need time to understand :)
cmd/acra_configui/acra_configui.go
Outdated
| Errorf("line[%v] wrong number of argon2 params: got %v, expected %v", line, len(authItem), argon2FieldsCount) | ||
| continue | ||
| } | ||
| Time, err := strconv.ParseUint(argon2P[0], 10, 32) |
There was a problem hiding this comment.
i can guess that 32 is derived from uint32. what is 10?
There was a problem hiding this comment.
I think it should be ACRA_CONFIGUI_AUTH_ARGON2_TIME
| configParamsBytes = []byte(AcraServerCofig) | ||
| http.HandleFunc("/index.html", index) | ||
| http.HandleFunc("/", index) | ||
| http.HandleFunc("/index.html", BasicAuthHandler(index)) |
cmd/acra_genauth/acra_genauth.go
Outdated
| lines := strings.Split(string(htpasswdBytes), LineSeparator) | ||
| passwords = make(map[string]string) | ||
| for index, line := range lines { | ||
| line = strings.Trim(line, " ") |
cmd/acra_genauth/acra_genauth.go
Outdated
| keysDir := flag.String("keys_dir", keystore.DEFAULT_KEY_DIR_SHORT, "Folder from which will be loaded keys") | ||
| flag.Parse() | ||
| flags := []*bool{set, remove} | ||
| logging.SetLogLevel(logging.LOG_VERBOSE) |
cmd/acra_genauth/acra_genauth.go
Outdated
| if *o { | ||
| n += 1 | ||
| if n > 1 { | ||
| log.Errorln("Too many options, use one of --set or --remove") |
There was a problem hiding this comment.
please add error code smth like wrong params to each of the error logs below
cmd/acra_genauth/acra_genauth.go
Outdated
| } | ||
| err := SetPassword(*filePath, *user, *pwd, keyStore) | ||
| if err != nil { | ||
| log.WithError(err).Errorln("SetPassword") |
cmd/acra_genauth/acra_genauth.go
Outdated
| if *remove { | ||
| err := RemoveUser(*filePath, *user, keyStore) | ||
| if err != nil { | ||
| log.WithError(err).Errorln("RemoveUser") |
cmd/acra_configui/acra_configui.go
Outdated
| Errorf("line[%v] argon2 strconv.ParseUint(%v), user: %v", line, "Time", authItem[0]) | ||
| continue | ||
| } | ||
| Memory, err := strconv.ParseUint(argon2P[1], 10, 32) |
There was a problem hiding this comment.
32 -> ACRA_CONFIGUI_AUTH_ARGON2_MEMORY
cmd/acra_configui/acra_configui.go
Outdated
| Errorf("line[%v] argon2 strconv.ParseUint(%v), user: %v", line, "Memory", authItem[0]) | ||
| continue | ||
| } | ||
| Threads, err := strconv.ParseUint(argon2P[2], 10, 8) |
There was a problem hiding this comment.
8 -> ACRA_CONFIGUI_AUTH_ARGON2_THREADS
cmd/acra_configui/acra_configui.go
Outdated
| Errorf("line[%v] argon2 strconv.ParseUint(%v), user: %v", line, "Threads", authItem[0]) | ||
| continue | ||
| } | ||
| Length, err := strconv.ParseUint(argon2P[3], 10, 32) |
There was a problem hiding this comment.
32 -> ACRA_CONFIGUI_AUTH_ARGON2_LENGTH
| @@ -248,3 +254,78 @@ func Parse(configPath string) error { | |||
| } | |||
| return nil | |||
| } | |||
|
|
|||
| type Argon2Params struct { | |||
There was a problem hiding this comment.
shouldn't we put all these argon-specific utils into separate file? like utils-argon2.go?
| var netClient = &http.Client{ | ||
| Timeout: time.Second * HTTP_TIMEOUT, | ||
| } | ||
| serverResponse, err := netClient.Get(fmt.Sprintf("http://%v:%v/loadAuthData", *acraHost, *acraPort)) |
There was a problem hiding this comment.
https://golang.org/pkg/net/http/ - The client must close the response body when finished with it: defer serverResponse.Body.Close()
cmd/acraserver/auth.go
Outdated
| @@ -38,6 +38,6 @@ func getAuthData(authPath string) (data []byte, err error) { | |||
| data = fileContent | |||
| return data, nil | |||
| } | |||
|
|
|||
| return nil, errors.New(fmt.Sprintf("No auth config [%v]", authPath)) | |||
| err = errors.New(fmt.Sprintf("No auth config [%v]", authPath)) | |||
There was a problem hiding this comment.
in previous my comment I mean to add error variable in such way:
var ErrGetAuthDataFromFile = errors.New(fmt.Sprintf("No auth config [%v]", authPath)))
func getAuthDataFromFile(authPath string) (data []byte, err error) {
...
return nil, ErrGetAuthDataFromFile
and then we can test:
func TestGetAuthDataFromFile(t *testing.T){
if _, err := getAuthDataFromFile("some path"); err != ErrGetAuthDataFromFile {
t.Fatal("expected ErrGetAuthDataFromFile error")
}
}
AcraConfigUI Basic Auth