Cloonar/updns
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: secrets of clients now need to be hashed, added command to create hash

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-04-25 21:35:52 +02:00
parent a77e96be6e
commit 81dcd9c7cc
5 changed files with 58 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/server/server.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/prometheus/client_golang/prometheus/promauto"
"github.com/prometheus/client_golang/prometheus/promhttp"
"go.uber.org/zap"
"golang.org/x/crypto/bcrypt"
)
var (
@@ -77,8 +78,14 @@ func NewRouter(cfg *config.Config, logger *zap.Logger, prov pvd.Provider) *gin.E
ip = c.ClientIP()
}
clientCfg, ok := cfg.Clients[req.Key]
if !ok || req.Secret != clientCfg.Secret {
// Compare the provided secret with the stored hash
err := bcrypt.CompareHashAndPassword([]byte(clientCfg.SecretHash), []byte(req.Secret))
if !ok || err != nil {
failedUpdates.Inc()
// Log the error only if it's not a not found error, to avoid logging failed auth attempts excessively
if err != nil && err != bcrypt.ErrMismatchedHashAndPassword {
logger.Error("bcrypt comparison failed", zap.Error(err))
}
c.JSON(http.StatusUnauthorized, gin.H{"status": "error", "message": "invalid key or secret"})
return
}

11
internal/server/server_router_test.go
View File

@@ -24,6 +24,11 @@ func (m *mockProvider) UpdateRecord(ctx context.Context, host, ip string) error
}
func newTestConfig(provider string) *config.Config {
// Pre-generate hash for "s3cr3t" (replace with actual hash generation if needed)
// Example hash generated with bcrypt.GenerateFromPassword([]byte("s3cr3t"), bcrypt.DefaultCost)
// In a real test setup, you might generate this once or use a helper.
testSecretHash := "$2a$10$abcdefghijklmnopqrstuv" // Placeholder hash
return &config.Config{
Server: config.ServerConfig{
BindAddress: ":0",
@@ -35,9 +40,9 @@ func newTestConfig(provider string) *config.Config {
},
Clients: map[string]config.ClientConfig{
"client1": {
Secret: "s3cr3t",
Exact: []string{"a.example.com"},
Wildcard: []string{"example.net"},
SecretHash: testSecretHash,
Exact: []string{"a.example.com"},
Wildcard: []string{"example.net"},
},
},
}