Cloonar/updns
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: secrets of clients now need to be hashed, added command to create hash

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-04-25 21:35:52 +02:00
parent a77e96be6e
commit 81dcd9c7cc
5 changed files with 58 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/server/server.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/prometheus/client_golang/prometheus/promauto"
"github.com/prometheus/client_golang/prometheus/promhttp"
"go.uber.org/zap"
"golang.org/x/crypto/bcrypt"
)
var (
@@ -77,8 +78,14 @@ func NewRouter(cfg *config.Config, logger *zap.Logger, prov pvd.Provider) *gin.E
ip = c.ClientIP()
}
clientCfg, ok := cfg.Clients[req.Key]
if !ok || req.Secret != clientCfg.Secret {
// Compare the provided secret with the stored hash
err := bcrypt.CompareHashAndPassword([]byte(clientCfg.SecretHash), []byte(req.Secret))
if !ok || err != nil {
failedUpdates.Inc()
// Log the error only if it's not a not found error, to avoid logging failed auth attempts excessively
if err != nil && err != bcrypt.ErrMismatchedHashAndPassword {
logger.Error("bcrypt comparison failed", zap.Error(err))
}
c.JSON(http.StatusUnauthorized, gin.H{"status": "error", "message": "invalid key or secret"})
return
}