mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-07-15 06:21:15 +00:00
fix: use constant time in user checks (#1004)
This commit is contained in:
@@ -69,6 +69,8 @@ type AuthService struct {
|
||||
tailscale *TailscaleService
|
||||
policyEngine *PolicyEngine
|
||||
|
||||
dummyHash string
|
||||
|
||||
lockdown struct {
|
||||
active bool
|
||||
until time.Time
|
||||
@@ -101,7 +103,7 @@ type AuthServiceInput struct {
|
||||
PolicyEngine *PolicyEngine
|
||||
}
|
||||
|
||||
func NewAuthService(i AuthServiceInput) *AuthService {
|
||||
func NewAuthService(i AuthServiceInput) (*AuthService, error) {
|
||||
service := &AuthService{
|
||||
log: i.Log,
|
||||
runtime: i.Runtime,
|
||||
@@ -123,6 +125,15 @@ func NewAuthService(i AuthServiceInput) *AuthService {
|
||||
loginCacheSize = service.maxLoginLimits
|
||||
}
|
||||
|
||||
// dummy hash
|
||||
dummyHash, err := bcrypt.GenerateFromPassword([]byte(utils.GenerateString(8)), bcrypt.DefaultCost)
|
||||
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to generate dummy hash: %w", err)
|
||||
}
|
||||
|
||||
service.dummyHash = string(dummyHash)
|
||||
|
||||
// caches setup
|
||||
oauthCache := NewCacheStore[OAuthPendingSession](256)
|
||||
loginCache := NewCacheStore[LoginAttempt](loginCacheSize)
|
||||
@@ -148,7 +159,11 @@ func NewAuthService(i AuthServiceInput) *AuthService {
|
||||
}
|
||||
}, ding.RingMinor)
|
||||
|
||||
return service
|
||||
return service, nil
|
||||
}
|
||||
|
||||
func (auth *AuthService) DummyPasswordCheck(password string) {
|
||||
bcrypt.CompareHashAndPassword([]byte(auth.dummyHash), []byte(password))
|
||||
}
|
||||
|
||||
func (auth *AuthService) SearchUser(username string) (*model.UserSearch, error) {
|
||||
|
||||
Reference in New Issue
Block a user