refactor: move tinyauth to separate package

2025-12-24 17:12:30 +00:00 · 2025-12-21 17:37:34 +02:00
parent 7db81121e1
commit ed28e7a218
12 changed files with 19 additions and 19 deletions
--- a/cmd/tinyauth/verify.go
+++ b/cmd/tinyauth/verify.go
@@ -0,0 +1,120 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"time"
+	"tinyauth/internal/utils"
+
+	"github.com/charmbracelet/huh"
+	"github.com/pquerna/otp/totp"
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
+	"github.com/traefik/paerser/cli"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type VerifyUserConfig struct {
+	Interactive bool   `description:"Validate a user interactively."`
+	Username    string `description:"Username."`
+	Password    string `description:"Password."`
+	Totp        string `description:"TOTP code."`
+	User        string `description:"Hash (username:hash:totp)."`
+}
+
+func NewVerifyUserConfig() *VerifyUserConfig {
+	return &VerifyUserConfig{
+		Interactive: false,
+		Username:    "",
+		Password:    "",
+		Totp:        "",
+		User:        "",
+	}
+}
+
+func verifyUserCmd() *cli.Command {
+	tCfg := NewVerifyUserConfig()
+
+	loaders := []cli.ResourceLoader{
+		&cli.FlagLoader{},
+	}
+
+	return &cli.Command{
+		Name:          "verify",
+		Description:   "Verify a user is set up correctly.",
+		Configuration: tCfg,
+		Resources:     loaders,
+		Run: func(_ []string) error {
+			log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC3339}).With().Caller().Logger().Level(zerolog.InfoLevel)
+
+			if tCfg.Interactive {
+				form := huh.NewForm(
+					huh.NewGroup(
+						huh.NewInput().Title("User (username:hash:totp)").Value(&tCfg.User).Validate((func(s string) error {
+							if s == "" {
+								return errors.New("user cannot be empty")
+							}
+							return nil
+						})),
+						huh.NewInput().Title("Username").Value(&tCfg.Username).Validate((func(s string) error {
+							if s == "" {
+								return errors.New("username cannot be empty")
+							}
+							return nil
+						})),
+						huh.NewInput().Title("Password").Value(&tCfg.Password).Validate((func(s string) error {
+							if s == "" {
+								return errors.New("password cannot be empty")
+							}
+							return nil
+						})),
+						huh.NewInput().Title("TOTP Code (optional)").Value(&tCfg.Totp),
+					),
+				)
+
+				var baseTheme *huh.Theme = huh.ThemeBase()
+
+				err := form.WithTheme(baseTheme).Run()
+
+				if err != nil {
+					return fmt.Errorf("failed to run interactive prompt: %w", err)
+				}
+			}
+
+			user, err := utils.ParseUser(tCfg.User)
+
+			if err != nil {
+				return fmt.Errorf("failed to parse user: %w", err)
+			}
+
+			if user.Username != tCfg.Username {
+				return fmt.Errorf("username is incorrect")
+			}
+
+			err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(tCfg.Password))
+
+			if err != nil {
+				return fmt.Errorf("password is incorrect: %w", err)
+			}
+
+			if user.TotpSecret == "" {
+				if tCfg.Totp != "" {
+					log.Warn().Msg("User does not have TOTP secret")
+				}
+				log.Info().Msg("User verified")
+				return nil
+			}
+
+			ok := totp.Validate(tCfg.Totp, user.TotpSecret)
+
+			if !ok {
+				return fmt.Errorf("TOTP code incorrect")
+			}
+
+			log.Info().Msg("User verified")
+
+			return nil
+		},
+	}
+}