- Clarified web handler name

- Implemented Configuration Loader with unauthorized error handling
- More elaborate test user config
- Use Viper Unmarshalling for User Config loading
- Centralized password hasing code

cmd/hash-password.go

@@ -9,7 +9,6 @@ import (
 	"gitea.nehmer.net/torben/dyndns/service"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/crypto/ssh/terminal"
 )
 
@@ -36,7 +35,7 @@ have to store a plaintext password.`,
 			log.Fatalln("the passwords do not match.")
 		}
 
-		hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+		hash, err := service.HashPassword(password)
 		if err != nil {
 			log.Fatalf("failed to create password hash: %v", err)
 		}

service/userconfig.go

@@ -1,21 +1,57 @@
 package service
 
 import (
+	"encoding/json"
 	"fmt"
 	"log"
 	"os"
 	"path"
 
 	"github.com/spf13/viper"
+	"golang.org/x/crypto/bcrypt"
 )
 
-func LoadConfigForUser(username string) (*viper.Viper, error) {
+type UnauthorizedError string
+
+func (uae UnauthorizedError) Error() string {
+	return "Invalid user or password"
+}
+
+type UserConfig struct {
+	DB *viper.Viper
+
+	UserName string
+	PassWord string
+	Router   UserConfigRouter
+	Others   []UserConfigOther
+}
+
+type UserConfigRouter struct {
+	DNS string
+	NFT UserConfigNFT
+}
+
+type UserConfigOther struct {
+	DNS        string
+	V6IID      string
+	RegisterV4 bool
+	NFT        UserConfigNFT
+}
+
+type UserConfigNFT struct {
+	Table string
+	Set4  string
+	Set6  string
+}
+
+func LoadConfigForUser(username string, password string) (*UserConfig, error) {
 	configFile := fmt.Sprintf("%s/%s.yml", C.UsersConfigDir, username)
 	configFile = path.Clean(configFile)
 	log.Printf("Trying to load config file %s for user %s", configFile, username)
 
 	if _, err := os.Stat(configFile); err != nil {
-		return nil, fmt.Errorf("cannot stat the file %s: %v", configFile, err)
+		log.Printf("cannot stat the file %s: %v", configFile, err)
+		return nil, UnauthorizedError("cannot stat")
 	}
 
 	v := viper.New()
@@ -26,5 +62,42 @@ func LoadConfigForUser(username string) (*viper.Viper, error) {
 		return nil, fmt.Errorf("failed to parse config file %s: %v", configFile, err)
 	}
 
-	return v, nil
+	result := &UserConfig{DB: v}
+
+	err = result.PasswordCheck(password)
+	if err != nil {
+		return nil, UnauthorizedError("pwcheck failed")
+	}
+
+	err = result.DB.Unmarshal(result)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal config file %s: %v", configFile, err)
+	}
+
+	return result, nil
+}
+
+func HashPassword(pw []byte) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
+	if err != nil {
+		return "", fmt.Errorf("failed to create password hash: %v", err)
+	}
+	return string(hash), nil
+}
+
+func (ur *UserConfig) PasswordCheck(pwToCheck string) error {
+	hashedPassword := []byte(ur.DB.GetString("password"))
+	bytePwToCheck := []byte(pwToCheck)
+
+	err := bcrypt.CompareHashAndPassword(hashedPassword, bytePwToCheck)
+
+	return err
+}
+
+func (uc *UserConfig) PrettyPrint() string {
+	s, err := json.MarshalIndent(uc, "", " ")
+	if err != nil {
+		log.Fatalf("Failed to pretty print UpdateConfig via JSON: %v", err)
+	}
+	return string(s)
 }

users/test.yml

@@ -1,5 +1,5 @@
 username: test
-password: $2a$10$7eYMA3zoyDb.2dM6bbeiqexxS9LhLz7XM.Q0EL0VHVbcxyfRkfp7.
+password: $2a$10$ymHFfGjKINWsUKwEo5xp.efN6DR6NkiRCXsbH4VWo0Nnzma8Yc.82
 router: 
   DNS: brandfeld.dyn.local
   NFT:
@@ -7,10 +7,16 @@ router:
     set4: blackhole
     set6: blackhole6
 others:
-  - registerv4: true
+  - DNS: atlantis.dyn.local
     v6iid: ::dead:beef:dead:beef
-    DNS: atlantis.dynlocal
+    registerv4: true
     NFT: 
       table: sshguard
       set4: blackhole
       set6: blackhole6
+  - DNS: troya.dyn.local
+    v6iid: ::cafe:babe:deca:fbad
+    registerv4: false
+    NFT:
+      table: sshguard
+      set6: blackhole6

webapi/server.go

@@ -7,7 +7,6 @@ import (
 
 	"gitea.nehmer.net/torben/dyndns/service"
 	"github.com/gorilla/mux"
-	"golang.org/x/crypto/bcrypt"
 )
 
 func Server() {
@@ -15,7 +14,7 @@ func Server() {
 	r.StrictSlash(true)
 
 	r.HandleFunc("/hello", handleHello)
-	r.HandleFunc("/update", handleDNSUpdate)
+	r.HandleFunc("/update", handleUpdate)
 
 	log.Printf("Listening to: %s", C.ListenAddress)
 	go log.Fatal(http.ListenAndServe(C.ListenAddress, r))
@@ -30,7 +29,7 @@ func handleHello(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprint(w, "<html><body><p>Hello World</p></body></html>")
 }
 
-func handleDNSUpdate(w http.ResponseWriter, r *http.Request) {
+func handleUpdate(w http.ResponseWriter, r *http.Request) {
 	err := r.ParseForm()
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
@@ -43,11 +42,16 @@ func handleDNSUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	v, err := service.LoadConfigForUser(ur.UserName)
+	uc, err := service.LoadConfigForUser(ur.UserName, ur.Password)
 	if err != nil {
+		if _, ok := err.(*service.UnauthorizedError); ok {
+			http.Error(w, err.Error(), http.StatusUnauthorized)
+		} else {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
 		return
 	}
+	v := uc.DB
 
 	w.Header().Set("Content-Type", "text/plain")
 	fmt.Fprintln(w, "OK")
@@ -57,7 +61,6 @@ func handleDNSUpdate(w http.ResponseWriter, r *http.Request) {
 	log.Println(ur.IPv6Net.Mask)
 	log.Println(v.AllSettings())
 	log.Printf("Request PW: %s, Config PW: %s", ur.Password, v.GetString("password"))
-
+	fmt.Fprintln(w, "Unmarshalled userconfig:")
-	err = bcrypt.CompareHashAndPassword([]byte(v.GetString("password")), []byte(ur.Password))
+	fmt.Fprintln(w, uc.PrettyPrint())
-	log.Printf("PW Compare Result: %v", err)
 }