httools/htpasswd/htpasswd.go

// Package htpasswd contains utilities for manipulating .htpasswd files
package htpasswd

import (
	"errors"
	"fmt"
	"os"
	"strings"
)

// Passwds name => hash
type Passwds map[string]string

// Hasher interface implemented by hash algos
type Hasher interface {
	Hash(password string) (string, error)
	Match(password, hashedPassword string) error
	Name() string
	Prefix() string
}

// ParseFile parses a .htpasswd file
// and returns a Passwd type
func ParseFile(file string) (Passwds, error) {
	htpasswdBytes, err := os.ReadFile(file)
	if err != nil {
		return nil, err
	}
	return Parse(htpasswdBytes)
}

// Parse parses a slice of bytes in htpasswd style
func Parse(htpasswdBytes []byte) (Passwds, error) {
	lines := strings.Split(string(htpasswdBytes), "\n")
	passwords := make(map[string]string)
	var err error

	for lineNumber, line := range lines {
		line = strings.Trim(line, " ")
		if len(line) == 0 {
			// skipping empty lines
			continue
		}

		parts := strings.Split(line, ":")
		if ok, err := validLine(parts, lineNumber, line); !ok {
			return passwords, err
		}

		parts = trimParts(parts)
		_, exists := passwords[parts[0]]

		if exists {
			err = errors.New("invalid htpasswd file - user " +
				parts[0] + " defined more than once")
			return passwords, err
		}
		passwords[parts[0]] = parts[1]
	}
	return passwords, err
}

// CreateUser creates a record in the named file with
// the named password and hash algorithm
func CreateUser(file, user, passwd string, algo Hasher) error {
	pp, err := ParseFile(file)
	if err != nil {
		return err
	}
	err = pp.CreateUser(user, passwd, algo)
	if err != nil {
		return err
	}
	return pp.WriteFile(file)
}

// CreateUser will create a new user in the given Passwd object
// using the given name, password and hashing algorithm
func (pp Passwds) CreateUser(user, passwd string, algo Hasher) error {
	if _, exists := pp[user]; exists {
		return fmt.Errorf("user %s already exists", user)
	}
	h, err := algo.Hash(passwd)
	if err != nil {
		return err
	}
	pp[user] = h
	return nil
}

// UpdateUser will update the password for the named user
// in the named file
func UpdateUser(file, user, passwd string, algo Hasher) error {
	pp, err := ParseFile(file)
	if err != nil {
		return err
	}
	err = pp.UpdateUser(user, passwd, algo)
	if err != nil {
		return err
	}
	return pp.WriteFile(file)
}

// UpdateUser will update the password for the named user
// using the given name, password and hashing algorithm
func (pp Passwds) UpdateUser(user, passwd string, algo Hasher) error {
	if _, exists := pp[user]; !exists {
		return fmt.Errorf("user %s does not exist", user)
	}
	h, err := algo.Hash(passwd)
	if err != nil {
		return err
	}
	pp[user] = h
	return nil
}

// DeleteUser deletes the named user from the named file
func DeleteUser(file, user string) error {
	pp, err := ParseFile(file)
	if err != nil {
		return err
	}
	err = pp.DeleteUser(user)
	if err != nil {
		return err
	}

	return pp.WriteFile(file)
}

// DeleteUser deletes the named user from the named file
func (pp Passwds) DeleteUser(user string) error {
	if _, exists := pp[user]; !exists {
		return fmt.Errorf("user %s does not exist", user)
	}

	delete(pp, user)
	return nil
}

// VerifyUser will check if the given user and password are matching
// with the content of the given file
func VerifyUser(file, user, passwd string) error {
	pp, err := ParseFile(file)
	if err != nil {
		return err
	}
	return pp.VerifyUser(user, passwd)
}

// VerifyUser will check if the given user and password are matching
// with the given Passwd object
func (pp Passwds) VerifyUser(user, passwd string) error {
	if _, ok := pp[user]; !ok {
		return fmt.Errorf("user %s does not exist", user)
	}
	alg, err := identifyHash(pp[user])
	if err != nil {
		return fmt.Errorf("cannot identify algo %v", alg)
	}
	return alg.Match(passwd, pp[user])
}

// WriteFile will write the Passwds object to the given file
func (pp Passwds) WriteFile(file string) error {
	return os.WriteFile(file, pp.Bytes(), os.ModePerm)
}

// Bytes will return the Passwd as a byte slice
func (pp Passwds) Bytes() []byte {
	pass := []byte{}
	for name, hash := range pp {
		pass = append(pass, []byte(name+":"+hash+"\n")...)
	}
	return pass
}

func identifyHash(h string) (Hasher, error) {
	switch {
	case strings.HasPrefix(h, "$2a$"), strings.HasPrefix(h, "$2y$"),
		strings.HasPrefix(h, "$2x$"), strings.HasPrefix(h, "$2b$"):
		return new(Bcrypt), nil
	case strings.HasPrefix(h, "$apr1$"):
		return new(Apr1), nil
	case strings.HasPrefix(h, "{SHA}"):
		return new(Sha), nil
	case strings.HasPrefix(h, "{SSHA}"):
		return new(Ssha), nil
	case strings.HasPrefix(h, "$5$"):
		return new(Sha256), nil
	case strings.HasPrefix(h, "$6$"):
		return new(Sha512), nil
	}

	return nil, fmt.Errorf("unsupported hash algorithm")
}

func validLine(parts []string, lineNumber int, line string) (bool, error) {
	var err error
	if len(parts) != 2 {
		err = errors.New(fmt.Sprintln("invalid line", lineNumber+1,
			"unexpected number of parts split by", ":", len(parts),
			"instead of 2 in\"", line, "\""))
		return false, err
	}
	return true, nil
}

func trimParts(parts []string) []string {
	for i, part := range parts {
		parts[i] = strings.Trim(part, " ")
	}
	return parts
}
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`// Package htpasswd contains utilities for manipulating .htpasswd files`
			`package htpasswd`

			`import (`
			`"errors"`
			`"fmt"`
			`"os"`
			`"strings"`
			`)`

			`// Passwds name => hash`
			`type Passwds map[string]string`

htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`// Hasher interface implemented by hash algos`
			`type Hasher interface {`
			`Hash(password string) (string, error)`
			`Match(password, hashedPassword string) error`
			`Name() string`
			`Prefix() string`
			`}`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`// ParseFile parses a .htpasswd file`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`// and returns a Passwd type`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`func ParseFile(file string) (Passwds, error) {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`htpasswdBytes, err := os.ReadFile(file)`
			`if err != nil {`
			`return nil, err`
			`}`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`return Parse(htpasswdBytes)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`// Parse parses a slice of bytes in htpasswd style`
			`func Parse(htpasswdBytes []byte) (Passwds, error) {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`lines := strings.Split(string(htpasswdBytes), "\n")`
			`passwords := make(map[string]string)`
			`var err error`

			`for lineNumber, line := range lines {`
			`line = strings.Trim(line, " ")`
			`if len(line) == 0 {`
			`// skipping empty lines`
			`continue`
			`}`

			`parts := strings.Split(line, ":")`
			`if ok, err := validLine(parts, lineNumber, line); !ok {`
			`return passwords, err`
			`}`

			`parts = trimParts(parts)`
			`_, exists := passwords[parts[0]]`

			`if exists {`
vscode: add hasher, htpasswd and Passwds to the dictionary Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`err = errors.New("invalid htpasswd file - user " +`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`parts[0] + " defined more than once")`
			`return passwords, err`
			`}`
			`passwords[parts[0]] = parts[1]`
			`}`
			`return passwords, err`
			`}`

			`// CreateUser creates a record in the named file with`
			`// the named password and hash algorithm`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`func CreateUser(file, user, passwd string, algo Hasher) error {`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`pp, err := ParseFile(file)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if err != nil {`
			`return err`
			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`err = pp.CreateUser(user, passwd, algo)`
			`if err != nil {`
			`return err`
			`}`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`return pp.WriteFile(file)`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

			`// CreateUser will create a new user in the given Passwd object`
			`// using the given name, password and hashing algorithm`
			`func (pp Passwds) CreateUser(user, passwd string, algo Hasher) error {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if _, exists := pp[user]; exists {`
			`return fmt.Errorf("user %s already exists", user)`
			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`h, err := algo.Hash(passwd)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if err != nil {`
			`return err`
			`}`
			`pp[user] = h`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return nil`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

			`// UpdateUser will update the password for the named user`
			`// in the named file`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`func UpdateUser(file, user, passwd string, algo Hasher) error {`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`pp, err := ParseFile(file)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if err != nil {`
			`return err`
			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`err = pp.UpdateUser(user, passwd, algo)`
			`if err != nil {`
			`return err`
			`}`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`return pp.WriteFile(file)`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

			`// UpdateUser will update the password for the named user`
			`// using the given name, password and hashing algorithm`
			`func (pp Passwds) UpdateUser(user, passwd string, algo Hasher) error {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if _, exists := pp[user]; !exists {`
			`return fmt.Errorf("user %s does not exist", user)`
			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`h, err := algo.Hash(passwd)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if err != nil {`
			`return err`
			`}`
			`pp[user] = h`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return nil`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

			`// DeleteUser deletes the named user from the named file`
			`func DeleteUser(file, user string) error {`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`pp, err := ParseFile(file)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if err != nil {`
			`return err`
			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`err = pp.DeleteUser(user)`
			`if err != nil {`
			`return err`
			`}`

htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`return pp.WriteFile(file)`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

			`// DeleteUser deletes the named user from the named file`
			`func (pp Passwds) DeleteUser(user string) error {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if _, exists := pp[user]; !exists {`
			`return fmt.Errorf("user %s does not exist", user)`
			`}`

			`delete(pp, user)`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return nil`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

			`// VerifyUser will check if the given user and password are matching`
			`// with the content of the given file`
			`func VerifyUser(file, user, passwd string) error {`
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`pp, err := ParseFile(file)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if err != nil {`
			`return err`
			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return pp.VerifyUser(user, passwd)`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`// VerifyUser will check if the given user and password are matching`
			`// with the given Passwd object`
			`func (pp Passwds) VerifyUser(user, passwd string) error {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if _, ok := pp[user]; !ok {`
			`return fmt.Errorf("user %s does not exist", user)`
			`}`
			`alg, err := identifyHash(pp[user])`
			`if err != nil {`
			`return fmt.Errorf("cannot identify algo %v", alg)`
			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return alg.Match(passwd, pp[user])`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`
htpasswd: implement sha256 and sha512 algorithms Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago
htpasswd: standarize function names Signed-off-by: Alejandro Mery <amery@jpi.io> 1 year ago			`// WriteFile will write the Passwds object to the given file`
			`func (pp Passwds) WriteFile(file string) error {`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return os.WriteFile(file, pp.Bytes(), os.ModePerm)`
htpasswd: implement sha256 and sha512 algorithms Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`// Bytes will return the Passwd as a byte slice`
			`func (pp Passwds) Bytes() []byte {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`pass := []byte{}`
			`for name, hash := range pp {`
			`pass = append(pass, []byte(name+":"+hash+"\n")...)`
			`}`
			`return pass`
			`}`

htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`func identifyHash(h string) (Hasher, error) {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`switch {`
			`case strings.HasPrefix(h, "$2a$"), strings.HasPrefix(h, "$2y$"),`
			`strings.HasPrefix(h, "$2x$"), strings.HasPrefix(h, "$2b$"):`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return new(Bcrypt), nil`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`case strings.HasPrefix(h, "$apr1$"):`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return new(Apr1), nil`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`case strings.HasPrefix(h, "{SHA}"):`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return new(Sha), nil`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`case strings.HasPrefix(h, "{SSHA}"):`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return new(Ssha), nil`
htpasswd: implement sha256 and sha512 algorithms Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`case strings.HasPrefix(h, "$5$"):`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return new(Sha256), nil`
htpasswd: implement sha256 and sha512 algorithms Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`case strings.HasPrefix(h, "$6$"):`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return new(Sha512), nil`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return nil, fmt.Errorf("unsupported hash algorithm")`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`func validLine(parts []string, lineNumber int, line string) (bool, error) {`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`var err error`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`if len(parts) != 2 {`
			`err = errors.New(fmt.Sprintln("invalid line", lineNumber+1,`
			`"unexpected number of parts split by", ":", len(parts),`
			`"instead of 2 in\"", line, "\""))`
			`return false, err`
htpasswd: implement sha256 and sha512 algorithms Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return true, nil`
htpasswd: implement sha256 and sha512 algorithms Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`

htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`func trimParts(parts []string) []string {`
			`for i, part := range parts {`
			`parts[i] = strings.Trim(part, " ")`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`
htpasswd: refactor and add Passwd methods Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`return parts`
htpasswd: implement routines for working with .htpasswd Signed-off-by: Nagy Károly Gábriel <k@jpi.io> 1 year ago			`}`