From f728eb21b0a38299d2ef51de98a61103c423f32c Mon Sep 17 00:00:00 2001 From: Amy Gale Ruth Bowersox Date: Fri, 3 Oct 2025 23:29:04 -0600 Subject: [PATCH] added user.NewAuthToken --- database/user.go | 19 +++++++++++++++++++ login.go | 2 +- util/random.go | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 util/random.go diff --git a/database/user.go b/database/user.go index 19196f7..05af55b 100644 --- a/database/user.go +++ b/database/user.go @@ -14,9 +14,11 @@ import ( "encoding/hex" "errors" "fmt" + "hash/crc32" "sync" "time" + "git.erbosoft.com/amy/amsterdam/util" lru "github.com/hashicorp/golang-lru" log "github.com/sirupsen/logrus" ) @@ -68,6 +70,23 @@ func (u *User) ContactInfo() (*ContactInfo, error) { return AmGetContactInfo(u.ContactID) } +/* NewAuthToken generates and returns a new authentication token for the user. + * Returns: + * Authentication token value + * Standard Go error status. + */ +func (u *User) NewAuthToken() (string, error) { + u.Mutex.Lock() + defer u.Mutex.Unlock() + newToken := util.GenerateRandomAuthString() + if _, err := amdb.Exec("UPDATE users SET tokenauth = ? WHERE uid = ?", newToken, u.Uid); err != nil { + return "", err + } + u.Tokenauth = &newToken + checkValue := uint32(u.Uid) ^ crc32.ChecksumIEEE([]byte(newToken)) + return fmt.Sprintf("AQAT:%d|%s|%d|", u.Uid, newToken, checkValue), nil +} + /* AmGetUser returns a reference to the specified user. * Parameters: * uid - The UID of the user. diff --git a/login.go b/login.go index 96bb3cc..9ab495c 100644 --- a/login.go +++ b/login.go @@ -78,7 +78,7 @@ func Login(ctxt ui.AmContext) (string, any, error) { ci, uerr = user.ContactInfo() if uerr == nil { if ci != nil && ci.Email != nil && *ci.Email != "" { - msg := email.AmNewEmailMessage(user.Uid, ctxt.RemoteIP()) + msg := email.AmNewEmailMessage(ctxt.CurrentUserId(), ctxt.RemoteIP()) msg.AddTo(*ci.Email, "") msg.SetTemplate("pass_remind.jet") msg.AddVariable("username", user.Username) diff --git a/util/random.go b/util/random.go new file mode 100644 index 0000000..ea8300d --- /dev/null +++ b/util/random.go @@ -0,0 +1,35 @@ +/* + * Amsterdam Web Communities System + * Copyright (c) 2025 Erbosoft Metaverse Design Solutions, All Rights Reserved + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +// Package util contains utility definitions. +package util + +import ( + "crypto/rand" + "io" +) + +// authAlphabet is the set of characters from which we generate auth strings. +const authAlphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./" + +// authStringLen is the standard lengtth of authentication strings. +const authStringLen = 32 + +// GenerateRandomAuthString generates a random authentication string. +func GenerateRandomAuthString() string { + b := make([]byte, authStringLen) + if _, err := io.ReadFull(rand.Reader, b); err != nil { + // can't happen (at least on a modern OS) + panic("failed to read random: " + err.Error()) + } + for i := 0; i < authStringLen; i++ { + b[i] = authAlphabet[int(b[i])%len(authAlphabet)] + } + return string(b) +}