added more tests and refactored

account.go

@@ -12,9 +12,14 @@ import (
)
const (
	publishLayout = "200601021504"
	publishDateLayout = "200601021504"
)
type Account struct {
	Username   string `json:username`
	Passphrase string `json:passphrase`
}
func getAccounts() ([]Account, error) {
	file := UserFile
@@ -195,7 +200,7 @@ func (a *Account) Add(content, filename string, file []byte) (string, error) {
	// Create new content directory if necessary
	if content == "" {
		content = fmt.Sprintf("%x", hash(userDir+time.Now().Format(publishLayout), salt()))
		content = fmt.Sprintf("%x", hash(userDir+time.Now().Format(publishDateLayout), salt()))
	}
	// Create new content directory
@@ -241,7 +246,7 @@ func (a *Account) Publish(title, content string, date time.Time) error {
	userDir := strings.ToLower(a.Username)
	s := string(filepath.Separator)
	contentPath := baseDir + s + userDir + s + "content" + s + content
	publishPath := baseDir + s + userDir + s + "blog" + s + date.Format(publishLayout) + "-" + prettyTitle
	publishPath := baseDir + s + userDir + s + "blog" + s + date.Format(publishDateLayout) + "-" + prettyTitle
	// Check if the content exists
	if _, err := os.Stat(contentPath); os.IsNotExist(err) {

environment.go

@@ -0,0 +1,28 @@
package main
import "os"
var (
	EnvironmentVariables = map[string]string{
		"LOOP_URL":  "localhost:6006",
		"LOOP_SALT": "whatyoutalkingaboutwillus",
		"LOOP_DATA": ".",
	}
)
func ConfigureEnvironment() {
	for key, value := range EnvironmentVariables {
		env := os.Getenv(key)
		if env == "" && value != "" {
			os.Setenv(key, value)
		}
	}
}
func address() string {
	return os.Getenv("LOOP_URL")
}
func salt() string {
	return os.Getenv("LOOP_SALT")
}

environment_test.go

@@ -0,0 +1,16 @@
package main
import (
	"os"
	"testing"
)
func TestConfigureEnvironment(t *testing.T) {
	ConfigureEnvironment()
	for k, v := range EnvironmentVariables {
		ev := os.Getenv(k)
		if ev == "" || ev != v {
			t.FailNow()
		}
	}
}

main.go

@@ -1,42 +1,14 @@
package main
import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/md5"
	"crypto/rand"
	"crypto/sha512"
	"encoding/base64"
	"errors"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"
	"strings"
)
const (
	UserFile = "loop_users"
)
var (
	EnvironmentVariables = map[string]string{
		"LOOP_URL":  "localhost:6006",
		"LOOP_SALT": "whatyoutalkingaboutwillus",
		"LOOP_DATA": ".",
	}
)
func ConfigureEnvironment() {
	for key, value := range EnvironmentVariables {
		env := os.Getenv(key)
		if env == "" && value != "" {
			os.Setenv(key, value)
		}
	}
}
func main() {
	log.Print("Configuring environment...")
	ConfigureEnvironment()
@@ -45,97 +17,3 @@ func main() {
	log.Fatal(http.ListenAndServe(address(), nil))
}
// General stuff
type Account struct {
	Username   string `json:username`
	Passphrase string `json:passphrase`
}
func address() string {
	return os.Getenv("LOOP_URL")
}
// Security stuff
func encodeBase64(data []byte) string {
	return base64.StdEncoding.EncodeToString(data)
}
func decodeBase64(data []byte) []byte {
	b, _ := base64.StdEncoding.DecodeString(string(data))
	return b
}
func salt() string {
	return os.Getenv("LOOP_SALT")
}
func getSizedKey(key string) string {
	// Get the correct key length
	l := len(key)
	if l < 16 {
		for i := 0; i < 16-l; i++ {
			key += "."
		}
	} else if l < 24 {
		for i := 0; i < 24-l; i++ {
			key += "."
		}
	} else if l < 32 {
		for i := 0; i < 32-l; i++ {
			key += "."
		}
	} else {
		key = key[:32]
	}
	return key
}
func encrypt(text, passphrase string) ([]byte, error) {
	key := []byte(getSizedKey(passphrase))
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	cipherText := make([]byte, aes.BlockSize+len(text))
	iv := cipherText[:aes.BlockSize]
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		return nil, err
	}
	encrypter := cipher.NewCFBEncrypter(block, iv)
	encrypter.XORKeyStream(cipherText[aes.BlockSize:], []byte(text))
	return cipherText, nil
}
func decrypt(text []byte, passphrase string) ([]byte, error) {
	key := []byte(getSizedKey(passphrase))
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	if len(text) < aes.BlockSize {
		return nil, errors.New("Cipher text too short")
	}
	iv := text[:aes.BlockSize]
	data := text[aes.BlockSize:]
	decrypter := cipher.NewCFBDecrypter(block, iv)
	decrypter.XORKeyStream(data, data)
	return data, nil
}
func hash(clearText, salt string) []byte {
	h := md5.New()
	h.Write([]byte(clearText))
	return h.Sum(nil)
}
func hashCredentials(username, passphrase, salt string) []byte {
	clearText := fmt.Sprintf(
		"%s%s-%s",
		salt,
		strings.ToLower(username),
		strings.ToLower(passphrase))
	sha := sha512.New()
	sha.Write([]byte(clearText))
	return sha.Sum(nil)
}
func generatePassphrase(username, passphrase string) string {
	return encodeBase64(hashCredentials(username, passphrase, salt()))
}

main_test.go

@@ -1,16 +0,0 @@
package main
import (
	"os"
	"testing"
)
func TestAddress(t *testing.T) {
	expected := "127.0.0.1:8888"
	os.Setenv("LOOP_URL", expected)
	actual := os.Getenv("LOOP_URL")
	if actual != expected {
		t.FailNow()
	}
}

security.go

@@ -0,0 +1,99 @@
package main
import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/md5"
	"crypto/rand"
	"crypto/sha512"
	"encoding/base64"
	"errors"
	"fmt"
	"io"
	"strings"
)
func encodeBase64(data []byte) string {
	return base64.StdEncoding.EncodeToString(data)
}
func decodeBase64(data []byte) []byte {
	b, _ := base64.StdEncoding.DecodeString(string(data))
	return b
}
func getSizedKey(key string) string {
	// Get the correct key length
	l := len(key)
	if l < 16 {
		for i := 0; i < 16-l; i++ {
			key += "."
		}
	} else if l < 24 {
		for i := 0; i < 24-l; i++ {
			key += "."
		}
	} else if l < 32 {
		for i := 0; i < 32-l; i++ {
			key += "."
		}
	} else {
		key = key[:32]
	}
	return key
}
func encrypt(text, passphrase string) ([]byte, error) {
	key := []byte(getSizedKey(passphrase))
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	cipherText := make([]byte, aes.BlockSize+len(text))
	iv := cipherText[:aes.BlockSize]
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		return nil, err
	}
	encrypter := cipher.NewCFBEncrypter(block, iv)
	encrypter.XORKeyStream(cipherText[aes.BlockSize:], []byte(text))
	return cipherText, nil
}
func decrypt(text []byte, passphrase string) ([]byte, error) {
	key := []byte(getSizedKey(passphrase))
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	if len(text) < aes.BlockSize {
		return nil, errors.New("Cipher text too short")
	}
	iv := text[:aes.BlockSize]
	data := text[aes.BlockSize:]
	decrypter := cipher.NewCFBDecrypter(block, iv)
	decrypter.XORKeyStream(data, data)
	return data, nil
}
func hash(clearText, salt string) []byte {
	h := md5.New()
	h.Write([]byte(clearText))
	return h.Sum(nil)
}
func hashCredentials(username, passphrase, salt string) []byte {
	clearText := fmt.Sprintf(
		"%s%s-%s",
		salt,
		strings.ToLower(username),
		strings.ToLower(passphrase))
	sha := sha512.New()
	sha.Write([]byte(clearText))
	return sha.Sum(nil)
}
func generatePassphrase(username, passphrase string) string {
	return encodeBase64(hashCredentials(username, passphrase, salt()))
}

security_test.go

@@ -0,0 +1,42 @@
package main
import "testing"
func TestEncoding(t *testing.T) {
	clear := "encoding test"
	base64 := encodeBase64([]byte(clear))
	decode64 := string(decodeBase64([]byte(base64)))
	if decode64 != clear {
		t.Error("Encoding does not match")
	}
}
func TestEncryption(t *testing.T) {
	clear := "encryption test"
	passphrase := "password"
	encrypted, err := encrypt(clear, passphrase)
	if err != nil {
		t.Error(err)
	}
	decrypted, err := decrypt(encrypted, passphrase)
	if err != nil {
		t.Error(err)
	}
	if clear != string(decrypted) {
		t.Error("Encryption does not match")
	}
}
func TestHash(t *testing.T) {
	t.Skip("Need a test for hashing")
}
func TestHashCredentials(t *testing.T) {
	t.Skip("Need a test for hashing credentials")
}
func TestGeneratePassphrase(t *testing.T) {
	t.Skip("Need a test for generating a passphrase")
}