init
This commit is contained in:
51
subsonic/auth.go
Normal file
51
subsonic/auth.go
Normal file
@@ -0,0 +1,51 @@
|
||||
package subsonic
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func verifyAgainstPassword(userPassword, passwordParam string) bool {
|
||||
p := passwordParam
|
||||
if strings.HasPrefix(passwordParam, "enc:") {
|
||||
b, err := hex.DecodeString(passwordParam)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
p = string(b)
|
||||
}
|
||||
|
||||
return userPassword == p
|
||||
}
|
||||
|
||||
func verifyAgainstToken(password, token, salt string) bool {
|
||||
hash := md5.Sum([]byte(password + salt))
|
||||
return hex.EncodeToString(hash[:]) == token
|
||||
}
|
||||
|
||||
func VerifyUser(r *http.Request, username, password string) error {
|
||||
u := r.URL.Query().Get("u")
|
||||
if u == "" {
|
||||
return fmt.Errorf("username parameter missing")
|
||||
}
|
||||
|
||||
p := r.URL.Query().Get("p")
|
||||
if p != "" {
|
||||
ok := verifyAgainstPassword(password, p)
|
||||
if !ok {
|
||||
return fmt.Errorf("passwords don't match")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
t := r.URL.Query().Get("t")
|
||||
s := r.URL.Query().Get("s")
|
||||
if !verifyAgainstToken(password, t, s) {
|
||||
return fmt.Errorf("passwords don't match")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user