/
auth.go
101 lines (87 loc) · 2.54 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package mess
import (
"github.com/bmizerany/pq"
"github.com/jameskeane/bcrypt"
"log"
"time"
)
type AccountStore interface {
AccountForLogin(name, password string) (acc *Account)
CreateAccount(name, password string) (acc *Account)
GetAccount(name string) (acc *Account)
}
type Account struct {
LoginName string
PasswordHash string
Character ThingId
Created time.Time
}
func (w *DatabaseWorld) GetAccount(name string) (acc *Account) {
acc = &Account{}
row := w.db.QueryRow("SELECT loginname, character, created FROM account WHERE loginname = $1",
name)
err := row.Scan(&acc.LoginName, &acc.Character, &acc.Created)
if err != nil {
log.Println("Error loading account with name", name, ":", err)
return nil
}
return
}
func (w *DatabaseWorld) AccountForLogin(name, password string) (acc *Account) {
acc = &Account{}
row := w.db.QueryRow("SELECT loginname, passwordhash, character, created FROM account WHERE loginname = $1",
name)
err := row.Scan(&acc.LoginName, &acc.PasswordHash, &acc.Character, &acc.Created)
// TODO: oh look there are timing attacks wheeeeeeee
if err != nil {
thing, ok := err.(pq.PGError)
var message string
if ok {
message = thing.Get('M')
} else {
message = err.Error()
}
log.Println("Error loading account with name", name, ":", message)
return nil
}
if !bcrypt.Match(password, acc.PasswordHash) {
log.Println("Bad login attempt for account", name)
return nil
}
return
}
func (w *DatabaseWorld) CreateAccount(name, password string) (acc *Account) {
passwordHash, err := bcrypt.Hash(password)
if err != nil {
log.Println("Couldn't hash password to create an account:", err.Error())
return nil
}
// TODO: Config setting for where to start new players?
origin := World.ThingForId(1)
char := World.CreateThing(name, PlayerThing, nil, origin)
if char == nil {
log.Println("Couldn't create character to create an account")
return nil
}
tx, err := w.db.Begin()
if err != nil {
log.Println("Couldn't open transaction to create an account:", err.Error())
return nil
}
acc = &Account{name, passwordHash, char.Id, time.Unix(0, 0)}
row := tx.QueryRow("INSERT INTO account (loginname, passwordhash, character) VALUES ($1, $2, $3) RETURNING created",
name, passwordHash, acc.Character)
err = row.Scan(&acc.Created)
if err != nil {
log.Println("Couldn't create new account:", err.Error())
tx.Rollback()
return nil
}
err = tx.Commit()
if err != nil {
log.Println("Couldn't commit transaction to create new account:", err.Error())
tx.Rollback()
return nil
}
return
}