// TODO: check for different levels of permissions
func (self httpModUI) CheckKey(privkey string) (bool, error) {
privkey_bytes, err := hex.DecodeString(privkey)
if err == nil {
kp := nacl.LoadSignKey(privkey_bytes)
if kp != nil {
defer kp.Free()
pubkey := hex.EncodeToString(kp.Public())
if self.daemon.database.CheckModPubkeyGlobal(pubkey) {
// this user is an admin
return true, nil
} else {
return false, nil
}
}
}
log.Println("invalid key format for key", privkey)
return false, err
}
// sign an article with a seed
func signArticle(nntp NNTPMessage, seed []byte) (signed *nntpArticle, err error) {
signed = new(nntpArticle)
signed.headers = make(ArticleHeaders)
h := nntp.Headers()
// copy headers
// copy into signed part
for k := range h {
if k == "X-PubKey-Ed25519" || k == "X-Signature-Ed25519-SHA512" {
// don't set signature or pubkey header
} else if k == "Content-Type" {
signed.headers.Set(k, "message/rfc822; charset=UTF-8")
} else {
v := h[k][0]
signed.headers.Set(k, v)
}
}
sha := sha512.New()
signed.signedPart = &nntpAttachment{}
// write body to sign buffer
mw := io.MultiWriter(sha, signed.signedPart)
err = nntp.WriteTo(mw)
mw.Write([]byte{10})
if err == nil {
// build keypair
kp := nacl.LoadSignKey(seed)
if kp == nil {
log.Println("failed to load seed for signing article")
return
}
defer kp.Free()
sk := kp.Secret()
pk := getSignPubkey(sk)
// sign it nigguh
digest := sha.Sum(nil)
sig := cryptoSign(digest, sk)
// log that we signed it
log.Printf("signed %s pubkey=%s sig=%s hash=%s", nntp.MessageID(), pk, sig, hexify(digest))
signed.headers.Set("X-Signature-Ed25519-SHA512", sig)
signed.headers.Set("X-PubKey-Ed25519", pk)
}
return
}