Skip to content

Commit

Permalink
feat(web): validate password (#779)
Browse files Browse the repository at this point in the history
* feat(web): validate password

https://github.com/wagslane/go-password-validator

* fix: validate password only if password is non-empty
  • Loading branch information
WaterLemons2k authored Jul 21, 2023
1 parent b486804 commit 6bc09d7
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 1 deletion.
5 changes: 4 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,7 @@ require (
gopkg.in/yaml.v3 v3.0.1
)

require golang.org/x/sys v0.6.0 // indirect
require (
github.com/wagslane/go-password-validator v0.3.0 // indirect
golang.org/x/sys v0.6.0 // indirect
)
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
github.com/kardianos/service v1.2.2 h1:ZvePhAHfvo0A7Mftk/tEzqEZ7Q4lgnR8sGz4xu1YX60=
github.com/kardianos/service v1.2.2/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
github.com/wagslane/go-password-validator v0.3.0 h1:vfxOPzGHkz5S146HDpavl0cw1DSVP061Ry2PX0/ON6I=
github.com/wagslane/go-password-validator v0.3.0/go.mod h1:TI1XJ6T5fRdRnHqHt14pvy1tNVnrwe7m3/f1f2fDphQ=
golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
Expand Down
91 changes: 91 additions & 0 deletions web/password.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
package web

import (
"errors"
"fmt"
"strings"

passwordvalidator "github.com/wagslane/go-password-validator"
)

const (
replaceChars = `!@$&*`
sepChars = `_-., `
otherSpecialChars = `"#%'()+/:;<=>?[\]^{|}~`
lowerChars = `abcdefghijklmnopqrstuvwxyz`
upperChars = `ABCDEFGHIJKLMNOPQRSTUVWXYZ`
digitsChars = `0123456789`
)

// validate 检查密码强度是否大于最低要求(50)。如果不是则返回错误并说明如何加强密码。向客户端显示此错误是安全的。
func validate(password string) error {
return validatePassword(password, 50)
}

// validatePassword 在密码大于或等于 minEntropy 时返回 nil。如果不是则返回错误。
// 这解释了如何加强密码。向客户端显示此错误是安全的。
//
// https://github.com/wagslane/go-password-validator/blob/v0.3.0/validate.go#L13
func validatePassword(password string, minEntropy float64) error {
entropy := passwordvalidator.GetEntropy(password)
if entropy >= minEntropy {
return nil
}

hasReplace := false
hasSep := false
hasOtherSpecial := false
hasLower := false
hasUpper := false
hasDigits := false
for _, c := range password {
if strings.ContainsRune(replaceChars, c) {
hasReplace = true
continue
}
if strings.ContainsRune(sepChars, c) {
hasSep = true
continue
}
if strings.ContainsRune(otherSpecialChars, c) {
hasOtherSpecial = true
continue
}
if strings.ContainsRune(lowerChars, c) {
hasLower = true
continue
}
if strings.ContainsRune(upperChars, c) {
hasUpper = true
continue
}
if strings.ContainsRune(digitsChars, c) {
hasDigits = true
continue
}
}

allMessages := []string{}

if !hasOtherSpecial || !hasSep || !hasReplace {
allMessages = append(allMessages, "包含更多特殊字符")
}
if !hasLower {
allMessages = append(allMessages, "使用小写字母")
}
if !hasUpper {
allMessages = append(allMessages, "使用大写字母")
}
if !hasDigits {
allMessages = append(allMessages, "使用数字")
}

if len(allMessages) > 0 {
return fmt.Errorf(
"密码不安全!尝试%v或使用更长的密码",
strings.Join(allMessages, ","),
)
}

return errors.New("密码不安全!尝试使用更长的密码")
}
8 changes: 8 additions & 0 deletions web/save.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ func checkAndSave(request *http.Request) string {

}

// 如果密码不为空则检查是否够强
if passwordNew != "" {
err = validate(passwordNew)
if err != nil {
return err.Error()
}
}

conf.NotAllowWanAccess = request.FormValue("NotAllowWanAccess") == "on"
conf.Username = usernameNew
conf.Password = passwordNew
Expand Down

0 comments on commit 6bc09d7

Please sign in to comment.