commit 9344591ce01d954ea969634b3c2d29432dd34bce Author: Ilya Sosnovsky Date: Fri Feb 5 09:37:12 2021 +0300 Initial commit diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..83ec10e --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +# IntelliJ project files +.idea +*.iml +out +gen + +openvpn-user.db +openvpn-user diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..984f48b --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +openvpn-user +openvpn-user.db + +# Editor directories and files +.idea +*.suo +*.ntvs* +*.njsproj +*.sln \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b17a77b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,4 @@ +FROM golang:1.14.2-alpine3.11 AS builder +COPY . /app +RUN cd /app && env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags='-linkmode external -extldflags "-static" -s -w' -o openvpn-user + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..4169d38 --- /dev/null +++ b/README.md @@ -0,0 +1,62 @@ +# openvpn-user + +### disclaimer +Not tested in production environments! + +Use it on your own risk =) + +### Description +A simple tool to use with openvpn when you need to use `–auth-user-pass-verify` or wherever you want + +### Example + +part of openvpn server config +```bash +auth-user-pass-verify /etc/openvpn/scripts/auth.sh via-file +``` + +make sure `openvpn-user` binary available through `PATH` variable +i.e. put it in `/usr/local/sbin/openvpn-user` + +### Usage +``` +usage: openvpn-user [] [ ...] + +Flags: + --help Show context-sensitive help (also try --help-long and --help-man). + --db.path="./openvpn-user.db" path do openvpn-user db + +Commands: + help [...] + Show help. + + db-init + Init db. + + db-migrate + STUB: Migrate db. + + create --user=USER --password=PASSWORD + Create user. + + delete --user=USER + Delete user. + + revoke --user=USER + Revoke user. + + restore --user=USER + Restore user. + + list [] + List active users. + + flags: + --all Show all users include revoked and delete + + auth --user=USER --password=PASSWORD + Auth user. + + change-password --user=USER --password=PASSWORD + Change password +``` diff --git a/auth.sh b/auth.sh new file mode 100644 index 0000000..81f8f08 --- /dev/null +++ b/auth.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +set -e + +openvpn-user auth --user $(head -1 $1) --password $(tail -1 $1) diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..1e7c40e --- /dev/null +++ b/build.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags='-linkmode external -extldflags "-static" -s -w' -o openvpn-user diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..7ee090a --- /dev/null +++ b/go.mod @@ -0,0 +1,14 @@ +module openvpn-user + +go 1.14 + +require ( + github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect + github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 // indirect + github.com/iamacarpet/go-sqlite3-dynamic v0.0.0-20190515092955-345069c6d7b9 + github.com/mattn/go-sqlite3 v1.14.6 + github.com/notti/nocgo v0.0.0-20190619201224-fc443047424c // indirect + github.com/stretchr/testify v1.7.0 // indirect + golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad + gopkg.in/alecthomas/kingpin.v2 v2.2.6 +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..b46dd97 --- /dev/null +++ b/go.sum @@ -0,0 +1,33 @@ +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4 h1:EBTWhcAX7rNQ80RLwLCpHZBBrJuzallFHnF+yMXo928= +github.com/alecthomas/units v0.0.0-20201120081800-1786d5ef83d4/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/iamacarpet/go-sqlite3-dynamic v0.0.0-20190515092955-345069c6d7b9 h1:MDZ6mJ7Ouz9lSwLtD7v2QeDlbdL6rONTAJRNEQqRYC0= +github.com/iamacarpet/go-sqlite3-dynamic v0.0.0-20190515092955-345069c6d7b9/go.mod h1:HSsZaV17NZLgfHsNz3wzjE66Gd2EGlF8OuC0DdPpgPk= +github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg= +github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/notti/nocgo v0.0.0-20190619201224-fc443047424c h1:3fTZ9+GLtn9eqKC1RGLojMG7St2WsskOeGXKFEhNTlo= +github.com/notti/nocgo v0.0.0-20190619201224-fc443047424c/go.mod h1:kJHUidcvEI83gsDlB+I58aaOuzvJmPfbqrqYjTqmdHA= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY= +golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/openvpn-user.go b/openvpn-user.go new file mode 100644 index 0000000..49c3d93 --- /dev/null +++ b/openvpn-user.go @@ -0,0 +1,212 @@ +package main + +import ( + "database/sql" + "fmt" + _ "github.com/mattn/go-sqlite3" + "golang.org/x/crypto/bcrypt" + "gopkg.in/alecthomas/kingpin.v2" + "os" + "text/tabwriter" +) + +var ( + dbPath = kingpin.Flag("db.path", "path do openvpn-user db").Default("./openvpn-user.db").String() + + dbInitCommand = kingpin.Command("db-init", "Init db.") + dbMigrateCommand = kingpin.Command("db-migrate", "STUB: Migrate db.") + + createCommand = kingpin.Command("create", "Create user.") + createCommandUserFlag = createCommand.Flag("user", "Username.").Required().String() + createCommandPasswordFlag = createCommand.Flag("password", "Password.").Required().String() + + deleteCommand = kingpin.Command("delete", "Delete user.") + deleteCommandUserFlag = deleteCommand.Flag("user", "Username.").Required().String() + + revokeCommand = kingpin.Command("revoke", "Revoke user.") + revokeCommandUserFlag = revokeCommand.Flag("user", "Username.").Required().String() + + restoreCommand = kingpin.Command("restore", "Restore user.") + restoreCommandUserFlag = restoreCommand.Flag("user", "Username.").Required().String() + + listCommand = kingpin.Command("list", "List active users.") + listAll = listCommand.Flag("all", "Show all users include revoked and deleted.").Default("false").Bool() + + authCommand = kingpin.Command("auth", "Auth user.") + authCommandUserFlag = authCommand.Flag("user", "Username.").Required().String() + authCommandPasswordFlag = authCommand.Flag("password", "Password.").Required().String() + + changePasswordCommand = kingpin.Command("change-password", "Change password") + changePasswordCommandUserFlag = changePasswordCommand.Flag("user", "Username.").Required().String() + changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String() + + //debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool() + //verbose = kingpin.Flag("verbose", "Enable verbose mode.").Default("false").Bool() + +) + +type User struct { + id int64 + name string + password string + revoked bool + deleted bool +} + +func main() { + + switch kingpin.Parse() { + case createCommand.FullCommand(): + createUser(*createCommandUserFlag, *createCommandPasswordFlag) + case deleteCommand.FullCommand(): + deleteUser(*deleteCommandUserFlag) + case revokeCommand.FullCommand(): + revokedUser(*revokeCommandUserFlag) + case restoreCommand.FullCommand(): + restoreUser(*restoreCommandUserFlag) + case listCommand.FullCommand(): + printUsers() + case authCommand.FullCommand(): + authUser(*authCommandUserFlag, *authCommandPasswordFlag) + case changePasswordCommand.FullCommand(): + changeUserPassword(*changePasswordCommandUserFlag, *changePasswordCommandPasswordFlag) + case dbInitCommand.FullCommand(): + initDb() + case dbMigrateCommand.FullCommand(): + migrateDb() + } +} + +func getDb() *sql.DB { + db, err := sql.Open("sqlite3", *dbPath) + checkErr(err) + if db == nil { + panic("db is nil") + } + return db +} + +func initDb() { + // boolean fields are integer because of sqlite does not support boolean: 1 = true, 0 = false + _, err := getDb().Exec("CREATE TABLE IF NOT EXISTS users(id integer not null primary key autoincrement, username string UNIQUE, password string, revoked integer default 0, deleted integer default 0)") + checkErr(err) + fmt.Printf("Database initialized at %s\n", *dbPath) +} + +func migrateDb() { + fmt.Println("STUB: Migrations are up to date") +} + +func createUser(username, password string) { + if !checkUserExistent(username) { + hash, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.MinCost) + _, err := getDb().Exec("INSERT INTO users(username, password) VALUES ($1, $2)", username, string(hash)) + checkErr(err) + fmt.Printf("User %s created\n", username) + } +} + +func deleteUser(username string) { + _, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username) + checkErr(err) + fmt.Printf("User %s deleted\n", username) +} + +func revokedUser(username string) { + // TODO: ignore deleted user + _, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username) + checkErr(err) + fmt.Printf("User %s revoked\n", username) +} + +func restoreUser(username string) { + // TODO: ignore deleted user + _, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username) + checkErr(err) + fmt.Printf("User %s restored\n", username) +} + +func checkUserExistent(username string) bool { + // we need to check if there is already such a user + + var c int + _ = getDb().QueryRow("SELECT count(*) FROM users WHERE username = $1", username).Scan(&c) + if c == 1 { + fmt.Printf("WARNING: User %s already registered\n", username) + return true + } else { + return false + } +} + +func listUsers() []User { + condition := "WHERE deleted = 0 AND revoked = 0" + var users []User + if *listAll { + condition = "" + } + query := "SELECT * FROM users " + condition + rows, err := getDb().Query(query) + checkErr(err) + + for rows.Next() { + u := User{} + err := rows.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted) + if err != nil { + fmt.Println(err) + continue + } + users = append(users, u) + } + + return users +} + +func printUsers() { + ul := listUsers() + if len(ul) > 0 { + w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', tabwriter.TabIndent|tabwriter.Debug) + _, _ = fmt.Fprintln(w, "id\t username\t revoked\t deleted") + for _, u := range ul { + fmt.Fprintf(w, "%d\t %s\t %v\t %v\n", u.id, u.name, u.revoked, u.deleted) + } + _ = w.Flush() + } else { + fmt.Println("No users created yet") + } +} + +func changeUserPassword(username, password string) { + hash, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.MinCost) + _, err := getDb().Exec("UPDATE users SET password = $1 WHERE username = $2", hash, username) + checkErr(err) + + fmt.Println("Password changed") +} + +func authUser(username, password string) { + + row := getDb().QueryRow("select * from users where username = $1", username) + u := User{} + err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted) + checkErr(err) + + if ! u.revoked && ! u.deleted { + err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password)) + if err != nil { + fmt.Println("Passwords mismatched") + os.Exit(1) + } else { + fmt.Println("Auth successful") + os.Exit(0) + } + } + fmt.Println("Authorization failed") + os.Exit(1) +} + +func checkErr(err error) { + if err != nil { + panic(err) + } +}