mirror of
https://github.com/H0llyW00dzZ/fiber2fa.git
synced 2025-02-06 10:24:03 +00:00
H0llyW00dzZ
302e9c9eb0
- [+] refactor(middleware.go): remove unnecessary utils.CopyString call Benchmark Result: Before (using utils) goos: windows goarch: amd64 pkg: github.com/H0llyW00dzZ/fiber2fa cpu: AMD Ryzen 9 3900X 12-Core Processor BenchmarkJSONSonicMiddlewareWithInvalidCookie-24 103310 10266 ns/op 6065 B/op 29 allocs/op BenchmarkJSONSonicWithValid2FA-24 56832 21915 ns/op 9777 B/op 68 allocs/op BenchmarkJSONSonicWithValidCookie-24 91604 12338 ns/op 7562 B/op 44 allocs/op BenchmarkJSONStdLibraryMiddlewareWithInvalidCookie-24 126547 9426 ns/op 6000 B/op 29 allocs/op BenchmarkJSONStdLibraryMiddlewareWithValid2FA-24 50286 24796 ns/op 8244 B/op 70 allocs/op BenchmarkJSONStdLibraryWithValidCookie-24 58072 19404 ns/op 7272 B/op 49 allocs/op After (without utils) goos: windows goarch: amd64 pkg: github.com/H0llyW00dzZ/fiber2fa cpu: AMD Ryzen 9 3900X 12-Core Processor BenchmarkJSONSonicMiddlewareWithInvalidCookie-24 118537 9420 ns/op 6060 B/op 29 allocs/op BenchmarkJSONSonicWithValid2FA-24 58778 20506 ns/op 9237 B/op 66 allocs/op BenchmarkJSONSonicWithValidCookie-24 96550 12558 ns/op 7371 B/op 41 allocs/op BenchmarkJSONStdLibraryMiddlewareWithInvalidCookie-24 124382 9629 ns/op 6001 B/op 29 allocs/op BenchmarkJSONStdLibraryMiddlewareWithValid2FA-24 47356 24286 ns/op 8189 B/op 68 allocs/op BenchmarkJSONStdLibraryWithValidCookie-24 58508 19867 ns/op 7105 B/op 46 allocs/op
57 lines
1.6 KiB
Go
57 lines
1.6 KiB
Go
// Copyright (c) 2024 H0llyW00dz All rights reserved.
|
|
//
|
|
// License: BSD 3-Clause License
|
|
|
|
package twofa
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"crypto/subtle"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// GenerateCookieValue generates a signed cookie value using HMAC.
|
|
//
|
|
// TODO: Implement an extra layer of cookie value (in addition to the current timestamp)
|
|
// and enhance security by using custom cryptography for encryption and decryption value.
|
|
// Use a user secret derived from 2FA for encryption/decryption and bind it to a UUID for identification purposes.
|
|
// This will replace the current implementation that uses HMAC.
|
|
func (m *Middleware) GenerateCookieValue(expirationTime time.Time) string {
|
|
data := fmt.Sprintf("%d", expirationTime.Unix())
|
|
hash := hmac.New(sha256.New, []byte(m.Config.Secret))
|
|
hash.Write([]byte(data))
|
|
signature := base64.RawURLEncoding.EncodeToString(hash.Sum(nil))
|
|
return fmt.Sprintf("%s.%s", data, signature)
|
|
}
|
|
|
|
// validateCookie validates the cookie value using HMAC.
|
|
func (m *Middleware) validateCookie(cookie string) bool {
|
|
parts := strings.Split(cookie, ".")
|
|
if len(parts) != 2 {
|
|
return false
|
|
}
|
|
|
|
data := parts[0]
|
|
signature := parts[1]
|
|
|
|
hash := hmac.New(sha256.New, []byte(m.Config.Secret))
|
|
hash.Write([]byte(data))
|
|
expectedSignature := base64.RawURLEncoding.EncodeToString(hash.Sum(nil))
|
|
|
|
if subtle.ConstantTimeCompare([]byte(signature), []byte(expectedSignature)) != 1 {
|
|
return false
|
|
}
|
|
|
|
expirationTime, err := strconv.ParseInt(data, 10, 64)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return time.Now().Unix() <= expirationTime
|
|
}
|