grafana/pkg/util/encoding.go

package util

import (
	"crypto/hmac"
	"crypto/md5"
	"crypto/rand"
	"crypto/sha256"
	"encoding/base64"
	"encoding/hex"
	"errors"
	"hash"
	"strings"
)

// source: https://github.com/gogits/gogs/blob/9ee80e3e5426821f03a4e99fad34418f5c736413/modules/base/tool.go#L58
func GetRandomString(n int, alphabets ...byte) string {
	const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
	var bytes = make([]byte, n)
	rand.Read(bytes)
	for i, b := range bytes {
		if len(alphabets) == 0 {
			bytes[i] = alphanum[b%byte(len(alphanum))]
		} else {
			bytes[i] = alphabets[b%byte(len(alphabets))]
		}
	}
	return string(bytes)
}

func EncodePassword(password string, salt string) string {
	newPasswd := PBKDF2([]byte(password), []byte(salt), 10000, 50, sha256.New)
	return hex.EncodeToString(newPasswd)
}

// Encode string to md5 hex value.
func EncodeMd5(str string) string {
	m := md5.New()
	m.Write([]byte(str))
	return hex.EncodeToString(m.Sum(nil))
}

// http://code.google.com/p/go/source/browse/pbkdf2/pbkdf2.go?repo=crypto
func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
	prf := hmac.New(h, password)
	hashLen := prf.Size()
	numBlocks := (keyLen + hashLen - 1) / hashLen

	var buf [4]byte
	dk := make([]byte, 0, numBlocks*hashLen)
	U := make([]byte, hashLen)
	for block := 1; block <= numBlocks; block++ {
		// N.B.: || means concatenation, ^ means XOR
		// for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter
		// U_1 = PRF(password, salt || uint(i))
		prf.Reset()
		prf.Write(salt)
		buf[0] = byte(block >> 24)
		buf[1] = byte(block >> 16)
		buf[2] = byte(block >> 8)
		buf[3] = byte(block)
		prf.Write(buf[:4])
		dk = prf.Sum(dk)
		T := dk[len(dk)-hashLen:]
		copy(U, T)

		// U_n = PRF(password, U_(n-1))
		for n := 2; n <= iter; n++ {
			prf.Reset()
			prf.Write(U)
			U = U[:0]
			U = prf.Sum(U)
			for x := range U {
				T[x] ^= U[x]
			}
		}
	}
	return dk[:keyLen]
}

func GetBasicAuthHeader(user string, password string) string {
	var userAndPass = user + ":" + password
	return "Basic " + base64.StdEncoding.EncodeToString([]byte(userAndPass))
}

func DecodeBasicAuthHeader(header string) (string, string, error) {
	var code string
	parts := strings.SplitN(header, " ", 2)
	if len(parts) == 2 && parts[0] == "Basic" {
		code = parts[1]
	}

	decoded, err := base64.StdEncoding.DecodeString(code)
	if err != nil {
		return "", "", err
	}

	userAndPass := strings.SplitN(string(decoded), ":", 2)
	if len(userAndPass) != 2 {
		return "", "", errors.New("Invalid basic auth header")
	}

	return userAndPass[0], userAndPass[1], nil
}
Fixed hashing of passwords, Closes #3 2015-01-08 16:00:00 +08:00			`package util`

			`import (`
			`"crypto/hmac"`
Worked on login remember cookie, and redirect after login 2015-01-27 19:05:23 +08:00			`"crypto/md5"`
Fixed hashing of passwords, Closes #3 2015-01-08 16:00:00 +08:00			`"crypto/rand"`
			`"crypto/sha256"`
Added basic auth to data source edit/create, add support for basic auth in data source proxy code, Closes #1510 2015-03-02 16:58:35 +08:00			`"encoding/base64"`
Worked on login remember cookie, and redirect after login 2015-01-27 19:05:23 +08:00			`"encoding/hex"`
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 15:37:52 +08:00			`"errors"`
Fixed hashing of passwords, Closes #3 2015-01-08 16:00:00 +08:00			`"hash"`
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 15:37:52 +08:00			`"strings"`
Fixed hashing of passwords, Closes #3 2015-01-08 16:00:00 +08:00			`)`

			`// source: https://github.com/gogits/gogs/blob/9ee80e3e5426821f03a4e99fad34418f5c736413/modules/base/tool.go#L58`
			`func GetRandomString(n int, alphabets ...byte) string {`
			`const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"`
			`var bytes = make([]byte, n)`
			`rand.Read(bytes)`
			`for i, b := range bytes {`
			`if len(alphabets) == 0 {`
			`bytes[i] = alphanum[b%byte(len(alphanum))]`
			`} else {`
			`bytes[i] = alphabets[b%byte(len(alphabets))]`
			`}`
			`}`
			`return string(bytes)`
			`}`

			`func EncodePassword(password string, salt string) string {`
			`newPasswd := PBKDF2([]byte(password), []byte(salt), 10000, 50, sha256.New)`
Use hex.EncodeToString to encode to hex Using the EncodeToString function from the encoding/hex package is much faster than calling the fmt.Sprintf with %x Benchmark results below with the following code func BenchmarkHexPrint(b *testing.B) { data := []byte("hellothere") for n := 0; n < b.N; n++ { // _ = fmt.Sprintf("%x", data) _ = hex.EncodeToString(data) } } name old time/op new time/op delta HexPrint-4 188ns ± 1% 99ns ± 1% -47.40% (p=0.008 n=5+5) name old alloc/op new alloc/op delta HexPrint-4 64.0B ± 0% 64.0B ± 0% ~ (all equal) name old allocs/op new allocs/op delta HexPrint-4 2.00 ± 0% 2.00 ± 0% ~ (all equal) 2017-11-09 01:10:11 +08:00			`return hex.EncodeToString(newPasswd)`
Fixed hashing of passwords, Closes #3 2015-01-08 16:00:00 +08:00			`}`

Worked on login remember cookie, and redirect after login 2015-01-27 19:05:23 +08:00			`// Encode string to md5 hex value.`
			`func EncodeMd5(str string) string {`
			`m := md5.New()`
			`m.Write([]byte(str))`
			`return hex.EncodeToString(m.Sum(nil))`
			`}`

Fixed hashing of passwords, Closes #3 2015-01-08 16:00:00 +08:00			`// http://code.google.com/p/go/source/browse/pbkdf2/pbkdf2.go?repo=crypto`
			`func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {`
			`prf := hmac.New(h, password)`
			`hashLen := prf.Size()`
			`numBlocks := (keyLen + hashLen - 1) / hashLen`

			`var buf [4]byte`
			`dk := make([]byte, 0, numBlocks*hashLen)`
			`U := make([]byte, hashLen)`
			`for block := 1; block <= numBlocks; block++ {`
			`// N.B.: \|\| means concatenation, ^ means XOR`
			`// for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter`
			`// U_1 = PRF(password, salt \|\| uint(i))`
			`prf.Reset()`
			`prf.Write(salt)`
			`buf[0] = byte(block >> 24)`
			`buf[1] = byte(block >> 16)`
			`buf[2] = byte(block >> 8)`
			`buf[3] = byte(block)`
			`prf.Write(buf[:4])`
			`dk = prf.Sum(dk)`
			`T := dk[len(dk)-hashLen:]`
			`copy(U, T)`

			`// U_n = PRF(password, U_(n-1))`
			`for n := 2; n <= iter; n++ {`
			`prf.Reset()`
			`prf.Write(U)`
			`U = U[:0]`
			`U = prf.Sum(U)`
			`for x := range U {`
			`T[x] ^= U[x]`
			`}`
			`}`
			`}`
			`return dk[:keyLen]`
			`}`
Added basic auth to data source edit/create, add support for basic auth in data source proxy code, Closes #1510 2015-03-02 16:58:35 +08:00
			`func GetBasicAuthHeader(user string, password string) string {`
			`var userAndPass = user + ":" + password`
			`return "Basic " + base64.StdEncoding.EncodeToString([]byte(userAndPass))`
			`}`
Auth: You can now authenicate against api with username / password using basic auth, Closes #2218 2015-06-30 15:37:52 +08:00
			`func DecodeBasicAuthHeader(header string) (string, string, error) {`
			`var code string`
			`parts := strings.SplitN(header, " ", 2)`
			`if len(parts) == 2 && parts[0] == "Basic" {`
			`code = parts[1]`
			`}`

			`decoded, err := base64.StdEncoding.DecodeString(code)`
			`if err != nil {`
			`return "", "", err`
			`}`

			`userAndPass := strings.SplitN(string(decoded), ":", 2)`
			`if len(userAndPass) != 2 {`
			`return "", "", errors.New("Invalid basic auth header")`
			`}`

			`return userAndPass[0], userAndPass[1], nil`
			`}`