storj/private/multinodeauth/auth.go

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.

package multinodeauth

import (
	"bytes"
	"crypto/rand"
	"encoding/base64"
	"encoding/json"

	"github.com/zeebo/errs"
)

// Secret crypto random 32 bytes array for multinode auth.
type Secret [32]byte

// NewSecret creates new multinode auth secret.
func NewSecret() (Secret, error) {
	var b [32]byte

	_, err := rand.Read(b[:])
	if err != nil {
		return b, errs.New("error creating multinode auth secret")
	}

	return b, nil
}

// String implements Stringer.
func (secret Secret) String() string {
	return base64.URLEncoding.EncodeToString(secret[:])
}

// IsZero returns if secret is not set.
func (secret Secret) IsZero() bool {
	var zero Secret
	// this doesn't need to be constant-time, because we're explicitly testing
	// against a hardcoded, well-known value
	return bytes.Equal(secret[:], zero[:])
}

// MarshalJSON implements json.Marshaler Interface.
func (secret Secret) MarshalJSON() ([]byte, error) {
	return json.Marshal(secret.String())
}

// UnmarshalJSON implements json.Unmarshaler Interface.
func (secret *Secret) UnmarshalJSON(data []byte) error {
	var err error
	var s string
	if err := json.Unmarshal(data, &s); err != nil {
		return err
	}
	*secret, err = SecretFromBase64(s)
	return err
}

// SecretFromBase64 creates new secret from base64 string.
func SecretFromBase64(s string) (Secret, error) {
	b, err := base64.URLEncoding.DecodeString(s)
	if err != nil {
		return Secret{}, err
	}

	return SecretFromBytes(b)
}

// SecretFromBytes creates secret from bytes slice.
func SecretFromBytes(b []byte) (Secret, error) {
	if len(b) != 32 {
		return Secret{}, errs.New("invalid secret")
	}

	var secret Secret
	copy(secret[:], b)
	return secret, nil
}
multinode/console: list node infos Change-Id: I5cac49feff2bac6fbd7ac61dfccffd672da8e8c0 2020-12-26 01:16:43 +00:00			`// Copyright (C) 2020 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package multinodeauth`

			`import (`
			`"bytes"`
			`"crypto/rand"`
			`"encoding/base64"`
{storagenode,multinode/nodes}: use multinodeauth.Secret instead of []byte for APISecret When enconding structs into JSON, byte slices are marshalled as base64 encoded string using the base64.StdEncoding.Encode(): https://github.com/golang/go/blob/ea9c3fd42d94182ce6f87104b68a51ea92f1a571/src/encoding/json/encode.go#L833-L861 We, however, expect API Secrets to be encoded as base64URL, so when an marshalled secret (with byte slice type) is added to the multinode dashboard, it fails with `illegal base64 data at input byte XX`. This change changes the type of APISecret field in the multinode/nodes.Nodes struct to use multinodeauth.Secret type instead of []byte. multinodeauth.Secret is extended with custom MarshalJSON and UnmarshalJSON methods which implement the json.Marshaler and json.Unmarshaler interfaces, respectively. Resolves https://github.com/storj/storj/issues/4949 Change-Id: Ib14b5f49ceaac109620c25d7ff83be865c698343 2022-08-12 20:50:30 +01:00			`"encoding/json"`
multinode/console: list node infos Change-Id: I5cac49feff2bac6fbd7ac61dfccffd672da8e8c0 2020-12-26 01:16:43 +00:00
			`"github.com/zeebo/errs"`
			`)`

			`// Secret crypto random 32 bytes array for multinode auth.`
			`type Secret [32]byte`

			`// NewSecret creates new multinode auth secret.`
			`func NewSecret() (Secret, error) {`
			`var b [32]byte`

			`_, err := rand.Read(b[:])`
			`if err != nil {`
			`return b, errs.New("error creating multinode auth secret")`
			`}`

			`return b, nil`
			`}`

			`// String implements Stringer.`
			`func (secret Secret) String() string {`
			`return base64.URLEncoding.EncodeToString(secret[:])`
			`}`

			`// IsZero returns if secret is not set.`
			`func (secret Secret) IsZero() bool {`
			`var zero Secret`
			`// this doesn't need to be constant-time, because we're explicitly testing`
			`// against a hardcoded, well-known value`
			`return bytes.Equal(secret[:], zero[:])`
			`}`

{storagenode,multinode/nodes}: use multinodeauth.Secret instead of []byte for APISecret When enconding structs into JSON, byte slices are marshalled as base64 encoded string using the base64.StdEncoding.Encode(): https://github.com/golang/go/blob/ea9c3fd42d94182ce6f87104b68a51ea92f1a571/src/encoding/json/encode.go#L833-L861 We, however, expect API Secrets to be encoded as base64URL, so when an marshalled secret (with byte slice type) is added to the multinode dashboard, it fails with `illegal base64 data at input byte XX`. This change changes the type of APISecret field in the multinode/nodes.Nodes struct to use multinodeauth.Secret type instead of []byte. multinodeauth.Secret is extended with custom MarshalJSON and UnmarshalJSON methods which implement the json.Marshaler and json.Unmarshaler interfaces, respectively. Resolves https://github.com/storj/storj/issues/4949 Change-Id: Ib14b5f49ceaac109620c25d7ff83be865c698343 2022-08-12 20:50:30 +01:00			`// MarshalJSON implements json.Marshaler Interface.`
			`func (secret Secret) MarshalJSON() ([]byte, error) {`
			`return json.Marshal(secret.String())`
			`}`

			`// UnmarshalJSON implements json.Unmarshaler Interface.`
			`func (secret *Secret) UnmarshalJSON(data []byte) error {`
			`var err error`
			`var s string`
			`if err := json.Unmarshal(data, &s); err != nil {`
			`return err`
			`}`
			`*secret, err = SecretFromBase64(s)`
			`return err`
			`}`

multinode/console: list node infos Change-Id: I5cac49feff2bac6fbd7ac61dfccffd672da8e8c0 2020-12-26 01:16:43 +00:00			`// SecretFromBase64 creates new secret from base64 string.`
			`func SecretFromBase64(s string) (Secret, error) {`
			`b, err := base64.URLEncoding.DecodeString(s)`
			`if err != nil {`
			`return Secret{}, err`
			`}`

			`return SecretFromBytes(b)`
			`}`

			`// SecretFromBytes creates secret from bytes slice.`
			`func SecretFromBytes(b []byte) (Secret, error) {`
			`if len(b) != 32 {`
			`return Secret{}, errs.New("invalid secret")`
			`}`

			`var secret Secret`
			`copy(secret[:], b)`
			`return secret, nil`
			`}`