mirror of
https://github.com/penpot/penpot.git
synced 2025-06-25 22:46:59 +02:00
✨ Replace buddy-hashers with sodi.pwhash.
This commit is contained in:
Andrey Antukh
parent
19529408f4
commit
6a99345475
9 changed files with 32 additions and 61 deletions
7
.gitignore
vendored
7
.gitignore
vendored
|
|
@ -8,15 +8,14 @@ pom.xml
|
||||||
.lein-plugins/
|
.lein-plugins/
|
||||||
.repl
|
.repl
|
||||||
.nrepl-port
|
.nrepl-port
|
||||||
|
.cpcache
|
||||||
|
.rebel_readline_history
|
||||||
|
/vendor/**/target
|
||||||
node_modules
|
node_modules
|
||||||
/backend/.cpcache
|
|
||||||
/backend/target/
|
/backend/target/
|
||||||
/backend/resources/public/media
|
/backend/resources/public/media
|
||||||
/backend/dist/
|
/backend/dist/
|
||||||
/backend/-
|
/backend/-
|
||||||
/backend/.rebel_readline_history
|
|
||||||
/frontend/.rebel_readline_history
|
|
||||||
/frontend/.cpcache
|
|
||||||
/frontend/npm-debug.log
|
/frontend/npm-debug.log
|
||||||
/frontend/target/
|
/frontend/target/
|
||||||
/frontend/dist/
|
/frontend/dist/
|
||||||
|
|
|
||||||
|
|
@ -34,15 +34,15 @@
|
||||||
hiccup/hiccup {:mvn/version "1.0.5"}
|
hiccup/hiccup {:mvn/version "1.0.5"}
|
||||||
org.im4java/im4java {:mvn/version "1.4.0"}
|
org.im4java/im4java {:mvn/version "1.4.0"}
|
||||||
|
|
||||||
buddy/buddy-sign {:mvn/version "3.1.0"}
|
|
||||||
buddy/buddy-hashers {:mvn/version "1.4.0"}
|
|
||||||
|
|
||||||
org.xerial.snappy/snappy-java {:mvn/version "1.1.7.3"}
|
org.xerial.snappy/snappy-java {:mvn/version "1.1.7.3"}
|
||||||
com.github.spullara.mustache.java/compiler {:mvn/version "0.9.6"}
|
com.github.spullara.mustache.java/compiler {:mvn/version "0.9.6"}
|
||||||
commons-io/commons-io {:mvn/version "2.6"}
|
commons-io/commons-io {:mvn/version "2.6"}
|
||||||
com.draines/postal {:mvn/version "2.0.3"
|
com.draines/postal {:mvn/version "2.0.3"
|
||||||
:exclusions [commons-codec/commons-codec]}
|
:exclusions [commons-codec/commons-codec]}
|
||||||
|
|
||||||
|
funcool/sodi {:local/root "vendor/sodi"
|
||||||
|
:deps/manifest :pom}
|
||||||
|
|
||||||
;; exception printing
|
;; exception printing
|
||||||
io.aviso/pretty {:mvn/version "0.1.37"}
|
io.aviso/pretty {:mvn/version "0.1.37"}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,16 +2,16 @@
|
||||||
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
;;
|
;;
|
||||||
;; Copyright (c) 2017 Andrey Antukh <niwi@niwi.nz>
|
;; This Source Code Form is "Incompatible With Secondary Licenses", as
|
||||||
|
;; defined by the Mozilla Public License, v. 2.0.
|
||||||
|
;;
|
||||||
|
;; Copyright (c) 2017-2020 Andrey Antukh <niwi@niwi.nz>
|
||||||
|
|
||||||
(ns uxbox.config
|
(ns uxbox.config
|
||||||
"A configuration management."
|
"A configuration management."
|
||||||
(:require
|
(:require
|
||||||
[clojure.java.io :as io]
|
|
||||||
[clojure.tools.logging :as log]
|
[clojure.tools.logging :as log]
|
||||||
[clojure.edn :as edn]
|
|
||||||
[cuerdas.core :as str]
|
[cuerdas.core :as str]
|
||||||
[buddy.core.hash :as hash]
|
|
||||||
[environ.core :refer [env]]
|
[environ.core :refer [env]]
|
||||||
[mount.core :refer [defstate]]
|
[mount.core :refer [defstate]]
|
||||||
[uxbox.common.exceptions :as ex]))
|
[uxbox.common.exceptions :as ex]))
|
||||||
|
|
@ -74,14 +74,14 @@
|
||||||
|
|
||||||
;; --- Secret Loading & Parsing
|
;; --- Secret Loading & Parsing
|
||||||
|
|
||||||
(defn- initialize-secret
|
;; (defn- initialize-secret
|
||||||
[config]
|
;; [config]
|
||||||
(let [secret (:secret config)]
|
;; (let [secret (:secret config)]
|
||||||
(when-not secret
|
;; (when-not secret
|
||||||
(ex/raise :code ::missing-secret-key
|
;; (ex/raise :code ::missing-secret-key
|
||||||
:message "Missing `:secret` key in config."))
|
;; :message "Missing `:secret` key in config."))
|
||||||
(hash/blake2b-256 secret)))
|
;; (hash/blake2b-256 secret)))
|
||||||
|
;;
|
||||||
(defstate secret
|
;; (defstate secret
|
||||||
:start (initialize-secret config))
|
;; :start (initialize-secret config))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
"A initial fixtures."
|
"A initial fixtures."
|
||||||
(:require
|
(:require
|
||||||
[clojure.tools.logging :as log]
|
[clojure.tools.logging :as log]
|
||||||
[buddy.hashers :as hashers]
|
[sodi.pwhash :as pwhash]
|
||||||
[mount.core :as mount]
|
[mount.core :as mount]
|
||||||
[promesa.core :as p]
|
[promesa.core :as p]
|
||||||
[uxbox.config :as cfg]
|
[uxbox.config :as cfg]
|
||||||
|
|
@ -30,7 +30,7 @@
|
||||||
values ($1, $2, $3, $4, $5, $6)
|
values ($1, $2, $3, $4, $5, $6)
|
||||||
returning *;")
|
returning *;")
|
||||||
|
|
||||||
(def password (hashers/encrypt "123123"))
|
(def password (pwhash/derive "123123"))
|
||||||
|
|
||||||
(defn create-user
|
(defn create-user
|
||||||
[conn user-index]
|
[conn user-index]
|
||||||
|
|
@ -185,7 +185,6 @@
|
||||||
[& args]
|
[& args]
|
||||||
(try
|
(try
|
||||||
(-> (mount/only #{#'uxbox.config/config
|
(-> (mount/only #{#'uxbox.config/config
|
||||||
#'uxbox.config/secret
|
|
||||||
#'uxbox.core/system
|
#'uxbox.core/system
|
||||||
#'uxbox.db/pool
|
#'uxbox.db/pool
|
||||||
#'uxbox.migrations/migrations})
|
#'uxbox.migrations/migrations})
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,7 @@
|
||||||
|
|
||||||
routes [["/sub/:file-id" {:interceptors [(vxi/cookies)
|
routes [["/sub/:file-id" {:interceptors [(vxi/cookies)
|
||||||
(vxi/cors cors-opts)
|
(vxi/cors cors-opts)
|
||||||
|
interceptors/format-response-body
|
||||||
(session/auth)]
|
(session/auth)]
|
||||||
:get ws/handler}]
|
:get ws/handler}]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@
|
||||||
(ns uxbox.services.mutations.auth
|
(ns uxbox.services.mutations.auth
|
||||||
(:require
|
(:require
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
[buddy.hashers :as hashers]
|
[sodi.pwhash :as pwhash]
|
||||||
[promesa.core :as p]
|
[promesa.core :as p]
|
||||||
[uxbox.config :as cfg]
|
[uxbox.config :as cfg]
|
||||||
[uxbox.common.exceptions :as ex]
|
[uxbox.common.exceptions :as ex]
|
||||||
|
|
@ -32,7 +32,8 @@
|
||||||
(sm/defmutation ::login
|
(sm/defmutation ::login
|
||||||
[{:keys [username password scope] :as params}]
|
[{:keys [username password scope] :as params}]
|
||||||
(letfn [(check-password [user password]
|
(letfn [(check-password [user password]
|
||||||
(hashers/check password (:password user)))
|
(let [result (pwhash/verify password (:password user))]
|
||||||
|
(:valid result)))
|
||||||
|
|
||||||
(check-user [user]
|
(check-user [user]
|
||||||
(when-not user
|
(when-not user
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
(ns uxbox.services.mutations.users
|
(ns uxbox.services.mutations.users
|
||||||
(:require
|
(:require
|
||||||
[buddy.hashers :as hashers]
|
[sodi.pwhash :as pwhash]
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
[datoteka.core :as fs]
|
[datoteka.core :as fs]
|
||||||
[datoteka.storages :as ds]
|
[datoteka.storages :as ds]
|
||||||
|
|
@ -26,7 +26,6 @@
|
||||||
strip-private-attrs
|
strip-private-attrs
|
||||||
resolve-thumbnail]]
|
resolve-thumbnail]]
|
||||||
[uxbox.util.blob :as blob]
|
[uxbox.util.blob :as blob]
|
||||||
[uxbox.util.token :as token]
|
|
||||||
[uxbox.util.uuid :as uuid]
|
[uxbox.util.uuid :as uuid]
|
||||||
[vertx.core :as vc]))
|
[vertx.core :as vc]))
|
||||||
|
|
||||||
|
|
@ -94,11 +93,12 @@
|
||||||
|
|
||||||
(defn- validate-password
|
(defn- validate-password
|
||||||
[conn {:keys [user old-password] :as params}]
|
[conn {:keys [user old-password] :as params}]
|
||||||
(p/let [profile (get-profile conn user)]
|
(p/let [profile (get-profile conn user)
|
||||||
(when-not (hashers/check old-password (:password profile))
|
result (pwhash/verify old-password (:password profile))]
|
||||||
|
(when-not (:valid result)
|
||||||
(ex/raise :type :validation
|
(ex/raise :type :validation
|
||||||
:code ::old-password-not-match))
|
:code ::old-password-not-match))
|
||||||
params))
|
params))
|
||||||
|
|
||||||
(defn update-password
|
(defn update-password
|
||||||
[conn {:keys [user password]}]
|
[conn {:keys [user password]}]
|
||||||
|
|
@ -194,7 +194,7 @@
|
||||||
[conn {:keys [id username fullname email password metadata] :as params}]
|
[conn {:keys [id username fullname email password metadata] :as params}]
|
||||||
(let [id (or id (uuid/next))
|
(let [id (or id (uuid/next))
|
||||||
metadata (blob/encode metadata)
|
metadata (blob/encode metadata)
|
||||||
password (hashers/encrypt password)
|
password (pwhash/derive password)
|
||||||
sqlv [create-user-sql
|
sqlv [create-user-sql
|
||||||
id
|
id
|
||||||
fullname
|
fullname
|
||||||
|
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
||||||
;; This Source Code Form is subject to the terms of the Mozilla Public
|
|
||||||
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
||||||
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
||||||
;;
|
|
||||||
;; Copyright (c) 2016 Andrey Antukh <niwi@niwi.nz>
|
|
||||||
|
|
||||||
(ns uxbox.util.token
|
|
||||||
"Facilities for generate random tokens."
|
|
||||||
(:require [buddy.core.nonce :as nonce]
|
|
||||||
[buddy.core.hash :as hash]
|
|
||||||
[buddy.core.codecs :as codecs]
|
|
||||||
[buddy.core.codecs.base64 :as b64]))
|
|
||||||
|
|
||||||
(defn random
|
|
||||||
"Returns a 32 bytes randomly generated token
|
|
||||||
with 1024 random seed. The output is encoded
|
|
||||||
using urlsafe variant of base64."
|
|
||||||
[]
|
|
||||||
(-> (nonce/random-bytes 1024)
|
|
||||||
(hash/blake2b-256)
|
|
||||||
(b64/encode true)
|
|
||||||
(codecs/bytes->str)))
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -129,10 +129,6 @@
|
||||||
(assign-status-and-headers! res data)
|
(assign-status-and-headers! res data)
|
||||||
(-handle-body body res)))
|
(-handle-body body res)))
|
||||||
|
|
||||||
;; ServerWebSocket
|
|
||||||
;; (-handle-response [sws ctx]
|
|
||||||
;; (.accept ^ServerWebSocket sws))
|
|
||||||
|
|
||||||
nil
|
nil
|
||||||
(-handle-response [sws ctx]))
|
(-handle-response [sws ctx]))
|
||||||
|
|
||||||
|
|
@ -140,7 +136,6 @@
|
||||||
(Class/forName "[B")
|
(Class/forName "[B")
|
||||||
(-handle-body [data res]
|
(-handle-body [data res]
|
||||||
(.end ^HttpServerResponse res (Buffer/buffer data)))
|
(.end ^HttpServerResponse res (Buffer/buffer data)))
|
||||||
|
|
||||||
Buffer
|
Buffer
|
||||||
(-handle-body [data res]
|
(-handle-body [data res]
|
||||||
(.end ^HttpServerResponse res ^Buffer data))
|
(.end ^HttpServerResponse res ^Buffer data))
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue