diff --git a/.gitignore b/.gitignore index eb41397..beb137b 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,6 @@ __pycache__/ .env !.env.example +load.txt + .DS_Store diff --git a/generate.py b/generate.py index 051cb69..185be4d 100644 --- a/generate.py +++ b/generate.py @@ -1,21 +1,31 @@ import psycopg2, os +import random, string from getpass import getpass +from util.auth_lib import hash from util.config import conn_param +from service.auth_service import AuthData, AuthService + +def gen_salt(length = 20): + letters = string.ascii_lowercase + string.digits + string.punctuation + return ''.join(random.choice(letters) for i in range(length)) def __main__(): conn = psycopg2.connect(conn_param) cur = conn.cursor() try: - open("./load.txt", "r") + f = open("./load.txt", "r") + if f.read().split("=")[1] == "false": + raise ValueError("value not true") + print("server already initialized") except: cur.execute( """ - create table account( + create table if not exists account( name varchar(25), - username varchar(25), - password varchar(50) not null, + username varchar(25) not null, + password varchar(100) not null, salt varchar(50), primary key(username) ); @@ -24,7 +34,7 @@ def __main__(): cur.execute( """ - create table balset( + create table if not exists balset( id serial primary key, uid varchar(25) not null, name varchar(50), @@ -42,13 +52,29 @@ def __main__(): conn.commit() + cur.close() + conn.close() + name = input("input your display name: ") username = input("input your username: ") password = getpass("input your password: ") passchk = getpass("type password one more time: ") + salt = gen_salt() + + if password != passchk: + return + + hashed_password = hash(password, salt) + packed = AuthData( + name=name, + username=username, + password=hashed_password, + salt=salt + ) + + service = AuthService() + service.create(data=packed) - cur.close() - conn.close() f = open("load.txt", "w") f.write("init=true") diff --git a/load.txt b/load.txt deleted file mode 100644 index c254184..0000000 --- a/load.txt +++ /dev/null @@ -1 +0,0 @@ -init=true \ No newline at end of file diff --git a/service/auth_service.py b/service/auth_service.py index dbe37ff..e31a09b 100644 --- a/service/auth_service.py +++ b/service/auth_service.py @@ -8,11 +8,11 @@ class AuthData: username: str password: str salt: str - -class Register: - name: str - username: str - password: str + def __init__(self, name: str, username: str, password: str, salt: str): + self.name = name + self.username = username + self.password = password + self.salt = salt class Credential(BaseModel): username: str @@ -22,9 +22,28 @@ class AuthService: def __init__(self): self._conn = psycopg2.connect(conn_param) + def create(self, data: AuthData): + cur = self._conn.cursor() + + try: + if data.username == "" or data.password == "": + raise ValueError("username or password must not be null") + + cur.execute( + "insert into account (name, username, password, salt) values (%s, %s, %s, %s)", + (data.name, data.username, data.password, data.salt) + ) + + self._conn.commit() + except: + self._conn.rollback() + raise RuntimeError("create account failed") + finally: + cur.close() + self._conn.close() + def read(self, username: str): cur = self._conn.cursor() - cur.execute("select * from account where username = %s;", (username)) data = cur.fetchone() if data == None: diff --git a/util/auth_lib.py b/util/auth_lib.py index 5f24356..1d7078d 100644 --- a/util/auth_lib.py +++ b/util/auth_lib.py @@ -2,7 +2,11 @@ import base64 from hashlib import sha256 def hash(password: str, salt: str): - return sha256("{}:{}".format(password, salt)) + m = sha256() + m.update("{}:{}".format(password, salt).encode()) + + return m.hexdigest() + def gen_token(username: str, hashed_password: str): raw = ("{}:{}".format(username, hashed_password)).encode("utf-8")