From 6a96a44d8e8a9407ba94715facd9878a2392a98d Mon Sep 17 00:00:00 2001 From: Achmad Irianto Eka Putra Date: Fri, 13 Dec 2024 19:41:23 +0700 Subject: [PATCH 1/2] fix(deps): refactor StaticCredentialStore initialization Refactored StaticCredentialStore to use a struct with a map instead of a plain map, adding methods for better encapsulation. Updated credentials handling for proper initialization and improved password storage using bcrypt hashing. --- nanoproxy.go | 19 +++++++++++-------- pkg/credential/credentials.go | 21 +++++++++++++++++++-- 2 files changed, 30 insertions(+), 10 deletions(-) diff --git a/nanoproxy.go b/nanoproxy.go index 5eca6ee..f46ffb7 100644 --- a/nanoproxy.go +++ b/nanoproxy.go @@ -31,14 +31,17 @@ func main() { time.Local = loc } - credentials := credential.StaticCredentialStore{} - for _, cred := range cfg.Credentials { - credArr := strings.Split(cred, ":") - if len(credArr) != 2 { - logger.Fatal().Msgf("Invalid credential: %s", cred) + var credentials credential.Store + if len(cfg.Credentials) > 0 { + credentials := credential.NewStaticCredentialStore() + for _, cred := range cfg.Credentials { + credArr := strings.Split(cred, ":") + if len(credArr) != 2 { + logger.Fatal().Msgf("Invalid credential: %s", cred) + } + + credentials.Add(credArr[0], credArr[1]) } - - credentials[credArr[0]] = credArr[1] } dnsResolver := &resolver.DNSResolver{} @@ -77,7 +80,7 @@ func main() { }() } - if len(credentials) > 0 { + if len(cfg.Credentials) > 0 { authenticator := &socks5.UserPassAuthenticator{ Credentials: credentials, } diff --git a/pkg/credential/credentials.go b/pkg/credential/credentials.go index e6bccea..68cbb3d 100644 --- a/pkg/credential/credentials.go +++ b/pkg/credential/credentials.go @@ -8,10 +8,27 @@ type Store interface { Valid(user, password string) bool } -type StaticCredentialStore map[string]string +type StaticCredentialStore struct { + store map[string]string +} + +func NewStaticCredentialStore() *StaticCredentialStore { + return &StaticCredentialStore{ + store: make(map[string]string), + } +} + +func (s StaticCredentialStore) Add(user, password string) { + hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + return + } + + s.store[user] = string(hash) +} func (s StaticCredentialStore) Valid(user, password string) bool { - pass, ok := s[user] + pass, ok := s.store[user] if !ok { return false } From 34027598ebf9eba438042d94ecbc12d6cdeaa883 Mon Sep 17 00:00:00 2001 From: Achmad Irianto Eka Putra Date: Fri, 13 Dec 2024 20:03:06 +0700 Subject: [PATCH 2/2] fix(deps): refactor credential store handling Refactored the `StaticCredentialStore` to support the `Add` method for dynamic credential addition. Updated dependent tests and modules to align with the new implementation. Removed bcrypt hashing in `Add` for simpler password management, relying on plaintext for now. --- nanoproxy.go | 2 +- pkg/credential/credentials.go | 8 ++------ pkg/credential/credentials_test.go | 4 +++- pkg/httpproxy/httpproxy_test.go | 4 ++++ pkg/socks5/auth_test.go | 4 ++++ pkg/socks5/socks5_test.go | 16 +++++++--------- 6 files changed, 21 insertions(+), 17 deletions(-) diff --git a/nanoproxy.go b/nanoproxy.go index f46ffb7..8af27f9 100644 --- a/nanoproxy.go +++ b/nanoproxy.go @@ -33,7 +33,7 @@ func main() { var credentials credential.Store if len(cfg.Credentials) > 0 { - credentials := credential.NewStaticCredentialStore() + credentials = credential.NewStaticCredentialStore() for _, cred := range cfg.Credentials { credArr := strings.Split(cred, ":") if len(credArr) != 2 { diff --git a/pkg/credential/credentials.go b/pkg/credential/credentials.go index 68cbb3d..45ef412 100644 --- a/pkg/credential/credentials.go +++ b/pkg/credential/credentials.go @@ -5,6 +5,7 @@ import ( ) type Store interface { + Add(user, password string) Valid(user, password string) bool } @@ -19,12 +20,7 @@ func NewStaticCredentialStore() *StaticCredentialStore { } func (s StaticCredentialStore) Add(user, password string) { - hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) - if err != nil { - return - } - - s.store[user] = string(hash) + s.store[user] = password } func (s StaticCredentialStore) Valid(user, password string) bool { diff --git a/pkg/credential/credentials_test.go b/pkg/credential/credentials_test.go index b65deea..5863f4c 100644 --- a/pkg/credential/credentials_test.go +++ b/pkg/credential/credentials_test.go @@ -7,7 +7,9 @@ import ( func Test_CredentialStore_Valid(t *testing.T) { s := StaticCredentialStore{ - "foo": "$2y$05$Xr4Vj6wbsCuf70.Fif2guuX8Ez97GB0VysyCTRL2EMkIikCpY/ugi", + store: map[string]string{ + "foo": "$2y$05$Xr4Vj6wbsCuf70.Fif2guuX8Ez97GB0VysyCTRL2EMkIikCpY/ugi", + }, } assert.True(t, s.Valid("foo", "bar")) assert.False(t, s.Valid("foo", "baz")) diff --git a/pkg/httpproxy/httpproxy_test.go b/pkg/httpproxy/httpproxy_test.go index 8574b3e..0ba645b 100644 --- a/pkg/httpproxy/httpproxy_test.go +++ b/pkg/httpproxy/httpproxy_test.go @@ -18,6 +18,10 @@ import ( type MockCredentialStore struct{} +func (m *MockCredentialStore) Add(username, password string) { + +} + func (m *MockCredentialStore) Valid(username, password string) bool { return username == "user" && password == "password" } diff --git a/pkg/socks5/auth_test.go b/pkg/socks5/auth_test.go index 29a48a5..d0e634d 100644 --- a/pkg/socks5/auth_test.go +++ b/pkg/socks5/auth_test.go @@ -10,6 +10,10 @@ type mockCredentialStore struct { valid bool } +func (m *mockCredentialStore) Add(user, password string) { + +} + func (m *mockCredentialStore) Valid(user, password string) bool { return m.valid } diff --git a/pkg/socks5/socks5_test.go b/pkg/socks5/socks5_test.go index fc167bc..55bbd50 100644 --- a/pkg/socks5/socks5_test.go +++ b/pkg/socks5/socks5_test.go @@ -48,9 +48,9 @@ func TestListenAndServe(t *testing.T) { }() lAddr := l.Addr().(*net.TCPAddr) - credentials := credential.StaticCredentialStore{ - "foo": "$2y$05$Xr4Vj6wbsCuf70.Fif2guuX8Ez97GB0VysyCTRL2EMkIikCpY/ugi", // foo:bar - } + credentials := credential.NewStaticCredentialStore() + credentials.Add("foo", "$2y$05$Xr4Vj6wbsCuf70.Fif2guuX8Ez97GB0VysyCTRL2EMkIikCpY/ugi") + auth := &UserPassAuthenticator{Credentials: credentials} conf := &Config{ Authentication: []Authenticator{auth}, @@ -112,9 +112,8 @@ func TestListenAndServe_InvalidCredentials(t *testing.T) { lAddr := l.Addr().(*net.TCPAddr) - credentials := credential.StaticCredentialStore{ - "foo": "bar", - } + credentials := credential.NewStaticCredentialStore() + credentials.Add("foo", "bar") auth := &UserPassAuthenticator{Credentials: credentials} conf := &Config{ Authentication: []Authenticator{auth}, @@ -164,9 +163,8 @@ func TestListenAndServe_InvalidAuthType(t *testing.T) { assert.NoError(t, err) lAddr := l.Addr().(*net.TCPAddr) - credentials := credential.StaticCredentialStore{ - "foo": "bar", - } + credentials := credential.NewStaticCredentialStore() + credentials.Add("foo", "bar") auth := &UserPassAuthenticator{Credentials: credentials} conf := &Config{