/* Copyright (C) 2024 Pagefault Games This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . */ package account import ( "cmp" "net/http" "regexp" "runtime" "github.com/pagefaultgames/rogueserver/errors" "golang.org/x/crypto/argon2" ) type GenericAuthResponse struct { Token string `json:"token"` } const ( ArgonTime = 1 ArgonMemory = 256 * 1024 ArgonThreads = 4 ArgonKeySize = 32 ArgonSaltSize = 16 UUIDSize = 16 TokenSize = 32 ) var ( ArgonMaxInstances = runtime.NumCPU() isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString semaphore = make(chan bool, ArgonMaxInstances) ) func deriveArgon2IDKey(password, salt []byte) []byte { semaphore <- true defer func() { <-semaphore }() return argon2.IDKey(password, salt, ArgonTime, ArgonMemory, ArgonThreads, ArgonKeySize) } func validateUsernamePassword(username string, password string) error { return cmp.Or(validateUsername(username), validatePassword(password)) } func validateUsername(username string) error { if !isValidUsername(username) { return errors.NewHttpError(http.StatusBadRequest, "invalid username") } return nil } func validatePassword(password string) error { if len(password) < 6 { return errors.NewHttpError(http.StatusBadRequest, "invalid password") } return nil }