vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-15 18:20:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
Pulse/internal/auth/token.go
Pulse Monitor 958cacf042 feat: enhance security and improve login UI 
Security Improvements:
- Implement bcrypt password hashing (cost factor 12)
- Add SHA3-256 API token hashing
- Fix authentication enforcement after security setup
- Improve restart mechanism to properly reload systemd environment
- Add CSRF protection for all state-changing operations
- Implement comprehensive rate limiting (10/min auth, 500/min API)
- Remove sensitive data from logs
- Add security audit test suite

UI Enhancements:
- Add Pulse logo to login screen with animations
- Implement glassmorphism design for login form
- Add gradient backgrounds and smooth animations
- Enhance input fields with icons
- Add loading spinner for authentication
- Improve overall login page aesthetics

Bug Fixes:
- Fix security setup restart mechanism
- Fix systemd environment variable inheritance
- Fix CSRF validation for security endpoints
- Fix password change and removal functionality

Testing:
- Add automated security test suite
- Verify all authentication flows
- Test rate limiting effectiveness
- Validate CSRF protection
2025-08-13 23:07:57 +00:00

41 lines
No EOL
1.1 KiB
Go
Raw Blame History

package auth
import (
"crypto/rand"
"crypto/subtle"
"encoding/hex"
"golang.org/x/crypto/sha3"
)
// GenerateAPIToken generates a secure random API token
func GenerateAPIToken() (string, error) {
bytes := make([]byte, 32)
if _, err := rand.Read(bytes); err != nil {
return "", err
}
return hex.EncodeToString(bytes), nil
}
// HashAPIToken creates a one-way hash of an API token for storage
// We use SHA3-256 for API tokens since we need to compare exact values
func HashAPIToken(token string) string {
hash := sha3.Sum256([]byte(token))
return hex.EncodeToString(hash[:])
}
// CompareAPIToken compares a provided token with a stored hash
func CompareAPIToken(token, hash string) bool {
tokenHash := HashAPIToken(token)
return subtle.ConstantTimeCompare([]byte(tokenHash), []byte(hash)) == 1
}
// IsAPITokenHashed checks if a string looks like a hashed API token
func IsAPITokenHashed(token string) bool {
// SHA3-256 produces 64 character hex strings
if len(token) != 64 {
return false
}
// Check if it's valid hex
_, err := hex.DecodeString(token)
return err == nil
}
Reference in a new issue View git blame Copy permalink