refactor: improvements;

Author: jcbbb

cmd/yeahapi/main.go

@@ -49,7 +49,7 @@ func main() {
 }
 
 type Main struct {
-	Config     Config
+	Config     *Config
 	ConfigPath string
 	Pool       *pgxpool.Pool
 	Server     *http.Server
@@ -61,14 +61,14 @@ const (
 
 func NewMain() *Main {
 	return &Main{
-		Config:     Config{},
+		Config:     &Config{},
 		Server:     http.NewServer(),
 		ConfigPath: defaultConfigPath,
 	}
 }
 
 func (m *Main) Run(ctx context.Context) (err error) {
-	if m.Pool, err = pgxpool.New(ctx, m.Config.DB.DSN); err != nil {
+	if m.Pool, err = pgxpool.New(ctx, m.Config.DB.Postgres); err != nil {
 		return err
 	}
 
@@ -79,7 +79,8 @@ func (m *Main) Run(ctx context.Context) (err error) {
 		Threads: 4,
 		KeyLen:  32,
 	})
-	highwayHasher := inmem.NewHighwayHasher("some-key")
+
+	highwayHasher := inmem.NewHighwayHasher(m.Config.HighwayHash.Key)
 
 	authService := postgres.NewAuthService(m.Pool)
 	authService.ArgonHasher = argonHasher
@@ -93,6 +94,8 @@ func (m *Main) Run(ctx context.Context) (err error) {
 	// 	Streams:       map[string][]string{},
 	// })
 
+	m.Server.Addr = m.Config.HTTP.Addr
+
 	m.Server.UserService = userService
 	m.Server.AuthService = authService
 	m.Server.LocalizerService = localizerService
@@ -107,6 +110,9 @@ func (m *Main) Run(ctx context.Context) (err error) {
 
 func (m *Main) Close() error {
 	if m.Server != nil {
+		if err := m.Server.Close(); err != nil {
+			return err
+		}
 	}
 
 	if m.Pool != nil {
@@ -144,7 +150,7 @@ func (m *Main) ParseFlags(ctx context.Context, args []string) error {
 
 type Config struct {
 	DB struct {
-		DSN string `toml:"dsn"`
+		Postgres string `toml:"postgres"`
 	} `toml:"db"`
 
 	HTTP struct {
@@ -156,6 +162,10 @@ type Config struct {
 		Key    string `toml:"key"`
 	} `toml:"aws"`
 
+	HighwayHash struct {
+		Key string `toml:"key"`
+	} `toml:"highwayhash"`
+
 	Nats struct {
 		AuthToken string            `toml:"auth-token"`
 		URL       string            `toml:"url"`
@@ -169,14 +179,15 @@ type Config struct {
 	} `toml:"google"`
 }
 
-func ReadConfigFile(filename string) (Config, error) {
+func ReadConfigFile(filename string) (*Config, error) {
 	var config Config
 	if buf, err := os.ReadFile(filename); err != nil {
-		return config, err
+		return &config, err
 	} else if err := toml.Unmarshal(buf, &config); err != nil {
-		return config, err
+		return &config, err
 	}
-	return config, nil
+
+	return &config, nil
 }
 
 func expand(path string) (string, error) {

credential.go

@@ -6,9 +6,11 @@ import (
 	"crypto/ecdsa"
 	"crypto/rsa"
 	"crypto/sha256"
+	"crypto/sha512"
 	"crypto/x509"
 	"encoding/asn1"
 	"encoding/base64"
+	"hash"
 	"math/big"
 
 	"github.com/gofrs/uuid"
@@ -220,7 +222,7 @@ type PubKeyCredentialRequestOpts struct {
 func (c *PubKeyCredential) Verify(clientData []byte, authnData []byte, sig string) error {
 	sigbytes, err := base64.RawURLEncoding.DecodeString(sig)
 	if err != nil {
-		return errors.Internal
+		return E(EInternal, "unable to decode signature")
 	}
 
 	clientDataHash := sha256.Sum256(clientData)
@@ -231,27 +233,33 @@ func (c *PubKeyCredential) Verify(clientData []byte, authnData []byte, sig strin
 	return c.verifySignature(message, sigbytes)
 }
 
+var hashers = map[COSEAlgorithmIdentifier]func() hash.Hash{
+	COSEAlgES256: sha256.New,
+	COSEAlgEdDSA: sha512.New,
+	COSEAlgRS256: sha256.New,
+}
+
 func (c *PubKeyCredential) verifySignature(message []byte, sig []byte) error {
 	bytes, err := base64.RawURLEncoding.DecodeString(c.PubKey)
 	if err != nil {
-		return errors.NewInternal(l.T("Couldn't decode pubkey"))
+		return E(EInvalid, "unable to decode pubkey")
 	}
 
 	parsed, err := x509.ParsePKIXPublicKey(bytes)
 
 	if err != nil {
-		return errors.NewInternal(l.T("Unable to parse pubkey"))
+		return E(EInvalid, "unable to parse pubkey")
 	}
 
 	hasher := hashers[COSEAlgorithmIdentifier(c.PubKeyAlg)]
 	if hasher == nil {
-		return errors.NewInternal(l.T("Unsupported hashing algorithm"))
+		return E(EInvalid, "unsupported hashing algorithm")
 	}
 
 	h := hasher()
 	_, err = h.Write(message)
 	if err != nil {
-		return errors.NewInternal(l.T("Couldn't hash the data"))
+		return E(EInternal, "unable to hash the data")
 	}
 
 	digest := h.Sum(nil)
@@ -263,23 +271,22 @@ func (c *PubKeyCredential) verifySignature(message []byte, sig []byte) error {
 		}
 		var ecdsaSig ecdsaSignature
 		if rest, err := asn1.Unmarshal(sig, &ecdsaSig); err != nil {
-			return errors.Internal
+			return E(EInternal)
 		} else if len(rest) != 0 {
-			return errors.NewBadRequest(l.T("Trailing data after ECDSA signature"))
+			return E(EInvalid, "trailing data after ECDSA signature")
 		}
 		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
-			return errors.NewBadRequest(l.T("ECDSA signature contained zero or negative values"))
+			return E(EInvalid, "ECDSA signature contained zero or negative values")
 		}
 		if !ecdsa.Verify(pk, digest, ecdsaSig.R, ecdsaSig.S) {
-			return errors.NewBadRequest(l.T("ECDSA signature verification failed"))
+			return E(EInvalid, "ECDSA signature verification failed")
 		}
 	case *rsa.PublicKey:
 		if err := rsa.VerifyPKCS1v15(pk, crypto.SHA256, digest, sig); err != nil {
-			return errors.NewBadRequest(l.T("RSA signature verification failed"))
+			return E(EInvalid, "RSA signature verification failed")
 		}
 	default:
-		return errors.NewInternal("Unsupported key type")
-
+		return E(EInternal, "unsupported key type")
 	}
 
 	return nil