- Add password hashing and password checking for the new feature of p…

…assword protected pastes
pastemeofficial · Dec 31, 2020 · d149ebd · d149ebd
1 parent 83a60ec
commit d149ebd
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -2,4 +2,5 @@ binary_name = pasteme
 
 .PHONY: wasm
 wasm:
+	GOOS=js GOARCH=wasm go get -t -v
 	GOOS=js GOARCH=wasm go build -v -a -gcflags "all=-trimpath=$$PWD;$$HOME" -asmflags "all=-trimpath=$$PWD;$$HOME" -o build/$(binary_name).wasm
diff --git a/go.mod b/go.mod
@@ -2,4 +2,6 @@ module github.com/0x111/pasteme-wasm
 
 go 1.14
 
-require golang.org/x/crypto v0.0.0-20200602180216-279210d13fed
+require (
+	golang.org/x/crypto v0.0.0-20200602180216-279210d13fed
+)
diff --git a/pasteme-wasm.go b/pasteme-wasm.go
@@ -7,12 +7,13 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/crypto/pbkdf2"
 	"strings"
 	"syscall/js"
 )
 
-const version = "v0.1"
+const version = "v0.2"
 
 func main() {
 	fmt.Printf("Paste.me WASM module %s initialized\n", version)
@@ -22,6 +23,8 @@ func main() {
 	js.Global().Set("pasteme_decrypt", js.FuncOf(DecryptData))
 	js.Global().Set("pasteme_decryptFile", js.FuncOf(DecryptBinaryData))
 	js.Global().Set("pasteme_passphrase", js.FuncOf(GeneratePassPhrase))
+	js.Global().Set("pasteme_hashPassword", js.FuncOf(HashPassword))
+	js.Global().Set("pasteme_compareHashAndPassword", js.FuncOf(CompareHashAndPassword))
 	<-c
 }
 
@@ -159,6 +162,71 @@ func DecryptData(this js.Value, args []js.Value) interface{} {
 	})
 }
 
+func HashPassword(this js.Value, args []js.Value) interface{} {
+	if len(args) < 1 {
+		return js.ValueOf(map[string]interface{}{
+			"error": "Please provide a password that you need to hash!",
+		})
+	}
+
+	password := args[0].String()
+
+	if len(password) == 0 {
+		return js.ValueOf(map[string]interface{}{
+			"error": "Please provide a password!",
+		})
+	}
+
+	// Hashing the password with the default cost of 10
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return js.ValueOf(map[string]interface{}{
+			"error": "There was an error while hashing the password! Please try again!",
+		})
+	}
+
+	return js.ValueOf(map[string]interface{}{
+		"hashedPassword": string(hashedPassword),
+	})
+}
+
+func CompareHashAndPassword(this js.Value, args []js.Value) interface{} {
+	if len(args) < 2 {
+		return js.ValueOf(map[string]interface{}{
+			"error": "Please provide a hash and a password to compare!",
+		})
+	}
+
+	hash := args[0].String()
+
+	if len(hash) == 0 {
+		return js.ValueOf(map[string]interface{}{
+			"error": "Please provide a hash!",
+		})
+	}
+
+	password := args[1].String()
+
+	if len(password) == 0 {
+		return js.ValueOf(map[string]interface{}{
+			"error": "Please provide a password!",
+		})
+	}
+
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+
+	if err != nil {
+		return js.ValueOf(map[string]interface{}{
+			"error": "The hash and password do not match!",
+			"valid": false,
+		})
+	}
+
+	return js.ValueOf(map[string]interface{}{
+		"valid": true,
+	})
+}
+
 // @SRC: https://gist.github.com/dopey/c69559607800d2f2f90b1b1ed4e550fb
 // GenerateRandomBytes returns securely generated random bytes.
 // It will return an error if the system's secure random