From 7553813376f94e3ae287de78efe413662cd8f967 Mon Sep 17 00:00:00 2001
From: Julian Hurst <ark@mansus.space>
Date: Fri, 28 Mar 2025 16:48:55 +0100
Subject: Adds bcrypt for token hashing

---
 main.go | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

(limited to 'main.go')

diff --git a/main.go b/main.go
index b9bf651..2223a4c 100644
--- a/main.go
+++ b/main.go
@@ -16,6 +16,7 @@ import (
 	"io/fs"
 
 	"github.com/google/uuid"
+	"golang.org/x/crypto/bcrypt"
 )
 
 //go:embed templates
@@ -27,17 +28,17 @@ var favicon []byte
 
 type BoxHandler struct {
 	filesPath string
-	token string
+	token []byte
 	deleteEnabled bool
 	index bool
 }
 
-func serve(w http.ResponseWriter, token string, views ...string) {
+func serve(w http.ResponseWriter, token []byte, views ...string) {
 	t, err := template.New("index.html").ParseFS(tmplFS, views...)
 	if err != nil {
 		log.Fatal(err)
 	}
-	if err := t.Execute(w, token); err != nil {
+	if err := t.Execute(w, token != nil); err != nil {
 		log.Fatal(err)
 	}
 }
@@ -79,7 +80,7 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		token := r.Header.Get("X-Token")
-		if token != handler.token {
+		if bcrypt.CompareHashAndPassword(handler.token, []byte(token)) != nil {
 			log.Println("unauthorized")
 			w.WriteHeader(http.StatusUnauthorized)
 			return
@@ -101,7 +102,7 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		token := r.Header.Get("X-Token")
-		if token != handler.token {
+		if bcrypt.CompareHashAndPassword(handler.token, []byte(token)) != nil {
 			log.Println("unauthorized")
 			w.WriteHeader(http.StatusUnauthorized)
 			return
@@ -143,14 +144,19 @@ func main() {
 	index := flag.Bool("i", false, "Enable displaying the resource folder index")
 	flag.Parse()
 
-	token := ""
+	var token []byte = nil
 	if *isToken {
-		token = os.Getenv("BOX_TOKEN")
-		if token == "" {
+		tok := os.Getenv("BOX_TOKEN")
+		if tok == "" {
 			fmt.Print("Token: ")
 			sc := bufio.NewScanner(os.Stdin)
 			sc.Scan()
-			token = sc.Text()
+			tok = sc.Text()
+		}
+		var err error = nil
+		token, err = bcrypt.GenerateFromPassword([]byte(tok), bcrypt.DefaultCost)
+		if err != nil {
+			panic(err)
 		}
 	}
 
-- 
cgit v1.2.3