From bb5930cfc1852de96296c3a8b19b1e202e5c504c Mon Sep 17 00:00:00 2001
From: Mikhail Osipov <mike.osipov@gmail.com>
Date: Wed, 22 Sep 2021 14:08:50 +0300
Subject: aes: get secret from file

---
 pkg/server/hook/aes.go  | 22 +++++++++++++++++++---
 pkg/server/hook/auth.go | 20 +++++++++-----------
 2 files changed, 28 insertions(+), 14 deletions(-)

(limited to 'pkg/server')

diff --git a/pkg/server/hook/aes.go b/pkg/server/hook/aes.go
index 184d18d..6bb43fa 100644
--- a/pkg/server/hook/aes.go
+++ b/pkg/server/hook/aes.go
@@ -5,7 +5,11 @@ import (
 	"crypto/cipher"
 	"crypto/md5"
 	"crypto/rand"
+	"errors"
+	"fmt"
 	"io"
+	"os"
+	"strings"
 
 	"tunnel/pkg/server/env"
 	"tunnel/pkg/server/queue"
@@ -65,11 +69,23 @@ func (a *aesPipe) Recv(rq, wq queue.Q) error {
 }
 
 func (aesHook) New(env env.Env) (interface{}, error) {
-	s := env.Value("secret")
-	h := md5.Sum([]byte(s))
+	file := env.Value("aesfile")
+	if file == "" {
+		return nil, errors.New("no aesfile configured")
+	}
+	b, err := os.ReadFile(file)
+	if err != nil {
+		return nil, fmt.Errorf("aesfile: %w", err)
+	}
+	s := strings.TrimSpace(string(b))
+	if s == "" {
+		return nil, errors.New("aesfile: no secret")
+	}
+
+	key := md5.Sum([]byte(s))
 
 	a := &aesPipe{key: make([]byte, 16)}
-	copy(a.key, h[:])
+	copy(a.key, key[:])
 
 	return a, nil
 }
diff --git a/pkg/server/hook/auth.go b/pkg/server/hook/auth.go
index 0f70d88..9c8ca35 100644
--- a/pkg/server/hook/auth.go
+++ b/pkg/server/hook/auth.go
@@ -68,19 +68,18 @@ func hashsum(args ...string) string {
 func getpass(f *os.File, salt string, user string) string {
 	f.Seek(0, 0)
 
+	match := func(s, t string) bool {
+		if salt == "" {
+			return s == t
+		}
+		return hashsum(salt, s) == t
+	}
+
 	for scanner := bufio.NewScanner(f); scanner.Scan(); {
 		splitted := strings.SplitN(scanner.Text(), "#", 2)
 		tokens := strings.Fields(splitted[0])
-		if len(tokens) > 1 {
-			if salt == "" {
-				if tokens[0] == user {
-					return tokens[1]
-				}
-			} else {
-				if hashsum(salt, tokens[0]) == user {
-					return tokens[1]
-				}
-			}
+		if len(tokens) > 1 && match(tokens[0], user) {
+			return tokens[1]
 		}
 	}
 
@@ -226,7 +225,6 @@ func (a *auth) Close() {
 
 func (h *authHook) New(env env.Env) (interface{}, error) {
 	file := env.Value("authfile")
-
 	if file == "" {
 		return nil, errors.New("no authfile configured")
 	}
-- 
cgit v1.2.3-70-g09d2