including a nonce into app id to allow to a user to create multiple apps with the same email

lucasmenendez · lucasmenendez · commit 332ce6e1e724 · 2024-08-10T19:52:36.000+02:00
diff --git a/api/apps.go b/api/apps.go
@@ -145,10 +145,13 @@ func generateApp(email string) (string, string, string, error) {
 		return "", "", "", fmt.Errorf("email is required")
 	}
 	// hash email
-	appId, err := helpers.Hash(email, helpers.AppIdSize)
+	hEmail, err := helpers.Hash(email, helpers.EmailHashSize)
 	if err != nil {
 		return "", "", "", err
 	}
+	bAppNonce := helpers.RandBytes(helpers.AppNonceSize)
+	hAppNonce := hex.EncodeToString(bAppNonce)
+	appId := hEmail + hAppNonce
 	// generate secret
 	secret, hSecret, err := appSecret()
 	if err != nil {
diff --git a/api/tokens.go b/api/tokens.go
@@ -131,8 +131,9 @@ func (s *Service) validAdminToken(token, rawSecret string) (string, bool) {
 	if err != nil {
 		return "", false
 	}
-	// the admin has the same id as the app (the hased email)
-	if userId != appId {
+	// the app id is composed by the admin user id hash and a nonce, so
+	// the app id starts with the admin user id, check if so
+	if !strings.HasPrefix(appId, userId) {
 		return "", false
 	}
 	// check if the secret is valid
diff --git a/cmd/authapi/main.go b/cmd/authapi/main.go
@@ -17,7 +17,7 @@ import (
 const (
 	defaultHost               = "0.0.0.0"
 	defaultPort               = 8080
-	defaultDatabaseURI        = "mongodb://localhost:27017"
+	defaultDatabaseURI        = "mongodb://admin:password@localhost:27017/"
 	defaultDatabaseName       = "simpleauth"
 	defaultEmailAddr          = ""
 	defaultEmailPass          = ""
@@ -89,7 +89,7 @@ func main() {
 		MongoURI: c.dbURI,
 		Database: c.dbName,
 	}); err != nil {
-		log.Fatalln("error initializing db: %w", err)
+		log.Fatalf("error initializing db: %v", err)
 	}
 	// create the service
 	service, err := api.New(context.Background(), db, &api.Config{
diff --git a/helpers/consts.go b/helpers/consts.go
@@ -32,8 +32,15 @@ const (
 	// value of 4 (bytes).
 	UserIdSize = 4
 	// AppIdSize constant is the size of the app id, which is an integer with a
-	// value of 4 (bytes).
-	AppIdSize = 4
+	// value of 8 (bytes).
+	AppIdSize = 8
+	// EmailHashSize constant is the size of the email hash, which is an integer
+	// with a value of 4 (bytes). The email hash is used to generate the user id
+	// and the app id.
+	EmailHashSize = 4
+	// AppNonceSize constant is the size of the app nonce, which is an integer
+	// with a value of 4 (bytes). The app nonce is used to generate the app id.
+	AppNonceSize = 4
 	// SecretSize constant is the size of the secret, which is an integer with a
 	// value of 16 (bytes).
 	SecretSize = 16

Original file line number	Diff line number	Diff line change
`@@ -131,8 +131,9 @@ func (s *Service) validAdminToken(token, rawSecret string) (string, bool) {`
`131`	`131`	`if err != nil {`
`132`	`132`	`return "", false`
`133`	`133`	`}`
`134`		`- // the admin has the same id as the app (the hased email)`
`135`		`- if userId != appId {`
	`134`	`+ // the app id is composed by the admin user id hash and a nonce, so`
	`135`	`+ // the app id starts with the admin user id, check if so`
	`136`	`+ if !strings.HasPrefix(appId, userId) {`
`136`	`137`	`return "", false`
`137`	`138`	`}`
`138`	`139`	`// check if the secret is valid`