Major Update, registration and authentication of devices works now.

This is the first iteration of the registration of devices and authentication for a couple of endpoints.
This needs to be refactored, the code is a bit of a mess. Also because of testing some endpoints are available for remotes that shouldn't be.

be/app/helper/api-helper.go

@@ -1,15 +1,17 @@
 package helper
 
 import (
+	"encoding/json"
 	"log"
 	"net"
 	"net/http"
 	"strings"
 
+	"be/app/structs"
 	. "be/app/structs"
 )
 
-func EndpointAccess(w http.ResponseWriter, r *http.Request) bool {
+func EndpointAccess(w http.ResponseWriter, r *http.Request) (bool, string) {
 	ip, _, err := net.SplitHostPort(r.RemoteAddr)
 	if err != nil {
 		log.Fatal(err)
@@ -18,14 +20,18 @@ func EndpointAccess(w http.ResponseWriter, r *http.Request) bool {
 	if (isLocal(ip) && isEndpointAllowed("Local", r.URL.Path)) ||
 		(isLanRemote(ip) && isEndpointAllowed("Remote", r.URL.Path)) {
 		log.Println(r.URL.Path, "endpoint access: accessible")
-		return true
-	} else if isLanRemote(ip) && isEndpointAllowed("auth", r.URL.Path) && isDeviceAuthorized() {
+		return true, ""
+	} else if isLanRemote(ip) && isEndpointAllowed("Auth", r.URL.Path) {
 		log.Println(r.URL.Path, "endpoint access: authorized")
+
+		data := decryptAuth(r)
+
+		return data != "", data
 	}
 
 	log.Println(r.URL.Path, "endpoint access: not authorized or accessible")
 
-	return false
+	return false, ""
 }
 
 func isLocal(ip string) bool {
@@ -67,6 +73,30 @@ func getAllowedEndpoints(source string) (endpoints []string, err string) {
 	return []string{}, "No allowed endpoints"
 }
 
-func isDeviceAuthorized() bool {
-	return false
+func decryptAuth(r *http.Request) string {
+	var req structs.Authcall
+
+	err := json.NewDecoder(r.Body).Decode(&req)
+
+	if err != nil || req.Uuid == "" || req.Data == "" {
+		return ""
+	}
+
+	deviceKey, errKey := GetKeyByUuid(req.Uuid)
+	decryptData, errDec := DecryptAES(deviceKey, req.Data)
+
+	if errKey != nil && errDec != nil || decryptData == "" {
+		return ""
+	}
+
+	return decryptData
+}
+
+func ParseRequest(req interface{}, data string, r *http.Request) (d interface{}, err error) {
+	if data != "" {
+		dataBytes := []byte(data)
+		return req, json.Unmarshal(dataBytes, &req)
+	} else {
+		return req, json.NewDecoder(r.Body).Decode(&req)
+	}
 }

be/app/helper/device-helper.go

@@ -22,6 +22,25 @@ func TempPinFile(Uuid string, pin string) bool {
 	return true
 }
 
-func CheckPinFile(encryptedData []byte) bool {
-	return false
+func CheckPinFile(Uuid string) bool {
+	_, err := os.Stat("devices/" + Uuid + ".tmp")
+	return err == nil
+}
+
+func SaveDeviceKey(Uuid string, key string) error {
+	err := os.WriteFile("devices/"+Uuid+".key", []byte(key), 0644)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func GetKeyByUuid(Uuid string) (string, error) {
+	data, err := os.ReadFile("devices/" + Uuid + ".key")
+	if err != nil {
+		return "", err
+	}
+	return string(data), nil
 }

be/app/helper/encrypt-helper.go

@@ -0,0 +1,105 @@
+package helper
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"strings"
+)
+
+func EncryptAES(key string, plaintext string) (string, error) {
+	origData := []byte(plaintext)
+
+	// Create AES cipher
+	block, err := aes.NewCipher(keyToBytes(key))
+	if err != nil {
+		return "", err
+	}
+	blockSize := block.BlockSize()
+
+	origData = PKCS5Padding(origData, blockSize)
+
+	iv := []byte(EnvGet("MCRM__IV"))
+	blockMode := cipher.NewCBCEncrypter(block, iv)
+
+	crypted := make([]byte, len(origData))
+	blockMode.CryptBlocks(crypted, origData)
+
+	cryptedString := base64.StdEncoding.EncodeToString(crypted)
+
+	return cryptedString, nil
+}
+
+func DecryptAES(key string, cryptedText string) (string, error) {
+	crypted, err := base64.StdEncoding.DecodeString(cryptedText)
+
+	if err != nil {
+		return "", err
+	}
+
+	block, err := aes.NewCipher(keyToBytes(key))
+	if err != nil {
+		return "", err
+	}
+
+	iv := []byte(EnvGet("MCRM__IV"))
+	blockMode := cipher.NewCBCDecrypter(block, iv)
+
+	origData := make([]byte, len(crypted))
+
+	blockMode.CryptBlocks(origData, crypted)
+	origData, err = PKCS5UnPadding(origData)
+
+	if err != nil || len(origData) <= 3 {
+		return "", errors.New("invalid key")
+	}
+
+	origDataString := string(origData)
+
+	return origDataString, nil
+}
+
+func generateRandomString(length int) string {
+	b := make([]byte, length)
+	_, err := rand.Read(b)
+	if err != nil {
+		panic(err)
+	}
+	return base64.StdEncoding.EncodeToString(b)
+}
+
+func GenerateKey() string {
+	return strings.Replace(generateRandomString(24), "=", "", -1)
+}
+
+func keyToBytes(key string) []byte {
+	// Convert key to bytes
+	keyBytes := []byte(key)
+
+	// If key is 4 characters, append salt
+	if len(key) == 4 {
+		keyBytes = []byte(key + EnvGet("MCRM__SALT"))
+	}
+
+	return keyBytes
+}
+
+func PKCS5Padding(ciphertext []byte, blockSize int) []byte {
+	padding := blockSize - len(ciphertext)%blockSize
+	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
+	return append(ciphertext, padtext...)
+}
+
+func PKCS5UnPadding(origData []byte) ([]byte, error) {
+	length := len(origData)
+	unpadding := int(origData[length-1])
+
+	if (unpadding >= length) || (unpadding == 0) {
+		return nil, errors.New("unpadding error")
+	}
+
+	return origData[:(length - unpadding)], nil
+}

be/app/helper/env-helper.go

@@ -0,0 +1,16 @@
+package helper
+
+import (
+	"log"
+	"os"
+
+	"github.com/joho/godotenv"
+)
+
+func EnvGet(key string) string {
+	err := godotenv.Load("../.env")
+	if err != nil {
+		log.Fatal("Error loading .env file")
+	}
+	return os.Getenv("VITE_" + key)
+}