refactor(code): Cleaned-up the code base

lib/boxstore/security.go

@@ -0,0 +1,51 @@
+package boxstore
+
+import (
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/hex"
+	"strings"
+	"time"
+
+	"golang.org/x/crypto/bcrypt"
+
+	"warpbox/lib/models"
+)
+
+func IsExpired(manifest models.BoxManifest) bool {
+	return !manifest.ExpiresAt.IsZero() && time.Now().UTC().After(manifest.ExpiresAt)
+}
+
+func IsPasswordProtected(manifest models.BoxManifest) bool {
+	return manifest.PasswordHash != "" && manifest.AuthToken != ""
+}
+
+func VerifyPassword(manifest models.BoxManifest, password string) bool {
+	if !IsPasswordProtected(manifest) {
+		return true
+	}
+
+	expected := manifest.PasswordHash
+	if manifest.PasswordHashAlg == "bcrypt" || strings.HasPrefix(expected, "$2") {
+		return bcrypt.CompareHashAndPassword([]byte(expected), []byte(password)) == nil
+	}
+
+	actual := legacyPasswordHash(manifest.PasswordSalt, password)
+	return subtle.ConstantTimeCompare([]byte(expected), []byte(actual)) == 1
+}
+
+func VerifyAuthToken(manifest models.BoxManifest, token string) bool {
+	if !IsPasswordProtected(manifest) {
+		return true
+	}
+
+	if token == "" {
+		return false
+	}
+
+	return subtle.ConstantTimeCompare([]byte(manifest.AuthToken), []byte(token)) == 1
+}
+func legacyPasswordHash(salt string, password string) string {
+	sum := sha256.Sum256([]byte(salt + ":" + password))
+	return hex.EncodeToString(sum[:])
+}