Add CLI password hasher

2020-06-28 04:43:59 -07:00 · 2020-06-28 04:43:59 -07:00 · 4c5521d630
parent 875715803a
commit 4c5521d630
5 changed files with 34 additions and 0 deletions
--- a/core/poller/commands.go
+++ b/core/poller/commands.go
@ -4,6 +4,10 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"syscall"
+
+	"golang.org/x/crypto/bcrypt"
+	"golang.org/x/crypto/ssh/terminal"
 )

 // PrintRawMetrics prints raw json from the UniFi Controller. This is currently
@ -29,3 +33,24 @@ func (u *UnifiPoller) PrintRawMetrics() (err error) {

 	return err
 }
+
+// PrintPasswordHash prints a bcrypt'd password. Useful for the web server.
+func (u *UnifiPoller) PrintPasswordHash() (err error) {
+	pwd := []byte(u.Flags.HashPW)
+
+	if u.Flags.HashPW == "-" {
+		fmt.Print("Enter Password: ")
+
+		pwd, err = terminal.ReadPassword(syscall.Stdin)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println() // print a newline.
+	}
+
+	hash, err := bcrypt.GenerateFromPassword(pwd, bcrypt.MinCost)
+	fmt.Println(string(hash))
+
+	return err
+}
--- a/core/poller/config.go
+++ b/core/poller/config.go
@ -29,6 +29,7 @@ type UnifiPoller struct {
 type Flags struct {
 	ConfigFile string
 	DumpJSON   string
+	HashPW     string
 	ShowVer    bool
 	*pflag.FlagSet
 }
--- a/core/poller/go.mod
+++ b/core/poller/go.mod
@ -9,6 +9,7 @@ require (
 	github.com/prometheus/common v0.10.0
 	github.com/prometheus/procfs v0.1.1 // indirect
 	github.com/spf13/pflag v1.0.5
+	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
 	golang.org/x/net v0.0.0-20200602114024-627f9648deb9 // indirect
 	golang.org/x/sys v0.0.0-20200610111108-226ff32320da // indirect
 	golift.io/cnfg v0.0.5
--- a/core/poller/go.sum
+++ b/core/poller/go.sum
@ -87,6 +87,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
--- a/core/poller/start.go
+++ b/core/poller/start.go
@ -29,6 +29,10 @@ func (u *UnifiPoller) Start() error {
 		return nil // don't run anything else w/ version request.
 	}

+	if u.Flags.HashPW != "" {
+		return u.PrintPasswordHash()
+	}
+
 	cfile, err := getFirstFile(strings.Split(u.Flags.ConfigFile, ","))
 	if err != nil {
 		return err
@ -55,6 +59,8 @@ func (f *Flags) Parse(args []string) {
 		f.PrintDefaults()
 	}

+	f.StringVarP(&f.HashPW, "encrypt", "e", "",
+		"This option bcrypts a provided string. Useful for the webserver password. Use - to be prompted.")
 	f.StringVarP(&f.DumpJSON, "dumpjson", "j", "",
 		"This debug option prints a json payload and exits. See man page for more info.")
 	f.StringVarP(&f.ConfigFile, "config", "c", DefaultConfFile,