cli: handle passwords securely

This commit is contained in:
Anna Shaleva 2022-05-12 12:06:53 +03:00
parent e87d21d396
commit 3f98449ce0
3 changed files with 55 additions and 8 deletions

View file

@ -49,16 +49,11 @@ func readLine(trm *term.Terminal, prompt string) (string, error) {
// ReadPassword reads the user's password with prompt. // ReadPassword reads the user's password with prompt.
func ReadPassword(prompt string) (string, error) { func ReadPassword(prompt string) (string, error) {
trm := Terminal trm := Terminal
if trm == nil { if trm != nil {
s, err := term.MakeRaw(int(syscall.Stdin))
if err != nil {
return "", err
}
defer func() { _ = term.Restore(int(syscall.Stdin), s) }()
trm = term.NewTerminal(ReadWriter{os.Stdin, os.Stdout}, prompt)
}
return trm.ReadPassword(prompt) return trm.ReadPassword(prompt)
} }
return readSecurePassword(prompt)
}
// ConfirmTx asks for a confirmation to send the tx. // ConfirmTx asks for a confirmation to send the tx.
func ConfirmTx(w io.Writer, tx *transaction.Transaction) error { func ConfirmTx(w io.Writer, tx *transaction.Transaction) error {

View file

@ -0,0 +1,30 @@
//go:build !windows
// +build !windows
package input
import (
"fmt"
"os"
"golang.org/x/term"
)
// readSecurePassword reads the user's password with prompt directly from /dev/tty.
func readSecurePassword(prompt string) (string, error) {
f, err := os.OpenFile("/dev/tty", os.O_RDWR, 0)
if err != nil {
return "", err
}
defer f.Close()
_, err = f.WriteString(prompt)
if err != nil {
return "", err
}
pass, err := term.ReadPassword(int(f.Fd()))
if err != nil {
return "", fmt.Errorf("failed to read password: %w", err)
}
_, err = f.WriteString("\n")
return string(pass), err
}

View file

@ -0,0 +1,22 @@
//go:build windows
// +build windows
package input
import (
"os"
"syscall"
"golang.org/x/term"
)
// readSecurePassword reads the user's password with prompt.
func readSecurePassword(prompt string) (string, error) {
s, err := term.MakeRaw(int(syscall.Stdin))
if err != nil {
return "", err
}
defer func() { _ = term.Restore(int(syscall.Stdin), s) }()
trm := term.NewTerminal(ReadWriter{os.Stdin, os.Stdout}, prompt)
return trm.ReadPassword(prompt)
}