forked from TrueCloudLab/neoneo-go
cli: handle passwords securely
This commit is contained in:
parent
e87d21d396
commit
3f98449ce0
3 changed files with 55 additions and 8 deletions
|
@ -49,16 +49,11 @@ func readLine(trm *term.Terminal, prompt string) (string, error) {
|
||||||
// ReadPassword reads the user's password with prompt.
|
// ReadPassword reads the user's password with prompt.
|
||||||
func ReadPassword(prompt string) (string, error) {
|
func ReadPassword(prompt string) (string, error) {
|
||||||
trm := Terminal
|
trm := Terminal
|
||||||
if trm == nil {
|
if trm != nil {
|
||||||
s, err := term.MakeRaw(int(syscall.Stdin))
|
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
defer func() { _ = term.Restore(int(syscall.Stdin), s) }()
|
|
||||||
trm = term.NewTerminal(ReadWriter{os.Stdin, os.Stdout}, prompt)
|
|
||||||
}
|
|
||||||
return trm.ReadPassword(prompt)
|
return trm.ReadPassword(prompt)
|
||||||
}
|
}
|
||||||
|
return readSecurePassword(prompt)
|
||||||
|
}
|
||||||
|
|
||||||
// ConfirmTx asks for a confirmation to send the tx.
|
// ConfirmTx asks for a confirmation to send the tx.
|
||||||
func ConfirmTx(w io.Writer, tx *transaction.Transaction) error {
|
func ConfirmTx(w io.Writer, tx *transaction.Transaction) error {
|
||||||
|
|
30
cli/input/readpass_unix.go
Normal file
30
cli/input/readpass_unix.go
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
//go:build !windows
|
||||||
|
// +build !windows
|
||||||
|
|
||||||
|
package input
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
|
||||||
|
"golang.org/x/term"
|
||||||
|
)
|
||||||
|
|
||||||
|
// readSecurePassword reads the user's password with prompt directly from /dev/tty.
|
||||||
|
func readSecurePassword(prompt string) (string, error) {
|
||||||
|
f, err := os.OpenFile("/dev/tty", os.O_RDWR, 0)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
_, err = f.WriteString(prompt)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
pass, err := term.ReadPassword(int(f.Fd()))
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("failed to read password: %w", err)
|
||||||
|
}
|
||||||
|
_, err = f.WriteString("\n")
|
||||||
|
return string(pass), err
|
||||||
|
}
|
22
cli/input/readpass_windows.go
Normal file
22
cli/input/readpass_windows.go
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
//go:build windows
|
||||||
|
// +build windows
|
||||||
|
|
||||||
|
package input
|
||||||
|
|
||||||
|
import (
|
||||||
|
"os"
|
||||||
|
"syscall"
|
||||||
|
|
||||||
|
"golang.org/x/term"
|
||||||
|
)
|
||||||
|
|
||||||
|
// readSecurePassword reads the user's password with prompt.
|
||||||
|
func readSecurePassword(prompt string) (string, error) {
|
||||||
|
s, err := term.MakeRaw(int(syscall.Stdin))
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
defer func() { _ = term.Restore(int(syscall.Stdin), s) }()
|
||||||
|
trm := term.NewTerminal(ReadWriter{os.Stdin, os.Stdout}, prompt)
|
||||||
|
return trm.ReadPassword(prompt)
|
||||||
|
}
|
Loading…
Reference in a new issue