restructure directories

core/api/util/encoding.go

@@ -0,0 +1,31 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under 
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>. 
+//
+// https://documize.com
+
+package util
+
+import (
+	"bytes"
+	h "html/template"
+	txt "text/template"
+)
+
+// EncodeTextTemplate encodes input using text/template
+func EncodeTextTemplate(html string) (safe string, err error) {
+	var out bytes.Buffer
+	t, err := txt.New("foo").Parse(`{{define "T"}}{{.}}{{end}}`)
+	err = t.ExecuteTemplate(&out, "T", html)
+	return out.String(), err
+}
+
+// EncodeHTMLString encodes HTML string
+func EncodeHTMLString(html string) (safe string) {
+	return h.HTMLEscapeString(html)
+}

core/api/util/encoding_test.go

@@ -0,0 +1,33 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under 
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>. 
+//
+// https://documize.com
+
+package util
+
+import "testing"
+
+func TestHTMLEncoding(t *testing.T) {
+	html(t, "<script>alert('test')</script>", "&lt;script&gt;alert(&#39;test&#39;)&lt;/script&gt;")
+	text(t, "<script>alert('test')</script>", "<script>alert('test')</script>")
+}
+
+func html(t *testing.T, in, out string) {
+	got := EncodeHTMLString(in)
+	if got != out {
+		t.Errorf("EncodeHTMLString `%s` got `%s` expected `%s`\n", in, got, out)
+	}
+}
+
+func text(t *testing.T, in, out string) {
+	got, _ := EncodeTextTemplate(in)
+	if got != out {
+		t.Errorf("Html encode `%s` got `%s` expected `%s`\n", in, got, out)
+	}
+}

core/api/util/password.go

@@ -0,0 +1,62 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under 
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>. 
+//
+// https://documize.com
+
+package util
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+
+	"golang.org/x/crypto/bcrypt"
+
+	"github.com/documize/community/core/log"
+)
+
+// GenerateRandomPassword provides a string suitable for use as a password.
+func GenerateRandomPassword() string {
+	c := 5
+	b := make([]byte, c)
+	_, err := rand.Read(b)
+	log.IfErr(err)
+	return hex.EncodeToString(b)
+}
+
+// GenerateSalt provides a string suitable for use as a salt value.
+func GenerateSalt() string {
+	c := 20
+	b := make([]byte, c)
+	_, err := rand.Read(b)
+	log.IfErr(err)
+	return hex.EncodeToString(b)
+}
+
+// GeneratePassword returns a hashed password.
+func GeneratePassword(password string, salt string) string {
+	pwd := []byte(salt + password)
+
+	// Hashing the password with the cost of 10
+	hashedPassword, err := bcrypt.GenerateFromPassword(pwd, 10)
+
+	if err != nil {
+		log.Error("GeneratePassword failed", err)
+	}
+
+	return string(hashedPassword)
+}
+
+// MatchPassword copares a hashed password with a clear one.
+func MatchPassword(hashedPassword string, password string, salt string) bool {
+	pwd := []byte(salt + password)
+
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), pwd)
+
+	return err == nil
+}

core/api/util/uniqueid.go

@@ -0,0 +1,21 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under 
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>. 
+//
+// https://documize.com
+
+// Package util provides utility functions specific to the http-end-point component of Documize.
+package util
+
+import "github.com/rs/xid"
+
+// UniqueID creates a randomly generated string suitable for use as part of an URI.
+// It returns a string that is always 16 characters long.
+func UniqueID() string {
+	return xid.New().String()
+}

core/api/util/uniqueid_test.go

@@ -0,0 +1,62 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package util_test
+
+import (
+	"runtime"
+	"sync"
+	"testing"
+
+	"github.com/documize/community/core/api/util"
+)
+
+const sample = 1 << 24
+
+var m = make(map[string]struct{})
+var mx sync.Mutex
+
+func mm(t *testing.T, id string) {
+	if len(id) != 16 {
+		t.Errorf("len(id)=%d", len(id))
+	}
+	mx.Lock()
+	_, found := m[id]
+	if found {
+		t.Error("Duplicate")
+	} else {
+		m[id] = struct{}{}
+	}
+	mx.Unlock()
+}
+
+// TestUniqueID checks that in a large number of calls to UniqueID() they are all different.
+func TestUniqueID(t *testing.T) {
+	var wg sync.WaitGroup
+	c := runtime.NumCPU()
+	ss := sample / c
+	wg.Add(c)
+	for i := 0; i < c; i++ {
+		go func() {
+			for i := 0; i < ss; i++ {
+				mm(t, util.UniqueID())
+			}
+			wg.Done()
+		}()
+	}
+	wg.Wait()
+}
+
+func BenchmarkUniqueID(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		util.UniqueID()
+	}
+}