1 files changed, 62 insertions, 0 deletions

diff --git a/internal/authz/model.go b/internal/authz/model.go
new file mode 100644
index 0000000..cf9c952
--- /dev/null
+++ b/internal/authz/model.go
@@ -0,0 +1,62 @@
+package authz
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/csv"
+	"fmt"
+	"math/big"
+	"os"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// NewTokenMap create a new token map
+func NewTokenMap() TokenMap {
+	return TokenMap{}
+}
+
+// TokenMap a map of username,hash
+type TokenMap map[string]string
+
+// LoadTokens load tokens from a csv into a map
+func (tm TokenMap) LoadTokensFromFile(path string) error {
+	// TODO this should be configurable
+	contents, err := os.Open(path)
+	if err != nil {
+		fmt.Println("File reading error", err)
+		return err
+	}
+	defer contents.Close()
+	r := csv.NewReader(contents)
+	tokens, err := r.ReadAll()
+	if err != nil {
+		fmt.Println("File reading error", err)
+		return err
+	}
+	for _, acctToken := range tokens {
+		acct, hash := acctToken[0], acctToken[1]
+		tm[acct] = hash
+	}
+	return err
+}
+
+// GenerateNewToken generate a new token
+func GenerateNewToken() (string, string, error) {
+	tokenBytes := make([]byte, 28)
+	for i := range tokenBytes {
+		max := big.NewInt(int64(255))
+		randInt, err := rand.Int(rand.Reader, max)
+		if err != nil {
+			return "", "", err
+		}
+		tokenBytes[i] = uint8(randInt.Int64())
+	}
+	hashBytes, err := bcrypt.GenerateFromPassword(tokenBytes, bcrypt.DefaultCost)
+	if err != nil {
+		return "", "", err
+	}
+	token := base64.URLEncoding.EncodeToString(tokenBytes)
+	hash := string(hashBytes)
+	return token, hash, nil
+}