diff --git a/README.md b/README.md index d66099b..8eb31b0 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ vim .env # edit your config + `WEBHOOK_URL`: Optional. Callback URL for incoming and outgoing payment events, see below. + `FEE_RESERVE`: (default: false) Keep fee reserve for each user + `ALLOW_ACCOUNT_CREATION`: (default: true) Enable creation of new accounts ++ `MIN_PASSWORD_ENTROPY`: (default: 0 = disable check) Minimum entropy (bits) of a password to be accepted during account creation + `MAX_RECEIVE_AMOUNT`: (default: 0 = no limit) Set maximum amount (in satoshi) for which an invoice can be created + `MAX_SEND_AMOUNT`: (default: 0 = no limit) Set maximum amount (in satoshi) of an invoice that can be paid + `MAX_ACCOUNT_BALANCE`: (default: 0 = no limit) Set maximum balance (in satoshi) for each account diff --git a/go.mod b/go.mod index f84b72c..c8d9958 100644 --- a/go.mod +++ b/go.mod @@ -138,6 +138,7 @@ require ( github.com/valyala/fasttemplate v1.2.1 // indirect github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect + github.com/wagslane/go-password-validator v0.3.0 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect go.etcd.io/bbolt v1.3.6 // indirect diff --git a/go.sum b/go.sum index 60fe79b..6f9f712 100644 --- a/go.sum +++ b/go.sum @@ -825,6 +825,8 @@ github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= +github.com/wagslane/go-password-validator v0.3.0 h1:vfxOPzGHkz5S146HDpavl0cw1DSVP061Ry2PX0/ON6I= +github.com/wagslane/go-password-validator v0.3.0/go.mod h1:TI1XJ6T5fRdRnHqHt14pvy1tNVnrwe7m3/f1f2fDphQ= github.com/xdg-go/stringprep v1.0.2 h1:6iq84/ryjjeRmMJwxutI51F2GIPlP5BfTvXHeYjyhBc= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= diff --git a/lib/service/config.go b/lib/service/config.go index 88774f1..04e5076 100644 --- a/lib/service/config.go +++ b/lib/service/config.go @@ -26,6 +26,7 @@ type Config struct { WebhookUrl string `envconfig:"WEBHOOK_URL"` FeeReserve bool `envconfig:"FEE_RESERVE" default:"false"` AllowAccountCreation bool `envconfig:"ALLOW_ACCOUNT_CREATION" default:"true"` + MinPasswordEntropy int `envconfig:"MIN_PASSWORD_ENTROPY" default:"0"` MaxReceiveAmount int64 `envconfig:"MAX_RECEIVE_AMOUNT" default:"0"` MaxSendAmount int64 `envconfig:"MAX_SEND_AMOUNT" default:"0"` MaxAccountBalance int64 `envconfig:"MAX_ACCOUNT_BALANCE" default:"0"` diff --git a/lib/service/user.go b/lib/service/user.go index 82780ba..e40995f 100644 --- a/lib/service/user.go +++ b/lib/service/user.go @@ -3,11 +3,13 @@ package service import ( "context" "database/sql" + "fmt" "github.com/getAlby/lndhub.go/common" "github.com/getAlby/lndhub.go/db/models" "github.com/getAlby/lndhub.go/lib/security" "github.com/uptrace/bun" + passwordvalidator "github.com/wagslane/go-password-validator" ) func (svc *LndhubService) CreateUser(ctx context.Context, login string, password string) (user *models.User, err error) { @@ -30,6 +32,13 @@ func (svc *LndhubService) CreateUser(ctx context.Context, login string, password return nil, err } password = string(randPasswordBytes) + } else { + if svc.Config.MinPasswordEntropy > 0 { + entropy := passwordvalidator.GetEntropy(password) + if entropy < float64(svc.Config.MinPasswordEntropy) { + return nil, fmt.Errorf("password entropy is too low (%f), required is %d", entropy, svc.Config.MinPasswordEntropy) + } + } } // we only store the hashed password but return the initial plain text password in the HTTP response