check password more strict

src/modules/rdb/http/router_funcs.go

@@ -1,6 +1,7 @@
 package http
 
 import (
+	"fmt"
 	"strconv"
 
 	"github.com/gin-gonic/gin"
@@ -137,6 +138,59 @@ type idsForm struct {
 	Ids []int64 `json:"ids"`
 }
 
+func checkPassword(passwd string) {
+	indNum := [4]int{0, 0, 0, 0}
+	spCode := []byte{'!', '@', '#', '$', '%', '^', '&', '*', '_', '-', '~', '.', ',', '<', '>', '/', ';', ':', '|', '?', '+', '='}
+
+	if len(passwd) < 6 {
+		bomb("password too short")
+	}
+
+	passwdByte := []byte(passwd)
+
+	for _, i := range passwdByte {
+
+		if i >= 'A' && i <= 'Z' {
+			indNum[0] = 1
+			continue
+		}
+
+		if i >= 'a' && i <= 'z' {
+			indNum[1] = 1
+			continue
+		}
+
+		if i >= '0' && i <= '9' {
+			indNum[2] = 1
+			continue
+		}
+
+		has := false
+		for _, s := range spCode {
+			if i == s {
+				indNum[3] = 1
+				has = true
+				break
+			}
+		}
+
+		if !has {
+			bomb("character: %s not supported", string(i))
+		}
+
+	}
+
+	codeCount := 0
+
+	for _, i := range indNum {
+		codeCount += i
+	}
+
+	if codeCount < 3 {
+		bomb("password too simple")
+	}
+}
+
 // ------------
 
 func loginUsername(c *gin.Context) string {

src/modules/rdb/http/router_self.go

@@ -42,6 +42,7 @@ type selfPasswordForm struct {
 func selfPasswordPut(c *gin.Context) {
 	var f selfPasswordForm
 	bind(c, &f)
+	checkPassword(f.NewPass)
 
 	oldpass, err := models.CryptoPass(f.OldPass)
 	dangerous(err)

src/modules/rdb/http/router_user.go

@@ -45,6 +45,7 @@ func userAddPost(c *gin.Context) {
 
 	var f userProfileForm
 	bind(c, &f)
+	checkPassword(f.Password)
 
 	pass, err := models.CryptoPass(f.Password)
 	dangerous(err)
@@ -140,6 +141,7 @@ func userPasswordPut(c *gin.Context) {
 
 	var f userPasswordForm
 	bind(c, &f)
+	checkPassword(f.Password)
 
 	target := User(urlParamInt64(c, "id"))
 
@@ -259,6 +261,7 @@ type userInviteForm struct {
 func userInvitePost(c *gin.Context) {
 	var f userInviteForm
 	bind(c, &f)
+	checkPassword(f.Password)
 
 	inv, err := models.InviteGet("token=?", f.Token)
 	dangerous(err)