apg-go/apg.go

package main

import (
	"flag"
	"fmt"
	"log"
	"os"
)

// Constants
const DefaultMinLenght int = 12
const DefaultMaxLenght int = 20
const VersionString string = "0.3.2"

type Config struct {
	minPassLen    int
	maxPassLen    int
	numOfPass     int
	useComplex    bool
	useLowerCase  bool
	useUpperCase  bool
	useNumber     bool
	useSpecial    bool
	humanReadable bool
	checkHibp     bool
	excludeChars  string
	newStyleModes string
	spellPassword bool
	ShowHelp      bool
	showVersion   bool
	outputMode    int
}

// Help text
const usage = `apg-go // A "Automated Password Generator"-clone
Copyright (c) 2021 Winni Neessen

apg [-m <length>] [-x <length>] [-L] [-U] [-N] [-S] [-H] [-C]
    [-l] [-M mode] [-E char_string] [-n num_of_pass] [-v] [-h]

Options:
    -m LENGTH            Minimum length of the password to be generated (Default: 12)
    -x LENGTH            Maximum length of the password to be generated (Default: 20)
    -n NUMBER            Amount of password to be generated (Default: 6)
    -E CHARS             List of characters to be excluded in the generated password
    -M [LUNSHClunshc]    New style password parameters (upper case: on, lower case: off)
    -L                   Use lower case characters in passwords (Default: on)
    -U                   Use upper case characters in passwords (Default: on)
    -N                   Use numeric characters in passwords (Default: on)
    -S                   Use special characters in passwords (Default: off)
    -H                   Avoid ambiguous characters in passwords (i. e.: 1, l, I, O, 0) (Default: off)
    -C                   Enable complex password mode (implies -L -U -N -S and disables -H) (Default: off)
    -l                   Spell generated passwords in phonetic alphabet (Default: off)
    -p                   Check the HIBP database if the generated passwords was found in a leak before (Default: off)
                         '--> this feature requires internet connectivity 
    -h                   Show this help text
    -v                   Show version string`

// Main function that generated the passwords and returns them
func main() {
	// Log config
	log.SetFlags(log.Ltime | log.Ldate | log.Lshortfile)

	// Read and parse flags
	flag.Usage = func() { _, _ = fmt.Fprintf(os.Stderr, "%s\n", usage) }
	var config = parseFlags()

	// Show version and exit
	if config.showVersion {
		_, _ = os.Stderr.WriteString(`apg-go // A "Automated Password Generator"-clone v` + VersionString + "\n")
		_, _ = os.Stderr.WriteString("(C) 2021 by Winni Neessen\n")
		os.Exit(0)
	}

	// Set PW length and available characterset
	charRange := getCharRange(&config)

	// Generate passwords
	for i := 1; i <= config.numOfPass; i++ {
		pwLength := getPwLengthFromParams(&config)
		pwString, err := getRandChar(&charRange, pwLength)
		if err != nil {
			log.Fatalf("getRandChar returned an error: %q\n", err)
		}

		switch config.outputMode {
		case 1:
			{
				spelledPw, err := spellPasswordString(pwString)
				if err != nil {
					log.Fatalf("spellPasswordString returned an error: %q\n", err.Error())
				}
				fmt.Printf("%v (%v)\n", pwString, spelledPw)
				break
			}
		default:
			{
				fmt.Println(pwString)
				break
			}
		}

		if config.checkHibp {
			isPwned, err := checkHibp(pwString)
			if err != nil {
				log.Printf("unable to check HIBP database: %v", err)
			}
			if isPwned {
				fmt.Print("^-- !!WARNING: The previously generated password was found in HIPB database. Do not use it!!\n")
			}
		}
	}
}
v0.1.0: Initial check-in 2021-03-18 23:26:41 +01:00			`package main`

			`import (`
v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00			`"flag"`
v0.1.0: Initial check-in 2021-03-18 23:26:41 +01:00			`"fmt"`
v0.2.6 - converted to go module structure - Better logging - Better error handling - Removed Makefile since github takes care of building/releasing 2021-03-22 17:53:36 +01:00			`"log"`
v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`"os"`
v0.1.0: Initial check-in 2021-03-18 23:26:41 +01:00			`)`

v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`// Constants`
v0.3.1: New password length behaviour To address issue #13, the password length behaviour of the original APG has been reproduced. Previously, when a minLength of 5 and a maxLength of 10 was given, apg-go se the pwLength to the preferred maxLength. With v0.3.1 it will choose a random length between minLength and maxLength instead, same as the original C-lang apg did. For this the minLength has been defaulted to a sane value of 12 (instead of the 8 of the original apg). The default for maxLength stayed at 20. Also the default number of generated passwords has been changed from 1 to 6, to replicate the behaviour of the original apg. 2021-04-17 11:11:54 +02:00			`const DefaultMinLenght int = 12`
			`const DefaultMaxLenght int = 20`
Bumping to v0.3.2 2021-04-29 11:52:35 +02:00			`const VersionString string = "0.3.2"`
v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00
			`type Config struct {`
			`minPassLen int`
			`maxPassLen int`
			`numOfPass int`
			`useComplex bool`
			`useLowerCase bool`
			`useUpperCase bool`
			`useNumber bool`
			`useSpecial bool`
			`humanReadable bool`
Added optional HIBP database check Even though the generated passwords are generated in a secure way, there is a minimal chance, that the same password was used by someone before and this password was part of a leak. If you want to be on the safe side, you can now use the "-p" parameter, to have your newly generated password against the HIBP (https://haveibeenpwned.com) database. This feature is disabled by default, since it requires internet access and also the API call might take ~500ms to 1sec. 2021-04-29 12:22:10 +02:00			`checkHibp bool`
v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`excludeChars string`
			`newStyleModes string`
			`spellPassword bool`
			`ShowHelp bool`
			`showVersion bool`
			`outputMode int`
			`}`

v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00			`// Help text`
v0.3.0: Unified the naming convention 2021-04-01 10:53:51 +02:00			const usage = `apg-go // A "Automated Password Generator"-clone
			`Copyright (c) 2021 Winni Neessen`

			`apg [-m <length>] [-x <length>] [-L] [-U] [-N] [-S] [-H] [-C]`
			`[-l] [-M mode] [-E char_string] [-n num_of_pass] [-v] [-h]`
v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00
			`Options:`
v0.3.1: New password length behaviour To address issue #13, the password length behaviour of the original APG has been reproduced. Previously, when a minLength of 5 and a maxLength of 10 was given, apg-go se the pwLength to the preferred maxLength. With v0.3.1 it will choose a random length between minLength and maxLength instead, same as the original C-lang apg did. For this the minLength has been defaulted to a sane value of 12 (instead of the 8 of the original apg). The default for maxLength stayed at 20. Also the default number of generated passwords has been changed from 1 to 6, to replicate the behaviour of the original apg. 2021-04-17 11:11:54 +02:00			`-m LENGTH Minimum length of the password to be generated (Default: 12)`
v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00			`-x LENGTH Maximum length of the password to be generated (Default: 20)`
v0.3.1: New password length behaviour To address issue #13, the password length behaviour of the original APG has been reproduced. Previously, when a minLength of 5 and a maxLength of 10 was given, apg-go se the pwLength to the preferred maxLength. With v0.3.1 it will choose a random length between minLength and maxLength instead, same as the original C-lang apg did. For this the minLength has been defaulted to a sane value of 12 (instead of the 8 of the original apg). The default for maxLength stayed at 20. Also the default number of generated passwords has been changed from 1 to 6, to replicate the behaviour of the original apg. 2021-04-17 11:11:54 +02:00			`-n NUMBER Amount of password to be generated (Default: 6)`
v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00			`-E CHARS List of characters to be excluded in the generated password`
			`-M [LUNSHClunshc] New style password parameters (upper case: on, lower case: off)`
			`-L Use lower case characters in passwords (Default: on)`
			`-U Use upper case characters in passwords (Default: on)`
			`-N Use numeric characters in passwords (Default: on)`
Fix usage output Special characters in passwords are disabled by default. Fix the usage output to match this. 2021-04-29 09:38:43 +02:00			`-S Use special characters in passwords (Default: off)`
v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00			`-H Avoid ambiguous characters in passwords (i. e.: 1, l, I, O, 0) (Default: off)`
			`-C Enable complex password mode (implies -L -U -N -S and disables -H) (Default: off)`
			`-l Spell generated passwords in phonetic alphabet (Default: off)`
Added optional HIBP database check Even though the generated passwords are generated in a secure way, there is a minimal chance, that the same password was used by someone before and this password was part of a leak. If you want to be on the safe side, you can now use the "-p" parameter, to have your newly generated password against the HIBP (https://haveibeenpwned.com) database. This feature is disabled by default, since it requires internet access and also the API call might take ~500ms to 1sec. 2021-04-29 12:22:10 +02:00			`-p Check the HIBP database if the generated passwords was found in a leak before (Default: off)`
			`'--> this feature requires internet connectivity`
v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00			`-h Show this help text`
			-v Show version string`

v0.2.3: More chars, cleanup and better test coverage - Added more special characters - Fixed issue with ` character - Added lots of tests - Moved character range generation into it's own function - Better error handling - A bit of code cleanup 2021-03-21 13:25:52 +01:00			`// Main function that generated the passwords and returns them`
v0.1.0: Initial check-in 2021-03-18 23:26:41 +01:00			`func main() {`
v0.2.7: Switched global config to it's own package 2021-03-26 14:27:54 +01:00			`// Log config`
			`log.SetFlags(log.Ltime \| log.Ldate \| log.Lshortfile)`

v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`// Read and parse flags`
v0.2.9: Replaced standard go-help with custom usage text 2021-03-28 11:51:26 +02:00			`flag.Usage = func() { _, _ = fmt.Fprintf(os.Stderr, "%s\n", usage) }`
v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`var config = parseFlags()`

			`// Show version and exit`
			`if config.showVersion {`
v0.3.0: Unified the naming convention 2021-04-01 10:53:51 +02:00			_, _ = os.Stderr.WriteString(`apg-go // A "Automated Password Generator"-clone v` + VersionString + "\n")
v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`_, _ = os.Stderr.WriteString("(C) 2021 by Winni Neessen\n")`
			`os.Exit(0)`
			`}`

			`// Set PW length and available characterset`
			`charRange := getCharRange(&config)`
v0.2.3: More chars, cleanup and better test coverage - Added more special characters - Fixed issue with ` character - Added lots of tests - Moved character range generation into it's own function - Better error handling - A bit of code cleanup 2021-03-21 13:25:52 +01:00
v0.2.7: Switched global config to it's own package 2021-03-26 14:27:54 +01:00			`// Generate passwords`
v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`for i := 1; i <= config.numOfPass; i++ {`
v0.3.1: New password length behaviour To address issue #13, the password length behaviour of the original APG has been reproduced. Previously, when a minLength of 5 and a maxLength of 10 was given, apg-go se the pwLength to the preferred maxLength. With v0.3.1 it will choose a random length between minLength and maxLength instead, same as the original C-lang apg did. For this the minLength has been defaulted to a sane value of 12 (instead of the 8 of the original apg). The default for maxLength stayed at 20. Also the default number of generated passwords has been changed from 1 to 6, to replicate the behaviour of the original apg. 2021-04-17 11:11:54 +02:00			`pwLength := getPwLengthFromParams(&config)`
v0.2.3: More chars, cleanup and better test coverage - Added more special characters - Fixed issue with ` character - Added lots of tests - Moved character range generation into it's own function - Better error handling - A bit of code cleanup 2021-03-21 13:25:52 +01:00			`pwString, err := getRandChar(&charRange, pwLength)`
			`if err != nil {`
v0.2.6 - converted to go module structure - Better logging - Better error handling - Removed Makefile since github takes care of building/releasing 2021-03-22 17:53:36 +01:00			`log.Fatalf("getRandChar returned an error: %q\n", err)`
v0.2.3: More chars, cleanup and better test coverage - Added more special characters - Fixed issue with ` character - Added lots of tests - Moved character range generation into it's own function - Better error handling - A bit of code cleanup 2021-03-21 13:25:52 +01:00			`}`
Added spelling of pws. Ready for v0.2.4 2021-03-21 15:28:23 +01:00
v0.2.8: De-cluttered the config flags stuff 2021-03-27 17:03:19 +01:00			`switch config.outputMode {`
Added spelling of pws. Ready for v0.2.4 2021-03-21 15:28:23 +01:00			`case 1:`
			`{`
			`spelledPw, err := spellPasswordString(pwString)`
			`if err != nil {`
v0.2.6 - converted to go module structure - Better logging - Better error handling - Removed Makefile since github takes care of building/releasing 2021-03-22 17:53:36 +01:00			`log.Fatalf("spellPasswordString returned an error: %q\n", err.Error())`
Added spelling of pws. Ready for v0.2.4 2021-03-21 15:28:23 +01:00			`}`
			`fmt.Printf("%v (%v)\n", pwString, spelledPw)`
Break the switch/case 2021-03-21 19:25:54 +01:00			`break`
Added spelling of pws. Ready for v0.2.4 2021-03-21 15:28:23 +01:00			`}`
			`default:`
			`{`
			`fmt.Println(pwString)`
			`break`
			`}`
			`}`
Added optional HIBP database check Even though the generated passwords are generated in a secure way, there is a minimal chance, that the same password was used by someone before and this password was part of a leak. If you want to be on the safe side, you can now use the "-p" parameter, to have your newly generated password against the HIBP (https://haveibeenpwned.com) database. This feature is disabled by default, since it requires internet access and also the API call might take ~500ms to 1sec. 2021-04-29 12:22:10 +02:00
			`if config.checkHibp {`
			`isPwned, err := checkHibp(pwString)`
			`if err != nil {`
			`log.Printf("unable to check HIBP database: %v", err)`
			`}`
			`if isPwned {`
			`fmt.Print("^-- !!WARNING: The previously generated password was found in HIPB database. Do not use it!!\n")`
			`}`
			`}`
v0.2.3: More chars, cleanup and better test coverage - Added more special characters - Fixed issue with ` character - Added lots of tests - Moved character range generation into it's own function - Better error handling - A bit of code cleanup 2021-03-21 13:25:52 +01:00			`}`
			`}`