From 5c06453f53e2a83dbef95c672cad6335784a711a Mon Sep 17 00:00:00 2001
From: Ted Unangst <tedu@tedunangst.com>
Date: Wed, 22 May 2019 15:11:39 -0400
Subject: [PATCH] discouraged adduser command

---
 docs/manual.txt |   4 ++
 honk.go         |  25 +----------
 util.go         | 111 ++++++++++++++++++++++++++++++++----------------
 3 files changed, 81 insertions(+), 59 deletions(-)

diff --git a/docs/manual.txt b/docs/manual.txt
index 9dd5b2b..b62d1e8 100644
--- a/docs/manual.txt
+++ b/docs/manual.txt
@@ -65,6 +65,10 @@ One may occasionally run `honk cleanup` to free up internal space in the
 database. (This does not run vacuum, so the file size will not immediately
 shrink.)
 
+-- add user
+
+Running `honk adduser` can add additional users. This is discouraged.
+
 -- proxy
 
 honk requires a TLS terminating reverse proxy be configured. It communicates
diff --git a/honk.go b/honk.go
index 5dba740..fa14837 100644
--- a/honk.go
+++ b/honk.go
@@ -17,8 +17,6 @@ package main
 
 import (
 	"bytes"
-	"crypto/rand"
-	"crypto/rsa"
 	"database/sql"
 	"fmt"
 	"html"
@@ -1364,27 +1362,6 @@ func prepareStatements(db *sql.DB) {
 func ElaborateUnitTests() {
 }
 
-func finishusersetup() error {
-	db := opendatabase()
-	k, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		return err
-	}
-	pubkey, err := zem(&k.PublicKey)
-	if err != nil {
-		return err
-	}
-	seckey, err := zem(k)
-	if err != nil {
-		return err
-	}
-	_, err = db.Exec("update users set displayname = username, about = ?, pubkey = ?, seckey = ? where userid = 1", "what about me?", pubkey, seckey)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 func main() {
 	cmd := "run"
 	if len(os.Args) > 1 {
@@ -1405,6 +1382,8 @@ func main() {
 	getconfig("servername", &serverName)
 	prepareStatements(db)
 	switch cmd {
+	case "adduser":
+		adduser()
 	case "cleanup":
 		cleanupdb()
 	case "ping":
diff --git a/util.go b/util.go
index 07bb138..83b54ba 100644
--- a/util.go
+++ b/util.go
@@ -35,6 +35,7 @@ import "C"
 import (
 	"bufio"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/sha512"
 	"database/sql"
 	"fmt"
@@ -108,41 +109,13 @@ func initdb() {
 	}
 	defer db.Close()
 	r := bufio.NewReader(os.Stdin)
-	fmt.Printf("username: ")
-	name, err := r.ReadString('\n')
-	if err != nil {
-		log.Print(err)
-		return
-	}
-	name = name[:len(name)-1]
-	if len(name) < 1 {
-		log.Print("that's way too short")
-		return
-	}
-	C.termecho(0)
-	fmt.Printf("password: ")
-	pass, err := r.ReadString('\n')
-	C.termecho(1)
-	fmt.Printf("\n")
-	if err != nil {
-		log.Print(err)
-		return
-	}
-	pass = pass[:len(pass)-1]
-	if len(pass) < 6 {
-		log.Print("that's way too short")
-		return
-	}
-	hash, err := bcrypt.GenerateFromPassword([]byte(pass), 12)
-	if err != nil {
-		log.Print(err)
-		return
-	}
-	_, err = db.Exec("insert into users (username, hash) values (?, ?)", name, hash)
+
+	err = createuser(db, r)
 	if err != nil {
 		log.Print(err)
 		return
 	}
+
 	fmt.Printf("listen address: ")
 	addr, err := r.ReadString('\n')
 	if err != nil {
@@ -188,17 +161,83 @@ func initdb() {
 		log.Print(err)
 		return
 	}
-	err = finishusersetup()
-	if err != nil {
-		log.Print(err)
-		return
-	}
 	prepareStatements(db)
 	db.Close()
 	fmt.Printf("done.\n")
 	os.Exit(0)
 }
 
+func adduser() {
+	db := opendatabase()
+	defer func() {
+		os.Exit(1)
+	}()
+	c := make(chan os.Signal)
+	signal.Notify(c, os.Interrupt)
+	go func() {
+		<-c
+		C.termecho(1)
+		fmt.Printf("\n")
+		os.Exit(1)
+	}()
+
+	r := bufio.NewReader(os.Stdin)
+
+	err := createuser(db, r)
+	if err != nil {
+		log.Print(err)
+		return
+	}
+
+	db.Close()
+	os.Exit(0)
+}
+
+func createuser(db *sql.DB, r *bufio.Reader) error {
+	fmt.Printf("username: ")
+	name, err := r.ReadString('\n')
+	if err != nil {
+		return err
+	}
+	name = name[:len(name)-1]
+	if len(name) < 1 {
+		return fmt.Errorf("that's way too short")
+	}
+	C.termecho(0)
+	fmt.Printf("password: ")
+	pass, err := r.ReadString('\n')
+	C.termecho(1)
+	fmt.Printf("\n")
+	if err != nil {
+		return err
+	}
+	pass = pass[:len(pass)-1]
+	if len(pass) < 6 {
+		return fmt.Errorf("that's way too short")
+	}
+	hash, err := bcrypt.GenerateFromPassword([]byte(pass), 12)
+	if err != nil {
+		return err
+	}
+	k, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return err
+	}
+	pubkey, err := zem(&k.PublicKey)
+	if err != nil {
+		return err
+	}
+	seckey, err := zem(k)
+	if err != nil {
+		return err
+	}
+	_, err = db.Exec("insert into users (username, displayname, about, hash, pubkey, seckey) values (?, ?, ?, ?, ?, ?)", name, name, "what about me?", hash, pubkey, seckey)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func opendatabase() *sql.DB {
 	if alreadyopendb != nil {
 		return alreadyopendb