Adding admin creation, conf and other items

* Config now added, accessible via config.Config
* Admin can now be generated via a randomized URL if there are no admins
in the system
* Added a shared floor to login attempts to block enumeration attacks

models/admin.go

@@ -16,7 +16,7 @@ type Admin struct {
 
 const adminJwtDuration = time.Hour * 2
 
-var AdminHmac = util.GenerateHmac()
+var AdminHmac = util.GenerateHmac(64)
 
 func (a *Admin) GetJwt() (string, int) {
 	j := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{

models/auth.go

@@ -7,15 +7,16 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/pquerna/otp/totp"
+	"github.com/yxzzy-wtf/gin-gonic-prepack/util"
 	"golang.org/x/crypto/bcrypt"
 )
 
 type Auth struct {
 	Base
-	PasswordHash      string
-	TwoFactorSecret   string
-	TwoFactorRecovery string
-	Verified          bool
+	PasswordHash      string `json:"-"`
+	TwoFactorSecret   string `json:"-"`
+	TwoFactorRecovery string `json:"-"`
+	Verified          bool   `json:"-"`
 }
 
 func (a *Auth) SetPassword(pass string) error {
@@ -85,3 +86,7 @@ func (a *Auth) ValidateTwoFactor(tfCode string, stamp time.Time) error {
 		return errors.New("unlock invalid")
 	}
 }
+
+func (a *Auth) GenerateNewTwoFactorSecret() {
+	a.TwoFactorSecret = string(util.GenerateHmac(20))
+}

models/user.go

@@ -17,7 +17,7 @@ type User struct {
 
 const userJwtDuration = time.Hour * 24
 
-var UserHmac = util.GenerateHmac()
+var UserHmac = util.GenerateHmac(64)
 
 func (u *User) GetJwt() (string, int) {
 	j := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{