amigan/blasphem
amigan/blasphem
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Sess validate, needs replaced

Browse source
This commit is contained in:
Daniel Ponte 2022-10-26 19:43:51 -04:00
parent b4b4fa51b2
commit 1c4e5f51a8
4 changed files with 46 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/auth/authenticator.go
View file

@ -64,7 +64,7 @@ func (a *Authenticator) InitAuth(s storage.Store) error {
return nil return nil
} }
type AuthProvider interface { type AuthProvider interface { // TODO: this should include stepping
ProviderName() string ProviderName() string
ProviderID() *string ProviderID() *string
ProviderType() string ProviderType() string

4
pkg/auth/flow.go
View file

@ -239,7 +239,3 @@ func (a *Authenticator) LoginFlowHandler(c echo.Context) error {
return flow.progress(a, c) return flow.progress(a, c)
} }
func (a *Authenticator) TokenHandler(c echo.Context) error {
return c.String(http.StatusOK, "token good I guess")
}

3
pkg/auth/provider.go
View file

@ -3,6 +3,7 @@ package auth
import ( import (
"encoding/base64" "encoding/base64"
"github.com/rs/zerolog/log"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
"dynatron.me/x/blasphem/pkg/storage" "dynatron.me/x/blasphem/pkg/storage"
@ -69,7 +70,7 @@ func (hap *HomeAssistantProvider) ValidateCreds(rm map[string]interface{}) bool
var hash []byte var hash []byte
hash, err := base64.StdEncoding.DecodeString(found.Password) hash, err := base64.StdEncoding.DecodeString(found.Password)
if err != nil { if err != nil {
// XXX: probably log this log.Error().Err(err).Msg("b64 encode fail")
return false return false
} }

43
pkg/auth/session.go
View file

@ -3,6 +3,8 @@ package auth
import ( import (
"net/http" "net/http"
"time" "time"
"github.com/labstack/echo/v4"
) )
type SessionStore struct { type SessionStore struct {
@ -12,10 +14,10 @@ type SessionStore struct {
type TokenID string type TokenID string
type Token struct { type Token struct { // TODO: jwt bro
ID TokenID ID TokenID
Ctime time.Time Ctime time.Time
Expires time.Duration Expires time.Time
Addr string Addr string
} }
@ -28,7 +30,7 @@ const cullInterval = 5 * time.Minute
func (ss *SessionStore) cull() { func (ss *SessionStore) cull() {
if now := time.Now(); now.Sub(ss.lastCull) > cullInterval { if now := time.Now(); now.Sub(ss.lastCull) > cullInterval {
for k, v := range ss.s { for k, v := range ss.s {
if now.After(v.Ctime.Add(v.Expires)) { if now.After(v.Expires) {
delete(ss.s, k) delete(ss.s, k)
} }
} }
@ -40,12 +42,26 @@ func (ss *SessionStore) register(t *Token) {
ss.s[t.ID] = t ss.s[t.ID] = t
} }
func (ss *SessionStore) verify(tr *TokenRequest, r *http.Request) bool {
if t, hasToken := ss.s[tr.Code]; hasToken {
// TODO: JWT
if t.Expires.After(time.Now()) {
return true
}
}
return false
}
const defaultExpiration = 2 * time.Hour
func (a *Authenticator) NewToken(r *http.Request, f *Flow) TokenID { func (a *Authenticator) NewToken(r *http.Request, f *Flow) TokenID {
id := TokenID(genUUID()) id := TokenID(genUUID())
t := &Token{ t := &Token{
ID: id, ID: id,
Ctime: time.Now(), Ctime: time.Now(),
Expires: time.Now().Add(defaultExpiration),
Addr: r.RemoteAddr, Addr: r.RemoteAddr,
} }
@ -53,3 +69,24 @@ func (a *Authenticator) NewToken(r *http.Request, f *Flow) TokenID {
return id return id
} }
type TokenRequest struct {
ClientID string `query:"client_id"` // TODO: validate this?
Code TokenID `query:"code"`
GrantType string `query:"grant_type"`
}
func (a *Authenticator) TokenHandler(c echo.Context) error {
var rq TokenRequest
err := c.Bind(&rq)
if err != nil {
return err
}
if a.Sessions.verify(&rq, c.Request()) {
// TODO: success
return c.String(http.StatusOK, "token good I guess")
}
return c.String(http.StatusUnauthorized, "token bad I guess")
}