WIP auth flow

This commit is contained in:
Daniel 2022-09-30 23:54:21 -04:00
parent ac3328ab00
commit 8cb09bb609
3 changed files with 247 additions and 0 deletions

73
pkg/auth/authenticator.go Normal file
View file

@ -0,0 +1,73 @@
package auth
import (
"io"
"net/http"
"github.com/labstack/echo/v4"
"dynatron.me/x/blasphem/pkg/frontend"
)
type Authenticator struct {
Flows FlowStore
}
func (a *Authenticator) InitAuth() {
a.Flows = make(FlowStore)
}
type AuthProvider interface {
ProviderName() string
ProviderID() *string
ProviderType() string
}
type AuthProviderBase struct {
Name string `json:"name"`
ID *string `json:"id"`
Type string `json:"type"`
}
func (bp *AuthProviderBase) ProviderName() string { return bp.Name }
func (bp *AuthProviderBase) ProviderID() *string { return bp.ID }
func (bp *AuthProviderBase) ProviderType() string { return bp.Type }
type LocalProvider struct {
AuthProviderBase
}
var HomeAssistant = "homeassistant"
func hassProvider() *LocalProvider {
return &LocalProvider{
AuthProviderBase: AuthProviderBase{
Name: "Home Assistant Local",
Type: HomeAssistant,
},
}
}
// TODO: make this configurable
func (s *Authenticator) ProvidersHandler(c echo.Context) error {
providers := []AuthProvider{
hassProvider(),
}
return c.JSON(http.StatusOK, providers)
}
func (s *Authenticator) AuthorizeHandler(c echo.Context) error {
authContents, err := frontend.RootFS.Open("authorize.html")
if err != nil {
return err
}
defer authContents.Close()
b, err := io.ReadAll(authContents)
if err != nil {
return err
}
return c.HTML(http.StatusOK, string(b))
}

171
pkg/auth/flow.go Normal file
View file

@ -0,0 +1,171 @@
package auth
import (
"crypto/rand"
"encoding/hex"
"net/http"
"strings"
"time"
"github.com/labstack/echo/v4"
)
type FlowStore map[FlowID]*Flow
type FlowRequest struct {
ClientID string `json:"client_id"`
Handler []*string `json:"handler"`
RedirectURI string `json:"redirect_uri"`
}
type FlowSchemaItem struct {
Type string `json:"type"`
Name string `json:"name"`
Required bool `json:"required"`
}
type FlowType string
const (
TypeForm FlowType = "form"
)
type FlowID string
type Step string
const (
StepInit Step = "init"
)
type Flow struct {
Type FlowType `json:"type"`
ID FlowID `json:"flow_id"`
Handler []*string `json:"handler"`
StepID Step `json:"step_id"`
Schema []FlowSchemaItem `json:"data_schema"`
Errors []string `json:"errors"`
DescPlace *string `json:"description_placeholders"`
LastStep *string `json:"last_step"`
request *FlowRequest
age time.Time
}
func (f *Flow) touch() {
f.age = time.Now()
}
func genFlowID() FlowID {
b := make([]byte, 16)
if _, err := rand.Read(b); err != nil {
panic(err)
}
return FlowID(hex.EncodeToString(b))
}
func (fs FlowStore) register(f *Flow) {
fs.cull()
fs[f.ID] = f
}
const cullAge = time.Minute * 30
func (fs FlowStore) cull() {
for k, v := range fs {
if time.Now().Sub(v.age) > cullAge {
delete(fs, k)
}
}
}
func (fs FlowStore) Get(id FlowID) *Flow {
f, ok := fs[id]
if ok {
return f
}
return nil
}
func (a *Authenticator) NewFlow(r *FlowRequest) *Flow {
flow := &Flow{
Type: TypeForm,
ID: genFlowID(),
StepID: StepInit,
Schema: []FlowSchemaItem{
{
Type: "string",
Name: "username",
Required: true,
},
{
Type: "string",
Name: "password",
Required: true,
},
},
Handler: r.Handler,
Errors: []string{},
request: r,
}
flow.touch()
a.Flows.register(flow)
return flow
}
func (f *Flow) progress(c echo.Context) error {
switch f.StepID {
case StepInit:
var rm map[string]interface{}
err := c.Bind(&rm)
if err != nil {
return c.String(http.StatusBadRequest, err.Error())
}
for _, si := range f.Schema {
if si.Required {
if _, ok := rm[si.Name]; !ok {
return c.String(http.StatusBadRequest, "missing required param "+si.Name)
}
}
}
// TODO: lookup creds, pass, redirect to url
default:
return c.String(http.StatusBadRequest, "unknown flow step")
}
return nil
}
func (a *Authenticator) LoginFlowHandler(c echo.Context) error {
if c.Request().Method == http.MethodPost && strings.HasPrefix(c.Request().Header.Get(echo.HeaderContentType), "text/plain") {
// hack around the content-type, Context.JSON refuses to work otherwise
c.Request().Header.Set(echo.HeaderContentType, "application/json")
}
flowID := c.Param("flow_id")
switch flowID {
case "": // new
var flowReq FlowRequest
err := c.Bind(&flowReq)
if err != nil {
return c.String(http.StatusBadRequest, err.Error())
}
resp := a.NewFlow(&flowReq)
return c.JSON(http.StatusOK, resp)
default:
flow := a.Flows.Get(FlowID(flowID))
if flow == nil {
return c.String(http.StatusNotFound, "no such flow")
}
return flow.progress(c)
}
}

View file

@ -50,6 +50,8 @@ func New(cfg *config.Config) (s *Server, err error) {
Echo: echo.New(),
cfg: cfg,
}
s.InitAuth()
s.Echo.Debug = true
s.Echo.HideBanner = true
@ -58,6 +60,7 @@ func New(cfg *config.Config) (s *Server, err error) {
s.GET("/auth/authorize", s.AuthorizeHandler)
s.GET("/auth/providers", s.ProvidersHandler)
s.POST("/auth/login_flow", s.LoginFlowHandler)
s.POST("/auth/login_flow/:flow_id", s.LoginFlowHandler)
return s, nil
}