Compare commits
No commits in common. "initwip" and "oauth" have entirely different histories.
32 changed files with 465 additions and 2005 deletions
7
Makefile
7
Makefile
|
@ -1,14 +1,11 @@
|
|||
FE=pkg/frontend/frontend
|
||||
VER=$(shell git describe --always --tags)
|
||||
|
||||
LDFLAGS=-ldflags='-X dynatron.me/x/blasphem/internal/common.Version=${VER}'
|
||||
|
||||
all: build
|
||||
build:
|
||||
go build ${LDFLAGS} -o blas ./cmd/blas/
|
||||
go build -o blas ./cmd/blas/
|
||||
|
||||
serve:
|
||||
go run ${LDFLAGS} ./cmd/blas/ serve ${BLAS_ARGS}
|
||||
go run ./cmd/blas/ serve ${BLAS_ARGS}
|
||||
|
||||
# pkg/frontend/frontend/hass_frontend:
|
||||
frontend:
|
||||
|
|
|
@ -7,7 +7,6 @@ import (
|
|||
"github.com/rs/zerolog/log"
|
||||
|
||||
"dynatron.me/x/blasphem/internal/common"
|
||||
"dynatron.me/x/blasphem/pkg/blas"
|
||||
"dynatron.me/x/blasphem/pkg/cmd/serve"
|
||||
"dynatron.me/x/blasphem/pkg/config"
|
||||
|
||||
|
@ -26,12 +25,7 @@ func main() {
|
|||
log.Fatal().Err(err).Msg("Config read failed")
|
||||
}
|
||||
|
||||
bl, err := blas.New(config)
|
||||
if err != nil {
|
||||
log.Fatal().Err(err).Msg("Core create failed")
|
||||
}
|
||||
|
||||
rootCmd.AddCommand(serve.Command(bl))
|
||||
rootCmd.AddCommand(serve.Command(config))
|
||||
|
||||
err = rootCmd.Execute()
|
||||
if err != nil {
|
||||
|
|
1
go.mod
1
go.mod
|
@ -21,7 +21,6 @@ require (
|
|||
github.com/labstack/gommon v0.3.1 // indirect
|
||||
github.com/mattn/go-colorable v0.1.12 // indirect
|
||||
github.com/mattn/go-isatty v0.0.14 // indirect
|
||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/valyala/bytebufferpool v1.0.0 // indirect
|
||||
github.com/valyala/fasttemplate v1.2.1 // indirect
|
||||
|
|
2
go.sum
2
go.sum
|
@ -36,8 +36,6 @@ github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2y
|
|||
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
|
||||
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
|
||||
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
|
||||
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
|
||||
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
|
|
|
@ -1,16 +1,10 @@
|
|||
// common contains common functionality for blasphem.
|
||||
package common
|
||||
|
||||
import (
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
// this symbol overriden by linker args
|
||||
var Version = "undefined"
|
||||
|
||||
const (
|
||||
// AppName is the name of the application.
|
||||
AppName = "blasphem"
|
||||
)
|
||||
|
||||
|
@ -19,14 +13,6 @@ type cmdOptions interface {
|
|||
Execute() error
|
||||
}
|
||||
|
||||
func AppNamePtr() *string {
|
||||
s := AppName
|
||||
return &s
|
||||
}
|
||||
|
||||
func IntPtr(i int) *int { return &i }
|
||||
|
||||
// RunE is a convenience function for use with cobra.
|
||||
func RunE(c cmdOptions) func(cmd *cobra.Command, args []string) error {
|
||||
return func(cmd *cobra.Command, args []string) error {
|
||||
err := c.Options(cmd, args)
|
||||
|
@ -43,9 +29,3 @@ func RunE(c cmdOptions) func(cmd *cobra.Command, args []string) error {
|
|||
return err
|
||||
}
|
||||
}
|
||||
|
||||
func NoCache(c echo.Context) echo.Context {
|
||||
c.Response().Header().Set("Cache-Control", "no-store")
|
||||
c.Response().Header().Set("Pragma", "no-cache")
|
||||
return c
|
||||
}
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
package common
|
||||
|
||||
// Convenience types
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
type (
|
||||
// PyTimeStamp is a timestamp that marshals to python-style timestamp strings (long nano).
|
||||
PyTimestamp time.Time
|
||||
ClientID string
|
||||
)
|
||||
|
||||
const PytTimeFormat = "2006-01-02T15:04:05.999999-07:00"
|
||||
|
||||
func (t *PyTimestamp) MarshalJSON() ([]byte, error) {
|
||||
rv := fmt.Sprintf("%q", time.Time(*t).Format(PytTimeFormat))
|
||||
return []byte(rv), nil
|
||||
}
|
||||
|
||||
func (t *PyTimestamp) UnmarshalJSON(b []byte) error {
|
||||
s := strings.Trim(string(b), `"`)
|
||||
tm, err := time.Parse(PytTimeFormat, s)
|
||||
*t = PyTimestamp(tm)
|
||||
|
||||
return err
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
package generate
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
func UUID() string {
|
||||
// must be addressable
|
||||
u := uuid.New()
|
||||
|
||||
return hex.EncodeToString(u[:])
|
||||
}
|
||||
|
||||
func Hex(l int) string {
|
||||
b := make([]byte, l)
|
||||
if _, err := rand.Read(b); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return hex.EncodeToString(b)
|
||||
}
|
|
@ -1,14 +1,17 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"net/http"
|
||||
"sync"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/auth/provider"
|
||||
"dynatron.me/x/blasphem/pkg/frontend"
|
||||
"dynatron.me/x/blasphem/pkg/storage"
|
||||
|
||||
// providers
|
||||
|
@ -17,33 +20,25 @@ import (
|
|||
)
|
||||
|
||||
var (
|
||||
ErrDisabled = errors.New("user disabled")
|
||||
ErrInvalidAuth = errors.New("invalid auth")
|
||||
ErrInvalidHandler = errors.New("no such handler")
|
||||
ErrInvalidIP = errors.New("invalid IP")
|
||||
ErrUserAuthRemote = errors.New("user cannot authenticate remotely")
|
||||
)
|
||||
|
||||
type authenticator struct {
|
||||
sync.Mutex
|
||||
type Authenticator struct {
|
||||
store AuthStore
|
||||
flows *AuthFlowManager
|
||||
authCodes authCodeStore
|
||||
flows FlowStore
|
||||
sessions SessionStore
|
||||
providers map[string]provider.AuthProvider
|
||||
}
|
||||
|
||||
type Authenticator interface {
|
||||
ValidateAccessToken(token AccessToken) *RefreshToken
|
||||
InstallRoutes(e *echo.Echo)
|
||||
}
|
||||
|
||||
type AuthError struct {
|
||||
Error string `json:"error"`
|
||||
Description string `json:"error_description"`
|
||||
}
|
||||
|
||||
func (a *authenticator) InstallRoutes(e *echo.Echo) {
|
||||
func (a *Authenticator) InstallRoutes(e *echo.Echo) {
|
||||
authG := e.Group("/auth")
|
||||
authG.GET("/authorize", frontend.AliasHandler("authorize.html"))
|
||||
authG.GET("/providers", a.ProvidersHandler)
|
||||
authG.POST("/token", a.TokenHandler)
|
||||
|
||||
|
@ -54,34 +49,31 @@ func (a *authenticator) InstallRoutes(e *echo.Echo) {
|
|||
loginFlow.DELETE("/:flow_id", a.LoginFlowDeleteHandler)
|
||||
}
|
||||
|
||||
func New(s storage.Store) (Authenticator, error) {
|
||||
a := &authenticator{
|
||||
providers: make(map[string]provider.AuthProvider),
|
||||
}
|
||||
|
||||
func (a *Authenticator) InitAuth(s storage.Store) error {
|
||||
a.providers = make(map[string]provider.AuthProvider)
|
||||
for _, pI := range provider.Providers {
|
||||
nProv, err := pI(s)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
a.providers[nProv.ProviderType()] = nProv
|
||||
}
|
||||
|
||||
a.flows = NewAuthFlowManager()
|
||||
a.flows = make(FlowStore)
|
||||
|
||||
a.authCodes.init()
|
||||
a.sessions.init()
|
||||
|
||||
var err error
|
||||
a.store, err = a.newAuthStore(s)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
return a, nil
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *authenticator) Provider(name string) provider.AuthProvider {
|
||||
func (a *Authenticator) Provider(name string) provider.AuthProvider {
|
||||
p, ok := a.providers[name]
|
||||
if !ok {
|
||||
return nil
|
||||
|
@ -93,7 +85,7 @@ func (a *authenticator) Provider(name string) provider.AuthProvider {
|
|||
var HomeAssistant = "homeassistant"
|
||||
|
||||
// TODO: make this configurable
|
||||
func (a *authenticator) ProvidersHandler(c echo.Context) error {
|
||||
func (a *Authenticator) ProvidersHandler(c echo.Context) error {
|
||||
providers := []provider.AuthProviderBase{
|
||||
a.Provider(HomeAssistant).ProviderBase(),
|
||||
}
|
||||
|
@ -101,24 +93,46 @@ func (a *authenticator) ProvidersHandler(c echo.Context) error {
|
|||
return c.JSON(http.StatusOK, providers)
|
||||
}
|
||||
|
||||
func (a *authenticator) Check(f *LoginFlow, req *http.Request, rm map[string]interface{}) (user provider.ProviderUser, clientID string, err error) {
|
||||
func (a *Authenticator) Check(f *Flow, rm map[string]interface{}) (provider.ProviderUser, error) {
|
||||
cID, hasCID := rm["client_id"]
|
||||
clientID, cidIsStr := cID.(string)
|
||||
if !hasCID || !cidIsStr || clientID == "" || clientID != string(f.ClientID) {
|
||||
return nil, clientID, ErrInvalidAuth
|
||||
cIDStr, cidIsStr := cID.(string)
|
||||
if !hasCID || !cidIsStr || cIDStr == "" || cIDStr != string(f.request.ClientID) {
|
||||
return nil, ErrInvalidAuth
|
||||
}
|
||||
|
||||
p := a.Provider(f.Handler.String())
|
||||
if p == nil {
|
||||
return nil, clientID, ErrInvalidAuth
|
||||
for _, h := range f.Handler {
|
||||
if h == nil {
|
||||
return nil, ErrInvalidHandler
|
||||
}
|
||||
|
||||
p := a.Provider(*h)
|
||||
if p == nil {
|
||||
return nil, ErrInvalidAuth
|
||||
}
|
||||
|
||||
user, success := p.ValidateCreds(rm)
|
||||
|
||||
if success {
|
||||
log.Info().Interface("user", user.ProviderUserData()).Msg("Login success")
|
||||
return user, nil
|
||||
}
|
||||
}
|
||||
|
||||
user, success := p.ValidateCreds(req, rm)
|
||||
|
||||
if success {
|
||||
log.Info().Interface("user", user.UserData()).Msg("Login success")
|
||||
return user, clientID, nil
|
||||
}
|
||||
|
||||
return nil, clientID, ErrInvalidAuth
|
||||
return nil, ErrInvalidAuth
|
||||
}
|
||||
|
||||
func genUUID() string {
|
||||
// must be addressable
|
||||
u := uuid.New()
|
||||
|
||||
return hex.EncodeToString(u[:])
|
||||
}
|
||||
|
||||
func genHex(l int) string {
|
||||
b := make([]byte, l)
|
||||
if _, err := rand.Read(b); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return hex.EncodeToString(b)
|
||||
}
|
||||
|
|
207
pkg/auth/flow.go
207
pkg/auth/flow.go
|
@ -1,100 +1,133 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/jinzhu/copier"
|
||||
"github.com/labstack/echo/v4"
|
||||
|
||||
"dynatron.me/x/blasphem/internal/common"
|
||||
"dynatron.me/x/blasphem/pkg/auth/provider"
|
||||
"dynatron.me/x/blasphem/pkg/flow"
|
||||
)
|
||||
|
||||
type AuthFlowManager struct {
|
||||
*flow.FlowManager
|
||||
type FlowStore map[FlowID]*Flow
|
||||
|
||||
type FlowRequest struct {
|
||||
ClientID ClientID `json:"client_id"`
|
||||
Handler []*string `json:"handler"`
|
||||
RedirectURI string `json:"redirect_uri"`
|
||||
}
|
||||
|
||||
type LoginFlow struct {
|
||||
flow.FlowHandler
|
||||
type FlowType string
|
||||
|
||||
prov provider.AuthProvider
|
||||
ClientID common.ClientID
|
||||
FlowContext
|
||||
const (
|
||||
TypeForm FlowType = "form"
|
||||
TypeCreateEntry FlowType = "create_entry"
|
||||
)
|
||||
|
||||
type FlowID string
|
||||
type Step string
|
||||
|
||||
const (
|
||||
StepInit Step = "init"
|
||||
)
|
||||
|
||||
type Flow struct {
|
||||
Type FlowType `json:"type"`
|
||||
ID FlowID `json:"flow_id"`
|
||||
Handler []*string `json:"handler"`
|
||||
StepID *Step `json:"step_id,omitempty"`
|
||||
Schema []provider.FlowSchemaItem `json:"data_schema"`
|
||||
Errors interface{} `json:"errors"`
|
||||
DescPlace *string `json:"description_placeholders"`
|
||||
LastStep *string `json:"last_step"`
|
||||
|
||||
request *FlowRequest
|
||||
ctime time.Time
|
||||
}
|
||||
|
||||
type FlowContext struct {
|
||||
IPAddr string
|
||||
CredentialOnly bool
|
||||
RedirectURI string
|
||||
func (f *Flow) touch() {
|
||||
f.ctime = time.Now()
|
||||
}
|
||||
|
||||
type LoginFlowRequest struct {
|
||||
ClientID common.ClientID `json:"client_id"`
|
||||
Handler []*string `json:"handler"`
|
||||
RedirectURI string `json:"redirect_uri"`
|
||||
Type *string `json:"type"`
|
||||
|
||||
ip string `json:"-"`
|
||||
func (fs FlowStore) register(f *Flow) {
|
||||
fs.cull()
|
||||
fs[f.ID] = f
|
||||
}
|
||||
|
||||
func (r *LoginFlowRequest) FlowContext() FlowContext {
|
||||
return FlowContext{
|
||||
IPAddr: r.ip,
|
||||
RedirectURI: r.RedirectURI,
|
||||
CredentialOnly: r.Type != nil && *r.Type == "link_user",
|
||||
func (fs FlowStore) Remove(f *Flow) {
|
||||
delete(fs, f.ID)
|
||||
}
|
||||
|
||||
const cullAge = time.Minute * 30
|
||||
|
||||
func (fs FlowStore) cull() {
|
||||
for k, v := range fs {
|
||||
if time.Now().Sub(v.ctime) > cullAge {
|
||||
delete(fs, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func NewAuthFlowManager() *AuthFlowManager {
|
||||
return &AuthFlowManager{FlowManager: flow.NewFlowManager()}
|
||||
}
|
||||
|
||||
func (afm *AuthFlowManager) NewLoginFlow(req *LoginFlowRequest, prov provider.AuthProvider) *LoginFlow {
|
||||
lf := &LoginFlow{
|
||||
FlowHandler: flow.NewFlowHandlerBase(prov.ProviderType()),
|
||||
ClientID: req.ClientID,
|
||||
FlowContext: req.FlowContext(),
|
||||
prov: prov,
|
||||
func (fs FlowStore) Get(id FlowID) *Flow {
|
||||
f, ok := fs[id]
|
||||
if ok {
|
||||
return f
|
||||
}
|
||||
|
||||
afm.Register(lf)
|
||||
|
||||
return lf
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *authenticator) NewFlow(r *LoginFlowRequest) *flow.Result {
|
||||
var prov provider.AuthProvider
|
||||
func (a *Authenticator) NewFlow(r *FlowRequest) *Flow {
|
||||
var sch []provider.FlowSchemaItem
|
||||
|
||||
for _, h := range r.Handler {
|
||||
if h == nil {
|
||||
break
|
||||
}
|
||||
|
||||
prov = a.Provider(*h)
|
||||
if prov != nil {
|
||||
if hand := a.Provider(*h); hand != nil {
|
||||
sch = hand.FlowSchema()
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if prov == nil {
|
||||
if sch == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
lf := a.flows.NewLoginFlow(r, prov)
|
||||
flow := &Flow{
|
||||
Type: TypeForm,
|
||||
ID: FlowID(genUUID()),
|
||||
StepID: stepPtr(StepInit),
|
||||
Schema: sch,
|
||||
Handler: r.Handler,
|
||||
Errors: []string{},
|
||||
request: r,
|
||||
}
|
||||
flow.touch()
|
||||
|
||||
return lf.ShowForm(lf.WithSchema(prov), lf.WithStep(flow.StepInit))
|
||||
a.flows.register(flow)
|
||||
|
||||
return flow
|
||||
}
|
||||
|
||||
func (f *LoginFlow) redirect(c echo.Context) {
|
||||
c.Request().Header.Set("Location", f.RedirectURI)
|
||||
func stepPtr(s Step) *Step { return &s }
|
||||
|
||||
func (f *Flow) redirect(c echo.Context) {
|
||||
c.Request().Header.Set("Location", f.request.RedirectURI)
|
||||
}
|
||||
|
||||
func (f *LoginFlow) progress(a *authenticator, c echo.Context) error {
|
||||
switch f.Step() {
|
||||
case flow.StepInit:
|
||||
func (f *Flow) progress(a *Authenticator, c echo.Context) error {
|
||||
if f.StepID == nil {
|
||||
c.Logger().Error("stepID is nil")
|
||||
return c.String(http.StatusInternalServerError, "No Step ID")
|
||||
}
|
||||
|
||||
switch *f.StepID {
|
||||
case StepInit:
|
||||
rm := make(map[string]interface{})
|
||||
|
||||
err := c.Bind(&rm)
|
||||
|
@ -102,26 +135,31 @@ func (f *LoginFlow) progress(a *authenticator, c echo.Context) error {
|
|||
return c.String(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
|
||||
err = f.prov.FlowSchema().CheckRequired(rm)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusBadRequest, f.ShowForm(f.WithErrors([]string{err.Error()})))
|
||||
for _, si := range f.Schema {
|
||||
if si.Required {
|
||||
if _, ok := rm[si.Name]; !ok {
|
||||
return c.String(http.StatusBadRequest, "missing required param "+si.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
user, clientID, err := a.Check(f, c.Request(), rm)
|
||||
user, err := a.Check(f, rm)
|
||||
switch err {
|
||||
case nil:
|
||||
creds := a.store.GetCredential(user)
|
||||
if creds == nil {
|
||||
return fmt.Errorf("flow progress: no such credential for %v", user.UserData())
|
||||
var finishedFlow struct {
|
||||
ID FlowID `json:"flow_id"`
|
||||
Handler []*string `json:"handler"`
|
||||
Result TokenID `json:"result"`
|
||||
Title string `json:"title"`
|
||||
Type FlowType `json:"type"`
|
||||
Version int `json:"version"`
|
||||
}
|
||||
|
||||
finishedFlow := flow.Result{}
|
||||
a.flows.Remove(f)
|
||||
copier.Copy(&finishedFlow, f)
|
||||
finishedFlow.Type = flow.TypeCreateEntry
|
||||
finishedFlow.Title = common.AppNamePtr()
|
||||
finishedFlow.Version = common.IntPtr(1)
|
||||
finishedFlow.Result = a.NewAuthCode(ClientID(clientID), creds)
|
||||
finishedFlow.Type = TypeCreateEntry
|
||||
finishedFlow.Title = common.AppName
|
||||
finishedFlow.Version = 1
|
||||
finishedFlow.Result = a.NewToken(c.Request(), user, f)
|
||||
|
||||
f.redirect(c)
|
||||
|
||||
|
@ -131,29 +169,24 @@ func (f *LoginFlow) progress(a *authenticator, c echo.Context) error {
|
|||
case ErrInvalidAuth:
|
||||
fallthrough
|
||||
default:
|
||||
return c.JSON(http.StatusOK, f.ShowForm(f.WithErrors(map[string]interface{}{
|
||||
f.Errors = map[string]interface{}{
|
||||
"base": "invalid_auth",
|
||||
})))
|
||||
}
|
||||
return c.JSON(http.StatusOK, f)
|
||||
}
|
||||
default:
|
||||
return c.JSON(http.StatusOK, f.ShowForm(f.WithErrors(map[string]interface{}{
|
||||
"base": "unknown_flow_step",
|
||||
})))
|
||||
|
||||
return c.String(http.StatusBadRequest, "unknown flow step")
|
||||
}
|
||||
}
|
||||
|
||||
func (a *authenticator) LoginFlowDeleteHandler(c echo.Context) error {
|
||||
a.Lock()
|
||||
defer a.Unlock()
|
||||
|
||||
flowID := flow.FlowID(c.Param("flow_id"))
|
||||
func (a *Authenticator) LoginFlowDeleteHandler(c echo.Context) error {
|
||||
flowID := c.Param("flow_id")
|
||||
|
||||
if flowID == "" {
|
||||
return c.String(http.StatusBadRequest, "empty flow ID")
|
||||
}
|
||||
|
||||
a.flows.Delete(flowID)
|
||||
delete(a.flows, FlowID(flowID))
|
||||
|
||||
return c.String(http.StatusOK, "deleted")
|
||||
}
|
||||
|
@ -165,20 +198,15 @@ func setJSON(c echo.Context) {
|
|||
}
|
||||
}
|
||||
|
||||
func (a *authenticator) BeginLoginFlowHandler(c echo.Context) error {
|
||||
a.Lock()
|
||||
defer a.Unlock()
|
||||
|
||||
func (a *Authenticator) BeginLoginFlowHandler(c echo.Context) error {
|
||||
setJSON(c)
|
||||
|
||||
var flowReq LoginFlowRequest
|
||||
var flowReq FlowRequest
|
||||
err := c.Bind(&flowReq)
|
||||
if err != nil {
|
||||
return c.String(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
|
||||
flowReq.ip = c.Request().RemoteAddr
|
||||
|
||||
resp := a.NewFlow(&flowReq)
|
||||
|
||||
if resp == nil {
|
||||
|
@ -188,18 +216,21 @@ func (a *authenticator) BeginLoginFlowHandler(c echo.Context) error {
|
|||
return c.JSON(http.StatusOK, resp)
|
||||
}
|
||||
|
||||
func (a *authenticator) LoginFlowHandler(c echo.Context) error {
|
||||
a.Lock()
|
||||
defer a.Unlock()
|
||||
|
||||
func (a *Authenticator) LoginFlowHandler(c echo.Context) error {
|
||||
setJSON(c)
|
||||
|
||||
flowID := c.Param("flow_id")
|
||||
|
||||
flow := a.flows.Get(flow.FlowID(flowID))
|
||||
flow := a.flows.Get(FlowID(flowID))
|
||||
if flow == nil {
|
||||
return c.String(http.StatusNotFound, "no such flow")
|
||||
}
|
||||
|
||||
return flow.(*LoginFlow).progress(a, c)
|
||||
if time.Now().Sub(flow.ctime) > cullAge {
|
||||
a.flows.Remove(flow)
|
||||
|
||||
return c.String(http.StatusGone, "flow timed out")
|
||||
}
|
||||
|
||||
return flow.progress(a, c)
|
||||
}
|
||||
|
|
|
@ -1,15 +1,12 @@
|
|||
package hass
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"encoding/base64"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/auth/provider"
|
||||
"dynatron.me/x/blasphem/pkg/flow"
|
||||
"dynatron.me/x/blasphem/pkg/storage"
|
||||
)
|
||||
|
||||
|
@ -24,29 +21,14 @@ type HAUser struct {
|
|||
provider.AuthProvider `json:"-"`
|
||||
}
|
||||
|
||||
func (hau *HAUser) UserData() provider.ProviderUser {
|
||||
return &UserData{ // strip secret
|
||||
Username: hau.Username,
|
||||
AuthProvider: hau.AuthProvider,
|
||||
func (hau *HAUser) UserData() interface{} {
|
||||
return UserData{
|
||||
Username: hau.Username,
|
||||
}
|
||||
}
|
||||
|
||||
func (hau *HAUser) Provider() provider.AuthProvider {
|
||||
return hau.AuthProvider
|
||||
}
|
||||
|
||||
func (hau *UserData) Provider() provider.AuthProvider {
|
||||
return hau.AuthProvider
|
||||
}
|
||||
|
||||
type UserData struct {
|
||||
Username string `json:"username"`
|
||||
|
||||
provider.AuthProvider `json:"-"`
|
||||
}
|
||||
|
||||
func (ud *UserData) UserData() provider.ProviderUser {
|
||||
return ud
|
||||
}
|
||||
|
||||
const HomeAssistant = "homeassistant"
|
||||
|
@ -55,8 +37,7 @@ func (h *HAUser) ProviderUserData() interface{} { return h.UserData() }
|
|||
|
||||
type HomeAssistantProvider struct {
|
||||
provider.AuthProviderBase `json:"-"`
|
||||
Users []HAUser `json:"users"`
|
||||
userMap map[string]*HAUser
|
||||
Users []HAUser `json:"users"`
|
||||
}
|
||||
|
||||
func NewHAProvider(s storage.Store) (provider.AuthProvider, error) {
|
||||
|
@ -72,52 +53,18 @@ func NewHAProvider(s storage.Store) (provider.AuthProvider, error) {
|
|||
return hap, err
|
||||
}
|
||||
|
||||
hap.userMap = make(map[string]*HAUser)
|
||||
|
||||
for i, u := range hap.Users {
|
||||
for i := range hap.Users {
|
||||
hap.Users[i].AuthProvider = hap
|
||||
hap.userMap[u.Username] = &hap.Users[i]
|
||||
}
|
||||
|
||||
return hap, nil
|
||||
}
|
||||
|
||||
func (hap *HomeAssistantProvider) Lookup(pu provider.ProviderUser) provider.ProviderUser {
|
||||
u, has := hap.userMap[pu.(*HAUser).Username]
|
||||
if !has {
|
||||
return nil
|
||||
}
|
||||
|
||||
return u
|
||||
}
|
||||
|
||||
func (hap *HomeAssistantProvider) hashPass(p string) ([]byte, error) {
|
||||
return bcrypt.GenerateFromPassword([]byte(p), bcrypt.DefaultCost)
|
||||
}
|
||||
|
||||
func (hap *HomeAssistantProvider) EqualCreds(c1, c2 provider.ProviderUser) bool {
|
||||
switch c1c := c1.(type) {
|
||||
case *HAUser:
|
||||
switch c2c := c2.(type) {
|
||||
case *HAUser:
|
||||
return c2c.Username == c1c.Username
|
||||
case *UserData:
|
||||
return c2c.Username == c1c.Username
|
||||
}
|
||||
case *UserData:
|
||||
switch c2c := c2.(type) {
|
||||
case *HAUser:
|
||||
return c2c.Username == c1c.Username
|
||||
case *UserData:
|
||||
return c2c.Username == c1c.Username
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) {
|
||||
func (hap *HomeAssistantProvider) ValidateCreds(rm map[string]interface{}) (provider.ProviderUser, bool) {
|
||||
usernameE, hasU := rm["username"]
|
||||
passwordE, hasP := rm["password"]
|
||||
username, unStr := usernameE.(string)
|
||||
|
@ -150,7 +97,6 @@ func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]i
|
|||
|
||||
err = bcrypt.CompareHashAndPassword(hash, []byte(password))
|
||||
if err == nil {
|
||||
found.AuthProvider = hap
|
||||
return found, true
|
||||
}
|
||||
|
||||
|
@ -158,13 +104,25 @@ func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]i
|
|||
}
|
||||
|
||||
func (hap *HomeAssistantProvider) NewCredData() interface{} {
|
||||
return &HAUser{}
|
||||
return &UserData{}
|
||||
}
|
||||
|
||||
func (hap *HomeAssistantProvider) FlowSchema() flow.Schema {
|
||||
return flow.NewSchema(flow.RequiredString("username"), flow.RequiredString("password"))
|
||||
func (hap *HomeAssistantProvider) FlowSchema() []provider.FlowSchemaItem {
|
||||
return []provider.FlowSchemaItem{
|
||||
{
|
||||
Type: "string",
|
||||
Name: "username",
|
||||
Required: true,
|
||||
},
|
||||
{
|
||||
Type: "string",
|
||||
Name: "password",
|
||||
Required: true,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
provider.Register(HomeAssistant, NewHAProvider)
|
||||
}
|
||||
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
package provider
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/flow"
|
||||
"dynatron.me/x/blasphem/pkg/storage"
|
||||
)
|
||||
|
||||
|
@ -14,11 +11,9 @@ var Providers = make(map[string]Constructor)
|
|||
type AuthProvider interface { // TODO: this should include stepping
|
||||
AuthProviderMetadata
|
||||
ProviderBase() AuthProviderBase
|
||||
FlowSchema() flow.Schema
|
||||
FlowSchema() []FlowSchemaItem
|
||||
NewCredData() interface{}
|
||||
ValidateCreds(r *http.Request, reqMap map[string]interface{}) (user ProviderUser, success bool)
|
||||
EqualCreds(c1, c2 ProviderUser) bool
|
||||
Lookup(ProviderUser) ProviderUser
|
||||
ValidateCreds(reqMap map[string]interface{}) (user ProviderUser, success bool)
|
||||
}
|
||||
|
||||
func Register(providerName string, f func(storage.Store) (AuthProvider, error)) {
|
||||
|
@ -26,9 +21,8 @@ func Register(providerName string, f func(storage.Store) (AuthProvider, error))
|
|||
}
|
||||
|
||||
type ProviderUser interface {
|
||||
// TODO: make sure this is sane with all the ProviderUser and UserData type stuff
|
||||
UserData() ProviderUser
|
||||
Provider() AuthProvider
|
||||
AuthProviderMetadata
|
||||
ProviderUserData() interface{}
|
||||
}
|
||||
|
||||
type AuthProviderBase struct {
|
||||
|
@ -47,3 +41,11 @@ func (bp *AuthProviderBase) ProviderName() string { return bp.Name }
|
|||
func (bp *AuthProviderBase) ProviderID() *string { return bp.ID }
|
||||
func (bp *AuthProviderBase) ProviderType() string { return bp.Type }
|
||||
func (bp *AuthProviderBase) ProviderBase() AuthProviderBase { return *bp }
|
||||
|
||||
type FlowSchemaItem struct {
|
||||
Type string `json:"type"`
|
||||
Name string `json:"name"`
|
||||
Required bool `json:"required"`
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -3,10 +3,7 @@ package trustednets
|
|||
// TODO: This doesn't work at all
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/auth/provider"
|
||||
"dynatron.me/x/blasphem/pkg/flow"
|
||||
"dynatron.me/x/blasphem/pkg/storage"
|
||||
)
|
||||
|
||||
|
@ -16,42 +13,24 @@ type User struct {
|
|||
provider.AuthProvider `json:"-"`
|
||||
}
|
||||
|
||||
func (hau *User) UserData() provider.ProviderUser {
|
||||
return &UserData{
|
||||
UserID: hau.UserID,
|
||||
AuthProvider: hau.AuthProvider,
|
||||
func (hau *User) UserData() interface{} {
|
||||
return UserData{
|
||||
UserID: hau.UserID,
|
||||
}
|
||||
}
|
||||
|
||||
func (hau *UserData) Provider() provider.AuthProvider {
|
||||
return hau.AuthProvider
|
||||
}
|
||||
|
||||
func (hau *User) Provider() provider.AuthProvider {
|
||||
return hau.AuthProvider
|
||||
}
|
||||
|
||||
type UserData struct {
|
||||
UserID string `json:"user_id"`
|
||||
|
||||
provider.AuthProvider `json:"-"`
|
||||
}
|
||||
|
||||
func (ud *UserData) UserData() provider.ProviderUser {
|
||||
return ud
|
||||
}
|
||||
|
||||
const TrustedNetworks = "trusted_networks"
|
||||
|
||||
func (h *User) ProviderUserData() interface{} { return h.UserData() }
|
||||
|
||||
type TrustedNetworksProvider struct {
|
||||
provider.AuthProviderBase `json:"-"`
|
||||
}
|
||||
|
||||
func (hap *TrustedNetworksProvider) EqualCreds(c1, c2 provider.ProviderUser) bool {
|
||||
panic("not implemented")
|
||||
return false
|
||||
}
|
||||
|
||||
func New(s storage.Store) (provider.AuthProvider, error) {
|
||||
hap := &TrustedNetworksProvider{
|
||||
AuthProviderBase: provider.AuthProviderBase{
|
||||
|
@ -63,14 +42,8 @@ func New(s storage.Store) (provider.AuthProvider, error) {
|
|||
return hap, nil
|
||||
}
|
||||
|
||||
func (tnp *TrustedNetworksProvider) Lookup(pu provider.ProviderUser) provider.ProviderUser {
|
||||
return pu
|
||||
}
|
||||
|
||||
func (hap *TrustedNetworksProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) {
|
||||
/*
|
||||
if req.RemoteAddr in allowed then do the thing
|
||||
*/
|
||||
// TODO: To implement this, ValidateCreds needs to be changed to accept an http.Request, or the echo context.
|
||||
func (hap *TrustedNetworksProvider) ValidateCreds(rm map[string]interface{}) (provider.ProviderUser, bool) {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
|
@ -78,10 +51,22 @@ func (hap *TrustedNetworksProvider) NewCredData() interface{} {
|
|||
return &UserData{}
|
||||
}
|
||||
|
||||
func (hap *TrustedNetworksProvider) FlowSchema() flow.Schema {
|
||||
return nil
|
||||
func (hap *TrustedNetworksProvider) FlowSchema() []provider.FlowSchemaItem {
|
||||
return []provider.FlowSchemaItem{
|
||||
{
|
||||
Type: "string",
|
||||
Name: "username",
|
||||
Required: true,
|
||||
},
|
||||
{
|
||||
Type: "string",
|
||||
Name: "password",
|
||||
Required: true,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
provider.Register(TrustedNetworks, New)
|
||||
}
|
||||
|
||||
|
|
|
@ -2,348 +2,143 @@ package auth
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
||||
"dynatron.me/x/blasphem/internal/common"
|
||||
"dynatron.me/x/blasphem/internal/generate"
|
||||
"dynatron.me/x/blasphem/pkg/auth/provider"
|
||||
)
|
||||
|
||||
type authCodeStore struct {
|
||||
s map[authCodeTuple]flowResult
|
||||
type SessionStore struct {
|
||||
s map[TokenID]*Token
|
||||
lastCull time.Time
|
||||
}
|
||||
|
||||
type authCodeTuple struct {
|
||||
ClientID ClientID
|
||||
Code AuthCode
|
||||
}
|
||||
type TokenID string
|
||||
|
||||
func (t *authCodeTuple) IsValid() bool {
|
||||
func (t *TokenID) IsValid() bool {
|
||||
// TODO: more validation than this
|
||||
return t.Code != ""
|
||||
return *t != ""
|
||||
}
|
||||
|
||||
type flowResult struct {
|
||||
Time time.Time
|
||||
Cred *Credentials
|
||||
type Token struct { // TODO: jwt bro
|
||||
ID TokenID
|
||||
Ctime time.Time
|
||||
Expires time.Time
|
||||
Addr string
|
||||
|
||||
user provider.ProviderUser `json:"-"`
|
||||
}
|
||||
|
||||
// OAuth 4.2.1 spec recommends 10 minutes
|
||||
const authCodeExpire = 10 * time.Minute
|
||||
|
||||
func (f *flowResult) IsValid(now time.Time) bool {
|
||||
if now.After(f.Time.Add(authCodeExpire)) {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func (ss *authCodeStore) init() {
|
||||
ss.s = make(map[authCodeTuple]flowResult)
|
||||
func (ss *SessionStore) init() {
|
||||
ss.s = make(map[TokenID]*Token)
|
||||
}
|
||||
|
||||
const cullInterval = 5 * time.Minute
|
||||
|
||||
func (ss *authCodeStore) cull() {
|
||||
func (ss *SessionStore) cull() {
|
||||
if now := time.Now(); now.Sub(ss.lastCull) > cullInterval {
|
||||
for k, v := range ss.s {
|
||||
if !v.IsValid(now) {
|
||||
if now.After(v.Expires) {
|
||||
delete(ss.s, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (ss *authCodeStore) put(clientID ClientID, cred *Credentials) string {
|
||||
func (ss *SessionStore) register(t *Token) {
|
||||
ss.cull()
|
||||
code := generate.UUID()
|
||||
ss.s[authCodeTuple{clientID, AuthCode(code)}] = flowResult{Time: time.Now(), Cred: cred}
|
||||
|
||||
return code
|
||||
ss.s[t.ID] = t
|
||||
}
|
||||
|
||||
func (ss *authCodeStore) get(tr *TokenRequest) (*Credentials, bool) {
|
||||
key := authCodeTuple{tr.ClientID, tr.Code}
|
||||
if t, hasCode := ss.s[key]; hasCode {
|
||||
defer delete(ss.s, key)
|
||||
if t.IsValid(time.Now()) {
|
||||
return t.Cred, true
|
||||
func (ss *SessionStore) verify(tr *TokenRequest, r *http.Request) (provider.ProviderUser, bool) {
|
||||
if t, hasToken := ss.s[tr.Code]; hasToken {
|
||||
// TODO: JWT
|
||||
if t.Expires.After(time.Now()) {
|
||||
return t.user, true
|
||||
} else {
|
||||
delete(ss.s, t.ID)
|
||||
}
|
||||
}
|
||||
|
||||
return nil, false
|
||||
}
|
||||
|
||||
type Credentials struct {
|
||||
ID CredID `json:"id"`
|
||||
UserID UserID `json:"user_id"`
|
||||
AuthProviderType string `json:"auth_provider_type"`
|
||||
AuthProviderID *string `json:"auth_provider_id"`
|
||||
DataRaw *json.RawMessage `json:"data,omitempty"`
|
||||
|
||||
User provider.ProviderUser `json:"-"`
|
||||
type Credential struct {
|
||||
ID CredID `json:"id"`
|
||||
UserID UserID `json:"user_id"`
|
||||
AuthProviderType string `json:"auth_provider_type"`
|
||||
AuthProviderID *string `json:"auth_provider_id"`
|
||||
DataRaw json.RawMessage `json:"data,omitempty"`
|
||||
user provider.ProviderUser
|
||||
}
|
||||
|
||||
func (cred *Credentials) MarshalJSON() ([]byte, error) {
|
||||
type CredAlias Credentials // alias so ø method set and we don't recurse
|
||||
nCd := (*CredAlias)(cred)
|
||||
|
||||
if cred.User != nil {
|
||||
providerData := cred.User.UserData()
|
||||
if providerData != nil {
|
||||
b, err := json.Marshal(providerData)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
dr := json.RawMessage(b)
|
||||
nCd.DataRaw = &dr
|
||||
}
|
||||
func (cred *Credential) MarshalJSON() ([]byte, error) {
|
||||
rm := map[string]interface{}{
|
||||
"id": cred.ID,
|
||||
"user_id": cred.UserID,
|
||||
"auth_provider_type": cred.user.ProviderType(),
|
||||
"auth_provider_id": cred.user.ProviderID(),
|
||||
}
|
||||
|
||||
return json.Marshal(nCd)
|
||||
providerData := cred.user.ProviderUserData()
|
||||
if providerData != nil {
|
||||
rm["data"] = providerData
|
||||
}
|
||||
|
||||
return json.Marshal(rm)
|
||||
}
|
||||
|
||||
type (
|
||||
TokenType string
|
||||
RefreshTokenID string
|
||||
RefreshTokenToken string
|
||||
)
|
||||
|
||||
func (rti RefreshTokenID) String() string { return string(rti) }
|
||||
|
||||
func (rti RefreshTokenToken) IsValid() bool { return rti != "" }
|
||||
|
||||
const (
|
||||
TokenTypeSystem TokenType = "system"
|
||||
TokenTypeNormal TokenType = "normal"
|
||||
TokenTypeLongLived TokenType = "long_lived_access_token"
|
||||
TokenTypeNone TokenType = ""
|
||||
)
|
||||
|
||||
func (tt TokenType) IsValid() bool {
|
||||
switch tt {
|
||||
case TokenTypeSystem, TokenTypeNormal, TokenTypeLongLived:
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
type RefreshToken struct {
|
||||
ID RefreshTokenID `json:"id"`
|
||||
UserID UserID `json:"user_id"`
|
||||
ClientID *ClientID `json:"client_id"`
|
||||
ClientName *string `json:"client_name"`
|
||||
ClientIcon *string `json:"client_icon"`
|
||||
TokenType TokenType `json:"token_type"`
|
||||
CreatedAt *common.PyTimestamp `json:"created_at"`
|
||||
AccessTokenExpiration json.Number `json:"access_token_expiration"`
|
||||
Token RefreshTokenToken `json:"token"`
|
||||
JWTKey string `json:"jwt_key"`
|
||||
LastUsedAt *common.PyTimestamp `json:"last_used_at"`
|
||||
LastUsedIP *string `json:"last_used_ip"`
|
||||
CredentialID *CredID `json:"credential_id"`
|
||||
Version *string `json:"version"`
|
||||
|
||||
User *User `json:"-"`
|
||||
}
|
||||
|
||||
func (rt *RefreshToken) IsValid() bool {
|
||||
return rt.JWTKey != ""
|
||||
}
|
||||
|
||||
func (rt *RefreshToken) AccessExpiration() (exp int64) {
|
||||
exp, err := rt.AccessTokenExpiration.Int64()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
type RefreshOption func(*RefreshToken)
|
||||
|
||||
func WithClientID(cid ClientID) RefreshOption {
|
||||
return func(rt *RefreshToken) {
|
||||
rt.ClientID = &cid
|
||||
}
|
||||
}
|
||||
|
||||
func WithClientName(n string) RefreshOption {
|
||||
return func(rt *RefreshToken) {
|
||||
rt.ClientName = &n
|
||||
}
|
||||
}
|
||||
|
||||
func WithClientIcon(n string) RefreshOption {
|
||||
return func(rt *RefreshToken) {
|
||||
rt.ClientIcon = &n
|
||||
}
|
||||
}
|
||||
|
||||
func WithTokenType(t TokenType) RefreshOption {
|
||||
return func(rt *RefreshToken) {
|
||||
rt.TokenType = t
|
||||
}
|
||||
}
|
||||
|
||||
func WithCredential(c *Credentials) RefreshOption {
|
||||
return func(rt *RefreshToken) {
|
||||
rt.CredentialID = &c.ID
|
||||
}
|
||||
}
|
||||
|
||||
const DefaultAccessExpiration = "1800" // json 🤮
|
||||
|
||||
func (a *authenticator) NewRefreshToken(user *User, opts ...RefreshOption) (*RefreshToken, error) {
|
||||
e := func(es string, arg ...interface{}) (*RefreshToken, error) {
|
||||
return nil, fmt.Errorf(es, arg...)
|
||||
}
|
||||
|
||||
now := common.PyTimestamp(time.Now())
|
||||
|
||||
r := &RefreshToken{
|
||||
ID: RefreshTokenID(generate.UUID()),
|
||||
UserID: user.ID,
|
||||
Token: RefreshTokenToken(generate.Hex(64)),
|
||||
JWTKey: generate.Hex(64),
|
||||
CreatedAt: &now,
|
||||
AccessTokenExpiration: DefaultAccessExpiration,
|
||||
User: user,
|
||||
}
|
||||
|
||||
for _, opt := range opts {
|
||||
opt(r)
|
||||
}
|
||||
|
||||
if r.TokenType == TokenTypeNone {
|
||||
if user.SystemGenerated {
|
||||
r.TokenType = TokenTypeSystem
|
||||
} else {
|
||||
r.TokenType = TokenTypeNormal
|
||||
}
|
||||
}
|
||||
|
||||
switch {
|
||||
case !r.TokenType.IsValid():
|
||||
return e("invalid token type")
|
||||
case !user.Active:
|
||||
return e("user is not active")
|
||||
case user.SystemGenerated && r.ClientID != nil:
|
||||
return e("system generated users cannot have refresh tokens connected to a client")
|
||||
case !r.TokenType.IsValid():
|
||||
return e("invalid token type '%v'", r.TokenType)
|
||||
case user.SystemGenerated != (r.TokenType == TokenTypeSystem):
|
||||
return e("system generated user can only have system type refresh tokens")
|
||||
case r.TokenType == TokenTypeNormal && r.ClientID == nil:
|
||||
return e("client is required to generate a refresh token")
|
||||
case r.TokenType == TokenTypeLongLived && r.ClientName == nil:
|
||||
return e("client name is required for long-lived token")
|
||||
}
|
||||
|
||||
if r.TokenType == TokenTypeLongLived {
|
||||
for _, lv := range user.RefreshTokens {
|
||||
if strPtrEq(lv.ClientName, r.ClientName) && lv.TokenType == TokenTypeLongLived {
|
||||
return e("client name '%v' already exists", *r.ClientName)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return a.store.PutRefreshToken(r)
|
||||
}
|
||||
|
||||
func (r *RefreshToken) AccessToken(req *http.Request) (string, error) {
|
||||
now := time.Now()
|
||||
|
||||
pytnow := common.PyTimestamp(now)
|
||||
r.LastUsedAt = &pytnow
|
||||
r.LastUsedIP = &req.RemoteAddr
|
||||
|
||||
return jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
|
||||
Issuer: r.ID.String(),
|
||||
IssuedAt: now.Unix(),
|
||||
ExpiresAt: now.Add(time.Duration(r.AccessExpiration()) * time.Second).Unix(),
|
||||
}).SignedString([]byte(r.JWTKey))
|
||||
}
|
||||
|
||||
func (a *authenticator) ValidateAccessToken(token AccessToken) *RefreshToken {
|
||||
var unverifiedIssRT *RefreshToken
|
||||
claims := &jwt.StandardClaims{}
|
||||
_, err := jwt.ParseWithClaims(string(token), claims, func(jt *jwt.Token) (interface{}, error) {
|
||||
iss := jt.Claims.(*jwt.StandardClaims).Issuer
|
||||
unverifiedIssRT = a.store.GetRefreshToken(RefreshTokenID(iss))
|
||||
if unverifiedIssRT == nil {
|
||||
return nil, fmt.Errorf("bad token")
|
||||
}
|
||||
|
||||
return []byte(unverifiedIssRT.JWTKey), nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("validateAccessToken")
|
||||
return nil
|
||||
}
|
||||
|
||||
return unverifiedIssRT
|
||||
}
|
||||
|
||||
func (a *authenticator) verifyAndGetCredential(tr *TokenRequest) *Credentials {
|
||||
cred, success := a.authCodes.get(tr)
|
||||
func (ss *SessionStore) verifyAndGetCredential(tr *TokenRequest, r *http.Request) *Credential {
|
||||
user, success := ss.verify(tr, r)
|
||||
if !success {
|
||||
return nil
|
||||
}
|
||||
|
||||
return cred
|
||||
return &Credential{user: user}
|
||||
}
|
||||
|
||||
const defaultExpiration = 15 * time.Minute
|
||||
const defaultExpiration = 2 * time.Hour
|
||||
|
||||
func (a *authenticator) NewAuthCode(clientID ClientID, cred *Credentials) string {
|
||||
return a.authCodes.put(clientID, cred)
|
||||
func (a *Authenticator) NewToken(r *http.Request, user provider.ProviderUser, f *Flow) TokenID {
|
||||
id := TokenID(genUUID())
|
||||
|
||||
t := &Token{
|
||||
ID: id,
|
||||
Ctime: time.Now(),
|
||||
Expires: time.Now().Add(defaultExpiration),
|
||||
Addr: r.RemoteAddr,
|
||||
|
||||
user: user,
|
||||
}
|
||||
|
||||
a.sessions.register(t)
|
||||
|
||||
return id
|
||||
}
|
||||
|
||||
type GrantType string
|
||||
|
||||
const (
|
||||
GrantAuthCode GrantType = "authorization_code"
|
||||
GrantRefreshToken GrantType = "refresh_token"
|
||||
GTAuthorizationCode GrantType = "authorization_code"
|
||||
GTRefreshToken GrantType = "refresh_token"
|
||||
)
|
||||
|
||||
type ClientID common.ClientID
|
||||
type ClientID string
|
||||
|
||||
func (c *ClientID) IsValid() bool {
|
||||
// TODO: || !indieauth.VerifyClientID(rq.ClientID)?
|
||||
return *c != ""
|
||||
}
|
||||
|
||||
type AuthCode string
|
||||
|
||||
func (ac *AuthCode) IsValid() bool {
|
||||
return *ac != ""
|
||||
}
|
||||
|
||||
type TokenRequest struct {
|
||||
ClientID ClientID `form:"client_id"`
|
||||
Code AuthCode `form:"code"`
|
||||
GrantType GrantType `form:"grant_type"`
|
||||
RefreshToken RefreshTokenToken `form:"refresh_token"`
|
||||
ClientID ClientID `form:"client_id"`
|
||||
Code TokenID `form:"code"`
|
||||
GrantType GrantType `form:"grant_type"`
|
||||
}
|
||||
|
||||
const AuthFailed = "authentication failure"
|
||||
|
||||
func (a *authenticator) TokenHandler(c echo.Context) error {
|
||||
a.Lock()
|
||||
defer a.Unlock()
|
||||
|
||||
func (a *Authenticator) TokenHandler(c echo.Context) error {
|
||||
rq := new(TokenRequest)
|
||||
err := c.Bind(rq)
|
||||
if err != nil {
|
||||
|
@ -351,7 +146,7 @@ func (a *authenticator) TokenHandler(c echo.Context) error {
|
|||
}
|
||||
|
||||
switch rq.GrantType {
|
||||
case GrantAuthCode:
|
||||
case GTAuthorizationCode:
|
||||
if !rq.ClientID.IsValid() {
|
||||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid client ID"})
|
||||
}
|
||||
|
@ -360,88 +155,21 @@ func (a *authenticator) TokenHandler(c echo.Context) error {
|
|||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid code"})
|
||||
}
|
||||
|
||||
cred := a.verifyAndGetCredential(rq)
|
||||
if cred == nil {
|
||||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid code"})
|
||||
if cred := a.sessions.verifyAndGetCredential(rq, c.Request()); cred != nil {
|
||||
// TODO: success
|
||||
user, err := a.getOrCreateUser(cred)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: "bad user"})
|
||||
}
|
||||
|
||||
if err := user.allowedToAuth(); err != nil {
|
||||
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: err.Error()})
|
||||
}
|
||||
return c.String(http.StatusOK, "token good I guess")
|
||||
}
|
||||
|
||||
user, err := a.getOrCreateUser(cred)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("getOrCreateUser")
|
||||
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
|
||||
}
|
||||
|
||||
if err := user.allowedToAuth(c.Request()); err != nil {
|
||||
log.Error().Err(err).Msg("allowedToAuth")
|
||||
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
|
||||
}
|
||||
|
||||
rt, err := a.NewRefreshToken(user, WithClientID(rq.ClientID), WithCredential(cred))
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("NewRefreshToken")
|
||||
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
|
||||
}
|
||||
|
||||
at, err := rt.AccessToken(c.Request())
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("AccessToken")
|
||||
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
|
||||
}
|
||||
|
||||
return common.NoCache(c).JSON(http.StatusOK, &struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
TokenType string `json:"token_type"`
|
||||
RefreshToken RefreshTokenToken `json:"refresh_token"`
|
||||
ExpiresIn int64 `json:"expires_in"`
|
||||
HAAuthProvider string `json:"ha_auth_provider"`
|
||||
}{
|
||||
AccessToken: at,
|
||||
TokenType: "Bearer",
|
||||
RefreshToken: rt.Token,
|
||||
ExpiresIn: rt.AccessExpiration(),
|
||||
HAAuthProvider: cred.AuthProviderType,
|
||||
})
|
||||
case GrantRefreshToken:
|
||||
log.Debug().Interface("request", c.Request()).Interface("tokenRequest", rq).Msg("grant_type=refresh_token")
|
||||
|
||||
if !rq.ClientID.IsValid() {
|
||||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid client ID"})
|
||||
}
|
||||
|
||||
if !rq.RefreshToken.IsValid() {
|
||||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request"})
|
||||
}
|
||||
|
||||
rt := a.store.GetRefreshTokenByToken(rq.RefreshToken)
|
||||
if rt == nil {
|
||||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_grant"})
|
||||
}
|
||||
|
||||
if rt.ClientID == nil || *rt.ClientID != rq.ClientID {
|
||||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request"})
|
||||
}
|
||||
|
||||
if err := rt.User.allowedToAuth(c.Request()); err != nil {
|
||||
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: err.Error()})
|
||||
}
|
||||
|
||||
at, err := rt.AccessToken(c.Request())
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: err.Error()})
|
||||
}
|
||||
|
||||
return common.NoCache(c).JSON(http.StatusOK, &struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
TokenType string `json:"token_type"`
|
||||
ExpiresIn int64 `json:"expires_in"`
|
||||
}{
|
||||
AccessToken: at,
|
||||
TokenType: "Bearer",
|
||||
ExpiresIn: rt.AccessExpiration(),
|
||||
})
|
||||
case GTRefreshToken:
|
||||
return c.String(http.StatusNotImplemented, "not implemented")
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request"})
|
||||
return c.String(http.StatusUnauthorized, "token bad I guess")
|
||||
}
|
||||
|
||||
type AccessToken string
|
||||
|
|
|
@ -1,144 +1,36 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"encoding/json"
|
||||
|
||||
"dynatron.me/x/blasphem/internal/generate"
|
||||
"dynatron.me/x/blasphem/pkg/auth/provider"
|
||||
"dynatron.me/x/blasphem/pkg/storage"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
const (
|
||||
AuthStoreKey = "auth"
|
||||
)
|
||||
|
||||
|
||||
type AuthStore interface {
|
||||
User(UserID) *User
|
||||
GetCredential(provider.ProviderUser) *Credentials
|
||||
PutRefreshToken(*RefreshToken) (*RefreshToken, error)
|
||||
GetRefreshTokenByToken(token RefreshTokenToken) *RefreshToken
|
||||
GetRefreshToken(RefreshTokenID) *RefreshToken
|
||||
}
|
||||
|
||||
type authStore struct {
|
||||
storage.Item `json:"-"`
|
||||
Users []User `json:"users"`
|
||||
Groups interface {} `json:"groups"`
|
||||
Credentials []Credential `json:"credentials"`
|
||||
|
||||
Users []*User `json:"users"`
|
||||
Groups []*Group `json:"groups"`
|
||||
Credentials []*Credentials `json:"credentials"`
|
||||
Refresh []*RefreshToken `json:"refresh_tokens"`
|
||||
|
||||
userMap map[UserID]*User
|
||||
providerUsers map[provider.ProviderUser]*Credentials
|
||||
store storage.Store
|
||||
userMap map[UserID]*User
|
||||
}
|
||||
|
||||
func (as *authStore) sync() {
|
||||
err := as.store.Flush(as.ItemKey())
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("sync authStore")
|
||||
}
|
||||
}
|
||||
|
||||
func strPtrEq(n1, n2 *string) bool {
|
||||
return (n1 == n2 || (n1 != nil && n2 != nil && *n1 == *n2))
|
||||
}
|
||||
|
||||
func (as *authStore) GetCredential(p provider.ProviderUser) *Credentials {
|
||||
var found *Credentials
|
||||
for _, cr := range as.Credentials {
|
||||
if p != nil && (p == cr.User ||
|
||||
(p.Provider() != nil &&
|
||||
strPtrEq(cr.AuthProviderID, p.Provider().ProviderID()) &&
|
||||
cr.AuthProviderType == p.Provider().ProviderType() &&
|
||||
p.Provider().EqualCreds(cr.User.UserData(), p.UserData()))) {
|
||||
found = cr
|
||||
}
|
||||
}
|
||||
|
||||
return found
|
||||
}
|
||||
|
||||
func (as *authStore) PutRefreshToken(rt *RefreshToken) (*RefreshToken, error) {
|
||||
e := func(es string, a ...interface{}) (*RefreshToken, error) {
|
||||
return nil, fmt.Errorf(es, a...)
|
||||
}
|
||||
|
||||
u, hasUser := as.userMap[rt.UserID]
|
||||
if !hasUser {
|
||||
return e("no such user %v", rt.UserID)
|
||||
}
|
||||
|
||||
as.Refresh = append(as.Refresh, rt)
|
||||
u.RefreshTokens = append(u.RefreshTokens, rt)
|
||||
|
||||
as.sync()
|
||||
return rt, nil
|
||||
}
|
||||
|
||||
func (as *authStore) GetRefreshTokenByToken(token RefreshTokenToken) *RefreshToken {
|
||||
var found *RefreshToken
|
||||
|
||||
for _, u := range as.Users {
|
||||
for _, rt := range u.RefreshTokens {
|
||||
if subtle.ConstantTimeCompare([]byte(token), []byte(rt.Token)) == 1 {
|
||||
found = rt
|
||||
found.User = u
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return found
|
||||
}
|
||||
|
||||
func (as *authStore) GetRefreshToken(tid RefreshTokenID) *RefreshToken {
|
||||
var found *RefreshToken
|
||||
|
||||
for _, u := range as.Users {
|
||||
for _, rt := range u.RefreshTokens {
|
||||
if subtle.ConstantTimeCompare([]byte(tid), []byte(rt.ID.String())) == 1 {
|
||||
found = rt
|
||||
found.User = u
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return found
|
||||
}
|
||||
|
||||
func (as *authStore) newCredential(p provider.ProviderUser) *Credentials {
|
||||
// XXX: probably broken
|
||||
prov := p.Provider()
|
||||
id := generate.UUID()
|
||||
c := &Credentials{
|
||||
ID: CredID(id),
|
||||
AuthProviderType: prov.ProviderBase().Type,
|
||||
AuthProviderID: prov.ProviderBase().ID,
|
||||
}
|
||||
|
||||
return c
|
||||
}
|
||||
|
||||
func (a *authenticator) newAuthStore(s storage.Store) (as *authStore, err error) {
|
||||
as = &authStore{
|
||||
store: s,
|
||||
}
|
||||
|
||||
as.Item, err = s.GetItem(AuthStoreKey, as)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
func (a *Authenticator) newAuthStore(s storage.Store) (as *authStore, err error) {
|
||||
as = &authStore{}
|
||||
err = s.Get(AuthStoreKey, as)
|
||||
|
||||
as.userMap = make(map[UserID]*User)
|
||||
as.providerUsers = make(map[provider.ProviderUser]*Credentials)
|
||||
|
||||
for _, u := range as.Users {
|
||||
as.userMap[u.ID] = u
|
||||
as.userMap[u.ID] = &u
|
||||
}
|
||||
|
||||
for _, c := range as.Credentials {
|
||||
|
@ -147,56 +39,13 @@ func (a *authenticator) newAuthStore(s storage.Store) (as *authStore, err error)
|
|||
return nil, fmt.Errorf("no such provider %s", c.AuthProviderType)
|
||||
}
|
||||
|
||||
if c.DataRaw != nil {
|
||||
pd := prov.NewCredData()
|
||||
pd := prov.NewCredData()
|
||||
|
||||
err := json.Unmarshal(*c.DataRaw, pd)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
c.User = prov.Lookup(pd.(provider.ProviderUser))
|
||||
if c.User == nil {
|
||||
return nil, fmt.Errorf("cannot find user in provider %s", prov.ProviderName())
|
||||
}
|
||||
as.providerUsers[c.User] = c
|
||||
}
|
||||
|
||||
u, hasUser := as.userMap[c.UserID]
|
||||
if !hasUser {
|
||||
log.Error().Str("userid", string(c.UserID)).Msg("creds no such userid in map")
|
||||
continue
|
||||
}
|
||||
|
||||
u.Creds = append(u.Creds, c)
|
||||
}
|
||||
|
||||
// remove invalid RefreshTokens
|
||||
i := 0
|
||||
for _, rt := range as.Refresh {
|
||||
if rt.IsValid() {
|
||||
u, hasUser := as.userMap[rt.UserID]
|
||||
if !hasUser {
|
||||
log.Error().Str("userid", string(rt.UserID)).Msg("refreshtokens no such userid in map")
|
||||
continue
|
||||
}
|
||||
|
||||
as.Refresh[i] = rt
|
||||
i++
|
||||
u.RefreshTokens = append(u.RefreshTokens, rt)
|
||||
err := json.Unmarshal(c.DataRaw, pd)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// don't leak memory
|
||||
for j := i; j < len(as.Refresh); j++ {
|
||||
as.Refresh[j] = nil
|
||||
}
|
||||
|
||||
as.Refresh = as.Refresh[:i]
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func (s *authStore) User(uid UserID) *User {
|
||||
return s.userMap[uid]
|
||||
}
|
||||
|
|
|
@ -1,63 +1,42 @@
|
|||
package auth
|
||||
|
||||
import (
|
||||
"net"
|
||||
"net/http"
|
||||
"errors"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
type UserID string
|
||||
type GroupID string
|
||||
type CredID string
|
||||
|
||||
type Group struct {
|
||||
ID GroupID `json:"id"`
|
||||
Name string `json:"name"`
|
||||
}
|
||||
|
||||
type User struct {
|
||||
ID UserID `json:"id"`
|
||||
GroupIDs []GroupID `json:"group_ids"`
|
||||
Data interface{} `json:"data,omitempty"`
|
||||
ID UserID `json:"id"`
|
||||
GroupIDs []GroupID `json:"group_ids"`
|
||||
Data interface{} `json:"data,omitempty"`
|
||||
UserMetadata
|
||||
|
||||
Creds []*Credentials `json:"-"`
|
||||
RefreshTokens []*RefreshToken `json:"-"`
|
||||
}
|
||||
|
||||
type UserMetadata struct {
|
||||
Owner bool `json:"is_owner"`
|
||||
Active bool `json:"is_active"`
|
||||
Name string `json:"name"`
|
||||
SystemGenerated bool `json:"system_generated"`
|
||||
LocalOnly bool `json:"local_only"`
|
||||
Active bool `json:"is_active"`
|
||||
Owner bool `json:"is_owner"`
|
||||
LocalOnly bool `json:"local_only"`
|
||||
SystemGenerated bool `json:"system_generated"`
|
||||
Name string `json:"name"`
|
||||
}
|
||||
|
||||
func (u *User) allowedToAuth(r *http.Request) error {
|
||||
func (u *User) allowedToAuth() error {
|
||||
if !u.Active {
|
||||
return ErrDisabled
|
||||
return errors.New("user disabled")
|
||||
}
|
||||
|
||||
if !u.LocalOnly {
|
||||
return nil
|
||||
}
|
||||
|
||||
ip := net.ParseIP(r.RemoteAddr)
|
||||
if ip == nil {
|
||||
return ErrInvalidIP
|
||||
}
|
||||
|
||||
if ip.IsLoopback() || ip.IsPrivate() || ip.IsLinkLocalUnicast() {
|
||||
return nil
|
||||
}
|
||||
|
||||
return ErrUserAuthRemote
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *authenticator) getOrCreateUser(c *Credentials) (*User, error) {
|
||||
u := a.store.User(c.UserID)
|
||||
if u == nil {
|
||||
return nil, ErrInvalidAuth
|
||||
}
|
||||
|
||||
return u, nil
|
||||
func (a *Authenticator) getOrCreateUser(c *Credential) (*User, error) {
|
||||
log.Debug().Interface("userdata", c.user.ProviderUserData()).Msg("getOrCreateUser")
|
||||
panic("not implemented")
|
||||
return &User{}, nil
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -7,36 +7,19 @@ import (
|
|||
"strings"
|
||||
|
||||
"dynatron.me/x/blasphem/internal/common"
|
||||
"dynatron.me/x/blasphem/pkg/auth"
|
||||
"dynatron.me/x/blasphem/pkg/blas/core"
|
||||
"dynatron.me/x/blasphem/pkg/bus"
|
||||
"dynatron.me/x/blasphem/pkg/components"
|
||||
"dynatron.me/x/blasphem/pkg/config"
|
||||
"dynatron.me/x/blasphem/pkg/storage"
|
||||
"dynatron.me/x/blasphem/pkg/wsapi"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
type Blas struct {
|
||||
bus.Bus
|
||||
*bus.Bus
|
||||
storage.Store
|
||||
auth.Authenticator
|
||||
Config *config.Config
|
||||
core.WebSocketManager
|
||||
|
||||
components components.ComponentStore
|
||||
}
|
||||
|
||||
func (b *Blas) Version() string {
|
||||
return common.Version
|
||||
}
|
||||
|
||||
func (b *Blas) Conf() *config.Config { return b.Config }
|
||||
|
||||
func (b *Blas) ShutdownBlas(ctx context.Context) error {
|
||||
b.Bus.ShutdownBus()
|
||||
b.Store.ShutdownStore()
|
||||
func (b *Blas) Shutdown(ctx context.Context) error {
|
||||
b.Bus.Shutdown()
|
||||
return ctx.Err()
|
||||
}
|
||||
|
||||
|
@ -61,48 +44,17 @@ func (b *Blas) ConfigDir() (cd string) {
|
|||
}
|
||||
|
||||
func (b *Blas) openStore() error {
|
||||
// TODO: based on config, open filestore or db store
|
||||
stor, err := storage.OpenFileStore(b.ConfigDir())
|
||||
stor, err := storage.Open(os.DirFS(b.ConfigDir()))
|
||||
b.Store = stor
|
||||
return err
|
||||
}
|
||||
|
||||
func (b *Blas) Component(k components.ComponentKey) components.Component {
|
||||
c, ok := b.components[k]
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
return c
|
||||
}
|
||||
|
||||
func (b *Blas) Components() components.ComponentStore { return b.components }
|
||||
|
||||
func New(cfg *config.Config) (b *Blas, err error) {
|
||||
b = &Blas{
|
||||
Bus: bus.New(),
|
||||
Config: cfg,
|
||||
components: make(components.ComponentStore),
|
||||
WebSocketManager: wsapi.NewManager(),
|
||||
}
|
||||
|
||||
err = b.openStore()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
b.Authenticator, err = auth.New(b.Store)
|
||||
|
||||
for k, v := range Registry {
|
||||
log.Info().Msgf("Setting up component %s", k)
|
||||
c, err := v(b)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msgf("Error setting up component %s", k)
|
||||
continue
|
||||
}
|
||||
|
||||
b.components[k] = c
|
||||
func New(cfg *config.Config) (*Blas, error) {
|
||||
b := &Blas{
|
||||
Bus: bus.New(),
|
||||
Config: cfg,
|
||||
}
|
||||
|
||||
err := b.openStore()
|
||||
return b, err
|
||||
}
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
package blas
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/blas/core"
|
||||
"dynatron.me/x/blasphem/pkg/components"
|
||||
)
|
||||
|
||||
type Setup func(core.Blas) (components.Component, error)
|
||||
|
||||
var Registry = make(map[components.ComponentKey]Setup)
|
||||
|
||||
func Register(key components.ComponentKey, c Setup) {
|
||||
_, already := Registry[key]
|
||||
if already {
|
||||
panic(fmt.Sprintf("component %s already exists", key))
|
||||
}
|
||||
|
||||
Registry[key] = c
|
||||
}
|
|
@ -1,51 +0,0 @@
|
|||
package core
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/auth"
|
||||
"dynatron.me/x/blasphem/pkg/bus"
|
||||
"dynatron.me/x/blasphem/pkg/components"
|
||||
"dynatron.me/x/blasphem/pkg/config"
|
||||
"dynatron.me/x/blasphem/pkg/storage"
|
||||
|
||||
"github.com/gorilla/websocket"
|
||||
)
|
||||
|
||||
type Blas interface {
|
||||
auth.Authenticator
|
||||
bus.Bus
|
||||
storage.Store
|
||||
config.Configured
|
||||
components.Componenter
|
||||
|
||||
WebSocketManager
|
||||
|
||||
Shutdowner
|
||||
Versioner
|
||||
}
|
||||
|
||||
type WebSocketManager interface {
|
||||
// Register registers a websocket command.
|
||||
// cmd is the first part, before first slash
|
||||
// dataNew is a function to create a new message datatype
|
||||
RegisterWSCommand(cmd string, hnd Handler, dataNew NewData)
|
||||
WSCommandHandler(cmd string, splitCmd []string) (NewData, Handler, error)
|
||||
}
|
||||
|
||||
type WebSocketSession interface {
|
||||
Conn() *websocket.Conn
|
||||
Go(context.Context) error
|
||||
Blas() Blas
|
||||
}
|
||||
|
||||
type Handler func(ctx context.Context, wss WebSocketSession, msgID int, cmd []string, msg interface{}) error
|
||||
type NewData func(cmd []string) interface{}
|
||||
|
||||
type Shutdowner interface {
|
||||
ShutdownBlas(context.Context) error
|
||||
}
|
||||
|
||||
type Versioner interface {
|
||||
Version() string
|
||||
}
|
|
@ -12,28 +12,22 @@ type (
|
|||
|
||||
listeners []chan<- Event
|
||||
|
||||
bus struct {
|
||||
Bus struct {
|
||||
sync.RWMutex
|
||||
subs map[string]listeners
|
||||
}
|
||||
|
||||
Bus interface {
|
||||
Sub(topic string, ch chan<- Event)
|
||||
Unsub(topic string, ch chan<- Event)
|
||||
Pub(topic string, data interface{})
|
||||
ShutdownBus()
|
||||
}
|
||||
)
|
||||
|
||||
func New() Bus {
|
||||
bus := &bus{
|
||||
func New() *Bus {
|
||||
bus := &Bus{
|
||||
subs: make(map[string]listeners),
|
||||
}
|
||||
|
||||
return bus
|
||||
|
||||
}
|
||||
|
||||
func (b *bus) Sub(topic string, ch chan<- Event) {
|
||||
func (b *Bus) Sub(topic string, ch chan<- Event) {
|
||||
b.Lock()
|
||||
defer b.Unlock()
|
||||
|
||||
|
@ -44,7 +38,7 @@ func (b *bus) Sub(topic string, ch chan<- Event) {
|
|||
}
|
||||
}
|
||||
|
||||
func (b *bus) Unsub(topic string, ch chan<- Event) {
|
||||
func (b *Bus) Unsub(topic string, ch chan<- Event) {
|
||||
b.Lock()
|
||||
defer b.Unlock()
|
||||
|
||||
|
@ -57,7 +51,7 @@ func (b *bus) Unsub(topic string, ch chan<- Event) {
|
|||
}
|
||||
}
|
||||
|
||||
func (b *bus) Pub(topic string, data interface{}) {
|
||||
func (b *Bus) Pub(topic string, data interface{}) {
|
||||
b.RLock()
|
||||
defer b.RUnlock()
|
||||
|
||||
|
@ -71,7 +65,7 @@ func (b *bus) Pub(topic string, data interface{}) {
|
|||
}
|
||||
}
|
||||
|
||||
func (b *bus) ShutdownBus() {
|
||||
func (b *Bus) Shutdown() {
|
||||
for _, v := range b.subs {
|
||||
for _, c := range v {
|
||||
close(c)
|
||||
|
|
|
@ -2,18 +2,18 @@ package serve
|
|||
|
||||
import (
|
||||
"dynatron.me/x/blasphem/internal/common"
|
||||
blas "dynatron.me/x/blasphem/pkg/blas/core"
|
||||
"dynatron.me/x/blasphem/pkg/config"
|
||||
"dynatron.me/x/blasphem/pkg/server"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
type ServeOptions struct {
|
||||
core blas.Blas
|
||||
cfg *config.Config
|
||||
}
|
||||
|
||||
func Command(core blas.Blas) *cobra.Command {
|
||||
opts := makeOptions(core)
|
||||
func Command(cfg *config.Config) *cobra.Command {
|
||||
opts := makeOptions(cfg)
|
||||
serveCmd := &cobra.Command{
|
||||
Use: "serve",
|
||||
Short: "starts the " + common.AppName + " server",
|
||||
|
@ -23,9 +23,9 @@ func Command(core blas.Blas) *cobra.Command {
|
|||
return serveCmd
|
||||
}
|
||||
|
||||
func makeOptions(core blas.Blas) *ServeOptions {
|
||||
func makeOptions(cfg *config.Config) *ServeOptions {
|
||||
return &ServeOptions{
|
||||
core: core,
|
||||
cfg: cfg,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -34,7 +34,7 @@ func (o *ServeOptions) Options(_ *cobra.Command, args []string) error {
|
|||
}
|
||||
|
||||
func (o *ServeOptions) Execute() error {
|
||||
server, err := server.New(o.core)
|
||||
server, err := server.New(o.cfg)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
package components
|
||||
|
||||
import ()
|
||||
|
||||
type Componenter interface {
|
||||
Component(ComponentKey) Component
|
||||
Components() ComponentStore
|
||||
}
|
||||
|
||||
type (
|
||||
ComponentStore map[ComponentKey]Component
|
||||
ComponentKey string
|
||||
|
||||
Component interface {
|
||||
Shutdown()
|
||||
}
|
||||
)
|
|
@ -11,10 +11,6 @@ import (
|
|||
"gopkg.in/yaml.v3"
|
||||
)
|
||||
|
||||
type Configured interface {
|
||||
Conf() *Config
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
DataDir *string `yaml:"data_dir,omitempty"`
|
||||
Server *server.Config `yaml:"server"`
|
||||
|
|
203
pkg/flow/flow.go
203
pkg/flow/flow.go
|
@ -1,203 +0,0 @@
|
|||
// flow is the data entry flow.
|
||||
package flow
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"dynatron.me/x/blasphem/internal/generate"
|
||||
)
|
||||
|
||||
type ResultType string
|
||||
type FlowID string
|
||||
type Step string
|
||||
type HandlerKey string
|
||||
type Errors interface{}
|
||||
|
||||
type FlowStore map[FlowID]Handler
|
||||
|
||||
type FlowManager struct {
|
||||
flows FlowStore
|
||||
}
|
||||
|
||||
type Result struct {
|
||||
Type ResultType `json:"type"`
|
||||
ID FlowID `json:"flow_id"`
|
||||
Handler []*HandlerKey `json:"handler"`
|
||||
Title *string `json:"title,omitempty"`
|
||||
Data map[string]interface{} `json:"data,omitempty"`
|
||||
StepID *Step `json:"step_id,omitempty"`
|
||||
Schema []SchemaItem `json:"data_schema"`
|
||||
Extra *string `json:"extra,omitempty"`
|
||||
Required *bool `json:"required,omitempty"`
|
||||
Errors interface{} `json:"errors"`
|
||||
Description *string `json:"description,omitempty"`
|
||||
DescPlace *string `json:"description_placeholders"`
|
||||
URL *string `json:"url,omitempty"`
|
||||
Reason *string `json:"reason,omitempty"`
|
||||
Context *string `json:"context,omitempty"`
|
||||
Result interface{} `json:"result,omitempty"`
|
||||
LastStep *string `json:"last_step"`
|
||||
Options map[string]interface{} `json:"options,omitempty"`
|
||||
Version *int `json:"version,omitempty"`
|
||||
}
|
||||
|
||||
type Handler interface {
|
||||
BaseHandler() FlowHandler
|
||||
FlowID() FlowID
|
||||
|
||||
flowCtime() time.Time
|
||||
}
|
||||
|
||||
const (
|
||||
StepInit Step = "init"
|
||||
)
|
||||
|
||||
func (fs Schema) CheckRequired(rm map[string]interface{}) error {
|
||||
for _, si := range fs {
|
||||
if si.Required {
|
||||
if _, ok := rm[si.Name]; !ok {
|
||||
return fmt.Errorf("missing required param %s", si.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewFlowManager() *FlowManager {
|
||||
return &FlowManager{
|
||||
flows: make(FlowStore),
|
||||
}
|
||||
}
|
||||
|
||||
func stepPtr(s Step) *Step { return &s }
|
||||
|
||||
type FlowHandler struct {
|
||||
ID FlowID // ID is the FlowID
|
||||
Handler HandlerKey // Handler key
|
||||
|
||||
// curStep is the current step set by the flow manager
|
||||
curStep Step
|
||||
|
||||
ctime time.Time
|
||||
}
|
||||
|
||||
func (f *FlowHandler) Step() Step { return f.curStep }
|
||||
|
||||
func (f *FlowHandler) BaseHandler() FlowHandler { return *f }
|
||||
|
||||
func (f *FlowHandler) FlowID() FlowID {
|
||||
return f.ID
|
||||
}
|
||||
|
||||
func (f *FlowHandler) flowCtime() time.Time { return f.ctime }
|
||||
|
||||
func NewFlowHandlerBase(hand string) FlowHandler {
|
||||
return FlowHandler{
|
||||
ID: FlowID(generate.UUID()),
|
||||
Handler: HandlerKey(hand),
|
||||
|
||||
curStep: StepInit,
|
||||
ctime: time.Now(),
|
||||
}
|
||||
}
|
||||
|
||||
func (hk *HandlerKey) String() string {
|
||||
return string(*hk)
|
||||
}
|
||||
|
||||
func (fm *FlowHandler) Handlers() []*HandlerKey {
|
||||
return []*HandlerKey{&fm.Handler, nil}
|
||||
}
|
||||
|
||||
func resultErrs(e Errors) Errors {
|
||||
if e == nil {
|
||||
return []string{}
|
||||
}
|
||||
|
||||
return e
|
||||
}
|
||||
|
||||
type FormOption func(*Result)
|
||||
|
||||
func (*FlowHandler) WithErrors(e Errors) FormOption {
|
||||
return func(r *Result) {
|
||||
r.Errors = e
|
||||
}
|
||||
}
|
||||
|
||||
func (*FlowHandler) WithStep(s Step) FormOption {
|
||||
return func(r *Result) {
|
||||
r.StepID = stepPtr(s)
|
||||
}
|
||||
}
|
||||
|
||||
func (*FlowHandler) WithSchema(sch Schemer) FormOption {
|
||||
return func(r *Result) {
|
||||
r.Schema = sch.FlowSchema()
|
||||
}
|
||||
}
|
||||
|
||||
func (fm *FlowHandler) ShowForm(opts ...FormOption) *Result {
|
||||
res := &Result{
|
||||
Type: TypeForm,
|
||||
ID: fm.ID,
|
||||
StepID: stepPtr(fm.curStep),
|
||||
Handler: fm.Handlers(),
|
||||
}
|
||||
|
||||
for _, opt := range opts {
|
||||
opt(res)
|
||||
}
|
||||
|
||||
res.Errors = resultErrs(res.Errors)
|
||||
return res
|
||||
}
|
||||
|
||||
func (fm *FlowManager) Delete(id FlowID) {
|
||||
delete(fm.flows, id)
|
||||
}
|
||||
|
||||
const (
|
||||
TypeForm ResultType = "form"
|
||||
TypeCreateEntry ResultType = "create_entry"
|
||||
TypeAbort ResultType = "abort"
|
||||
TypeExternalStep ResultType = "external"
|
||||
TypeExternalStepDone ResultType = "external_done"
|
||||
TypeShowProgress ResultType = "progress"
|
||||
TypeShowProgressDone ResultType = "progress_done"
|
||||
TypeMenu ResultType = "menu"
|
||||
)
|
||||
|
||||
func (f *FlowHandler) touch() {
|
||||
f.ctime = time.Now()
|
||||
}
|
||||
|
||||
func (fm *FlowManager) Register(f Handler) {
|
||||
fm.flows.cull()
|
||||
fm.flows[f.FlowID()] = f
|
||||
}
|
||||
|
||||
func (fs *FlowManager) Remove(f Handler) {
|
||||
delete(fs.flows, f.FlowID())
|
||||
}
|
||||
|
||||
const cullAge = time.Minute * 10
|
||||
|
||||
func (fs FlowStore) cull() {
|
||||
for k, v := range fs {
|
||||
if time.Now().Sub(v.flowCtime()) > cullAge {
|
||||
delete(fs, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (fs *FlowManager) Get(id FlowID) Handler {
|
||||
f, ok := fs.flows[id]
|
||||
if ok {
|
||||
return f
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
package flow
|
||||
|
||||
type Type string
|
||||
|
||||
const (
|
||||
TypeString Type = "string"
|
||||
)
|
||||
|
||||
func (t Type) IsValid() bool {
|
||||
switch t {
|
||||
case TypeString:
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
type SchemaItem struct {
|
||||
Type Type `json:"type"`
|
||||
Name string `json:"name"`
|
||||
Required bool `json:"required"`
|
||||
}
|
||||
|
||||
type Schema []SchemaItem
|
||||
|
||||
type Schemer interface {
|
||||
FlowSchema() Schema
|
||||
}
|
||||
|
||||
func NewSchema(items ...SchemaItem) Schema {
|
||||
return items
|
||||
}
|
||||
|
||||
func RequiredString(name string) SchemaItem {
|
||||
return SchemaItem{
|
||||
Type: TypeString,
|
||||
Name: name,
|
||||
Required: true,
|
||||
}
|
||||
}
|
|
@ -1,42 +1,24 @@
|
|||
package frontend
|
||||
|
||||
import (
|
||||
"context"
|
||||
"embed"
|
||||
"io"
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"sync"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/blas"
|
||||
"dynatron.me/x/blasphem/pkg/blas/core"
|
||||
"dynatron.me/x/blasphem/pkg/components"
|
||||
|
||||
"github.com/labstack/echo/v4"
|
||||
)
|
||||
|
||||
const FrontendKey = "frontend"
|
||||
|
||||
//go:embed frontend/hass_frontend
|
||||
var root embed.FS
|
||||
|
||||
type Frontend struct {
|
||||
fsHandler echo.HandlerFunc
|
||||
rootFS fs.FS
|
||||
var RootFS fs.FS
|
||||
|
||||
routeInstall sync.Once
|
||||
}
|
||||
var FSHandler echo.HandlerFunc
|
||||
|
||||
func (fe *Frontend) InstallRoutes(e *echo.Echo) {
|
||||
fe.routeInstall.Do(func() {
|
||||
e.GET("/*", fe.fsHandler)
|
||||
e.GET("/auth/authorize", fe.AliasHandler("authorize.html"))
|
||||
})
|
||||
}
|
||||
|
||||
func (fe *Frontend) AliasHandler(toFile string) echo.HandlerFunc {
|
||||
func AliasHandler(toFile string) echo.HandlerFunc {
|
||||
return func(c echo.Context) error {
|
||||
file, err := fe.rootFS.Open(toFile)
|
||||
file, err := RootFS.Open(toFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -51,32 +33,13 @@ func (fe *Frontend) AliasHandler(toFile string) echo.HandlerFunc {
|
|||
}
|
||||
}
|
||||
|
||||
func (*Frontend) Shutdown() {}
|
||||
|
||||
func newData(_ []string) interface{} {
|
||||
return map[string]interface{}{}
|
||||
}
|
||||
|
||||
func wsHand(ctx context.Context, wss core.WebSocketSession, msgID int, cmd []string, msg interface{}) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func Setup(b core.Blas) (components.Component, error) {
|
||||
fe := &Frontend{}
|
||||
func init() {
|
||||
var err error
|
||||
|
||||
fe.rootFS, err = fs.Sub(root, "frontend/hass_frontend")
|
||||
RootFS, err = fs.Sub(root, "frontend/hass_frontend")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
panic(err)
|
||||
}
|
||||
|
||||
fe.fsHandler = echo.StaticDirectoryHandler(fe.rootFS, false)
|
||||
|
||||
b.RegisterWSCommand("frontend", wsHand, newData)
|
||||
|
||||
return fe, nil
|
||||
}
|
||||
|
||||
func init() {
|
||||
blas.Register(FrontendKey, Setup)
|
||||
FSHandler = echo.StaticDirectoryHandler(RootFS, false)
|
||||
}
|
||||
|
|
|
@ -12,48 +12,47 @@ import (
|
|||
"github.com/rs/zerolog/log"
|
||||
"github.com/ziflex/lecho/v3"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/auth"
|
||||
"dynatron.me/x/blasphem/pkg/blas"
|
||||
"dynatron.me/x/blasphem/pkg/blas/core"
|
||||
"dynatron.me/x/blasphem/pkg/config"
|
||||
"dynatron.me/x/blasphem/pkg/frontend"
|
||||
conf "dynatron.me/x/blasphem/pkg/server/config"
|
||||
)
|
||||
|
||||
type Server struct {
|
||||
core.Blas
|
||||
*blas.Blas
|
||||
*echo.Echo
|
||||
auth.Authenticator
|
||||
wg sync.WaitGroup
|
||||
}
|
||||
|
||||
type RouteHaver interface {
|
||||
InstallRoutes(e *echo.Echo)
|
||||
}
|
||||
|
||||
func (s *Server) installRoutes() {
|
||||
s.GET("/*", frontend.FSHandler)
|
||||
s.GET("/api/websocket", s.wsHandler)
|
||||
|
||||
s.Component(frontend.FrontendKey).(RouteHaver).InstallRoutes(s.Echo)
|
||||
s.Blas.(*blas.Blas).Authenticator.InstallRoutes(s.Echo)
|
||||
|
||||
for _, c := range s.Components() {
|
||||
if rh, ok := c.(RouteHaver); ok {
|
||||
rh.InstallRoutes(s.Echo)
|
||||
}
|
||||
}
|
||||
s.Authenticator.InstallRoutes(s.Echo)
|
||||
}
|
||||
|
||||
func New(core core.Blas) (s *Server, err error) {
|
||||
func New(cfg *config.Config) (s *Server, err error) {
|
||||
b, err := blas.New(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
s = &Server{
|
||||
Blas: core,
|
||||
Blas: b,
|
||||
Echo: echo.New(),
|
||||
}
|
||||
err = s.InitAuth(b.Store)
|
||||
if err != nil {
|
||||
return s, err
|
||||
}
|
||||
|
||||
s.Echo.Debug = true
|
||||
s.Echo.HideBanner = true
|
||||
logger := lecho.From(log.Logger)
|
||||
s.Echo.Logger = logger
|
||||
|
||||
cfg := s.Conf()
|
||||
|
||||
if cfg.Server.LogRequestErrors {
|
||||
s.Echo.Use(lecho.Middleware(lecho.Config{
|
||||
Logger: logger,
|
||||
|
@ -81,7 +80,7 @@ func New(core core.Blas) (s *Server, err error) {
|
|||
}
|
||||
|
||||
func (s *Server) Shutdown(ctx context.Context) error {
|
||||
err := s.ShutdownBlas(ctx)
|
||||
err := s.Blas.Shutdown(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -92,8 +91,8 @@ func (s *Server) Shutdown(ctx context.Context) error {
|
|||
func (s *Server) Go() error {
|
||||
s.wg.Add(1)
|
||||
go func() {
|
||||
log.Info().Str("version", s.Version()).Str("bind", s.Conf().Server.Bind).Msg("Server listening")
|
||||
err := s.Start(s.Conf().Server.Bind)
|
||||
log.Info().Str("bind", s.Config.Server.Bind).Msg("Server listening")
|
||||
err := s.Start(s.Config.Server.Bind)
|
||||
if err != nil && err != http.ErrServerClosed {
|
||||
s.Logger.Fatal(err)
|
||||
}
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"dynatron.me/x/blasphem/pkg/wsapi"
|
||||
"errors"
|
||||
"log"
|
||||
|
||||
"github.com/gorilla/websocket"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
var upgrader = websocket.Upgrader{
|
||||
|
@ -15,16 +14,7 @@ var upgrader = websocket.Upgrader{
|
|||
}
|
||||
|
||||
func (s *Server) wsHandler(c echo.Context) error {
|
||||
conn, err := upgrader.Upgrade(c.Response(), c.Request(), nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer conn.Close()
|
||||
|
||||
_ = log.Debug
|
||||
ctx, cancel := context.WithCancel(c.Request().Context())
|
||||
defer cancel()
|
||||
|
||||
return wsapi.NewSession(s, c, conn).Go(ctx)
|
||||
log.Println("WebSocket")
|
||||
//conn, err := upgrader.Upgrade(w, req, nil)
|
||||
return errors.New("not handled")
|
||||
}
|
||||
|
|
|
@ -1,220 +0,0 @@
|
|||
package storage
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"os"
|
||||
"path"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
var (
|
||||
IndentStr = strings.Repeat(" ", 2)
|
||||
)
|
||||
|
||||
const (
|
||||
SecretMode fs.FileMode = 0600
|
||||
DefaultMode fs.FileMode = 0644
|
||||
)
|
||||
|
||||
type item struct {
|
||||
sync.Mutex `json:"-"`
|
||||
Version int `json:"version"`
|
||||
MinorVersion *int `json:"minor_version,omitempty"`
|
||||
Key string `json:"key"`
|
||||
Data interface{} `json:"data"`
|
||||
|
||||
fmode fs.FileMode
|
||||
dirty bool
|
||||
}
|
||||
|
||||
func (i *item) Dirty() { i.Lock(); defer i.Unlock(); i.dirty = true }
|
||||
func (i *item) IsDirty() bool { i.Lock(); defer i.Unlock(); return i.dirty }
|
||||
func (i *item) GetData() interface{} { i.Lock(); defer i.Unlock(); return i.Data }
|
||||
func (i *item) SetData(d interface{}) { i.Lock(); defer i.Unlock(); i.Data = d; i.dirty = true }
|
||||
func (i *item) ItemKey() string { return i.Key /* key is immutable */ }
|
||||
|
||||
func (it *item) mode() fs.FileMode {
|
||||
if it.fmode != 0 {
|
||||
return it.fmode
|
||||
}
|
||||
|
||||
return SecretMode
|
||||
}
|
||||
|
||||
type fsStore struct {
|
||||
sync.RWMutex
|
||||
fs fs.FS
|
||||
storeRoot string
|
||||
s map[string]*item
|
||||
}
|
||||
|
||||
func (s *fsStore) get(key string) *item {
|
||||
s.RLock()
|
||||
defer s.RUnlock()
|
||||
|
||||
i, ok := s.s[key]
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
return i
|
||||
}
|
||||
|
||||
func (s *fsStore) put(key string, it *item) {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
|
||||
s.s[key] = it
|
||||
}
|
||||
|
||||
func (s *fsStore) persist(it *item) error {
|
||||
it.Lock()
|
||||
defer it.Unlock()
|
||||
|
||||
f, err := os.OpenFile(path.Join(s.storeRoot, it.Key), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, it.mode())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer f.Close()
|
||||
|
||||
enc := json.NewEncoder(f)
|
||||
enc.SetIndent("", IndentStr)
|
||||
|
||||
err = enc.Encode(it)
|
||||
if err == nil {
|
||||
it.dirty = false
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *fsStore) Dirty(key string) error {
|
||||
it := s.get(key)
|
||||
if it == nil {
|
||||
return ErrNoSuchKey
|
||||
}
|
||||
|
||||
it.Dirty()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *fsStore) Flush(key string) error {
|
||||
it := s.get(key)
|
||||
if it == nil {
|
||||
return ErrNoSuchKey
|
||||
}
|
||||
|
||||
return s.persist(it)
|
||||
}
|
||||
|
||||
func (s *fsStore) FlushAll() []error {
|
||||
s.RLock()
|
||||
defer s.RUnlock()
|
||||
|
||||
var errs []error
|
||||
for _, it := range s.s {
|
||||
err := s.persist(it)
|
||||
if err != nil {
|
||||
errs = append(errs, fmt.Errorf("store key %s: %w", it.Key, err))
|
||||
}
|
||||
}
|
||||
|
||||
return errs
|
||||
}
|
||||
|
||||
func (s *fsStore) ShutdownStore() {
|
||||
errs := s.FlushAll()
|
||||
if errs != nil {
|
||||
log.Error().Errs("errors", errs).Msg("errors persisting store")
|
||||
}
|
||||
}
|
||||
|
||||
// Put puts an item into the store.
|
||||
// NB: Any user of a previous item with this key will now have a dangling reference that will not be persisted.
|
||||
// It is up to consumers to coordinate against this case!
|
||||
func (s *fsStore) Put(key string, version, minorVersion int, secretMode bool, data interface{}) (Item, error) {
|
||||
var mv *int
|
||||
if minorVersion != 0 {
|
||||
mv = &minorVersion
|
||||
}
|
||||
|
||||
mode := DefaultMode
|
||||
|
||||
if secretMode {
|
||||
mode = SecretMode
|
||||
}
|
||||
|
||||
it := &item{
|
||||
Version: version,
|
||||
MinorVersion: mv,
|
||||
Key: key,
|
||||
Data: data,
|
||||
|
||||
fmode: mode,
|
||||
dirty: true,
|
||||
}
|
||||
|
||||
s.s[key] = it
|
||||
return it, s.persist(it)
|
||||
}
|
||||
|
||||
func (s *fsStore) Get(key string, data interface{}) error {
|
||||
_, err := s.GetItem(key, data)
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *fsStore) GetItem(key string, data interface{}) (Item, error) {
|
||||
exists := s.get(key)
|
||||
if exists != nil {
|
||||
return exists, ErrKeyExists
|
||||
}
|
||||
|
||||
f, err := s.fs.Open(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
defer f.Close()
|
||||
|
||||
fi, err := f.Stat()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
item := &item{
|
||||
Data: data,
|
||||
fmode: fi.Mode(),
|
||||
}
|
||||
d := json.NewDecoder(f)
|
||||
err = d.Decode(item)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if item.Key != key {
|
||||
return nil, fmt.Errorf("key mismatch '%s' != '%s'", item.Key, key)
|
||||
}
|
||||
|
||||
s.put(key, item)
|
||||
|
||||
return item, nil
|
||||
}
|
||||
|
||||
func OpenFileStore(configRoot string) (*fsStore, error) {
|
||||
storeRoot := path.Join(configRoot, ".storage")
|
||||
stor := os.DirFS(storeRoot)
|
||||
|
||||
return &fsStore{
|
||||
fs: stor,
|
||||
storeRoot: storeRoot,
|
||||
s: make(map[string]*item),
|
||||
}, nil
|
||||
}
|
58
pkg/storage/storage.go
Normal file
58
pkg/storage/storage.go
Normal file
|
@ -0,0 +1,58 @@
|
|||
package storage
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
)
|
||||
|
||||
type Data interface {
|
||||
}
|
||||
|
||||
type Item struct {
|
||||
Version int `json:"version"`
|
||||
MinorVersion *int `json:"minor_version,omitempty"`
|
||||
Key string `json:"key"`
|
||||
Data Data `json:"data"`
|
||||
}
|
||||
|
||||
type store struct {
|
||||
fs.FS
|
||||
}
|
||||
|
||||
type Store interface {
|
||||
Get(key string, data interface{}) error
|
||||
}
|
||||
|
||||
func (s *store) Get(key string, data interface{}) error {
|
||||
f, err := s.Open(key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer f.Close()
|
||||
|
||||
item := Item{
|
||||
Data: data,
|
||||
}
|
||||
d := json.NewDecoder(f)
|
||||
err = d.Decode(&item)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if item.Key != key {
|
||||
return fmt.Errorf("key mismatch '%s' != '%s'", item.Key, key)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func Open(dir fs.FS) (*store, error) {
|
||||
stor, err := fs.Sub(dir, ".storage")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &store{stor}, nil
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
package storage
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"sync"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrNoSuchKey = errors.New("no such key in store")
|
||||
ErrKeyExists = errors.New("key already exists")
|
||||
)
|
||||
|
||||
// Item is an item in a datastore.
|
||||
type Item interface {
|
||||
// Item is lockable if updating data item directly.
|
||||
sync.Locker
|
||||
|
||||
// Dirty sets the dirty flag for the item so it will be flushed.
|
||||
Dirty()
|
||||
|
||||
// IsDirty gets the dirty flag for the item.
|
||||
IsDirty() bool
|
||||
|
||||
// GetData gets the data for the item.
|
||||
GetData() interface{}
|
||||
|
||||
// GetData sets the data for the item.
|
||||
SetData(interface{})
|
||||
|
||||
// ItemKey gets the key of the item.
|
||||
ItemKey() string
|
||||
}
|
||||
|
||||
// Store represents a datastore.
|
||||
type Store interface {
|
||||
// GetItem loads the specified key from the store into data and returns the Item.
|
||||
// If err is ErrKeyExists, Item will be the existing item.
|
||||
GetItem(key string, data interface{}) (Item, error)
|
||||
|
||||
// Get is the same as GetItem, but only returns error.
|
||||
Get(key string, data interface{}) error
|
||||
|
||||
// Put puts the specified key into the store. If the key already exists, it clobbers.
|
||||
// Note that any existing items will then dangle.
|
||||
Put(key string, version, minorVersion int, secretMode bool, data interface{}) (Item, error)
|
||||
|
||||
// FlushAll flushes the store to backing.
|
||||
FlushAll() []error
|
||||
|
||||
// Flush flushes a single key to backing.
|
||||
Flush(key string) error
|
||||
|
||||
// ShutdownStore is called to quiesce and shutdown the store.
|
||||
ShutdownStore()
|
||||
}
|
264
pkg/wsapi/api.go
264
pkg/wsapi/api.go
|
@ -1,264 +0,0 @@
|
|||
package wsapi
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"strings"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/auth"
|
||||
"dynatron.me/x/blasphem/pkg/blas/core"
|
||||
|
||||
"github.com/gorilla/websocket"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
var (
|
||||
NoSuchHandlerErr = errors.New("bad websocket command")
|
||||
NoMessageIDErr = errors.New("no message ID")
|
||||
AuthInvalidErr = errors.New("invalid auth")
|
||||
)
|
||||
|
||||
type Type string
|
||||
type MsgBase struct {
|
||||
ID *int `json:"id,omitempty"`
|
||||
Type Type `json:"type"`
|
||||
}
|
||||
|
||||
type (
|
||||
wsSession struct {
|
||||
conn *websocket.Conn
|
||||
b core.Blas
|
||||
ec echo.Context
|
||||
write chan<- interface{}
|
||||
|
||||
user *auth.User
|
||||
refreshToken *auth.RefreshToken
|
||||
}
|
||||
|
||||
wsEntry struct {
|
||||
dataNew core.NewData
|
||||
hnd core.Handler
|
||||
}
|
||||
|
||||
wsRegistry map[string]wsEntry
|
||||
|
||||
wsManager struct {
|
||||
r wsRegistry
|
||||
}
|
||||
)
|
||||
|
||||
func (wsm *wsManager) RegisterWSCommand(cmd string, hnd core.Handler, dataNew core.NewData) {
|
||||
wsm.r[cmd] = wsEntry{
|
||||
dataNew: dataNew,
|
||||
hnd: hnd,
|
||||
}
|
||||
}
|
||||
|
||||
func (wsm *wsManager) WSCommandHandler(cmd string, cmdSplit []string) (core.NewData, core.Handler, error) {
|
||||
if wse, ok := wsm.r[cmd]; ok {
|
||||
return wse.dataNew, wse.hnd, nil
|
||||
}
|
||||
|
||||
if wse, ok := wsm.r[cmdSplit[0]]; ok {
|
||||
return wse.dataNew, wse.hnd, nil
|
||||
}
|
||||
|
||||
return nil, nil, NoSuchHandlerErr
|
||||
}
|
||||
|
||||
func NewManager() core.WebSocketManager {
|
||||
return &wsManager{
|
||||
r: make(wsRegistry),
|
||||
}
|
||||
}
|
||||
|
||||
func NewSession(s core.Blas, c echo.Context, conn *websocket.Conn) core.WebSocketSession {
|
||||
ws := &wsSession{
|
||||
conn: conn,
|
||||
b: s,
|
||||
ec: c,
|
||||
}
|
||||
|
||||
return ws
|
||||
}
|
||||
|
||||
func (ws *wsSession) Conn() *websocket.Conn {
|
||||
return ws.conn
|
||||
}
|
||||
|
||||
func (ws *wsSession) Blas() core.Blas { return ws.b }
|
||||
|
||||
func (ws *wsSession) Go(ctx context.Context) error {
|
||||
authP := &authPhase{ws}
|
||||
err := ws.sendAuthRequired()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
_, rdr, err := ws.conn.NextReader()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = authP.handleMsg(ctx, rdr)
|
||||
if err != nil || ws.refreshToken == nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// command phase
|
||||
|
||||
msgChan := make(chan map[string]interface{})
|
||||
write := make(chan interface{})
|
||||
ws.write = write
|
||||
defer close(write)
|
||||
|
||||
cCtx, cancel := context.WithCancel(ctx)
|
||||
defer cancel()
|
||||
|
||||
go func(ctx context.Context, ch chan<- map[string]interface{}) {
|
||||
defer close(ch)
|
||||
for {
|
||||
if err := ctx.Err(); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
_, rdr, err := ws.conn.NextReader()
|
||||
switch {
|
||||
case err == nil:
|
||||
case websocket.IsCloseError(err, websocket.CloseGoingAway):
|
||||
return
|
||||
case err != nil:
|
||||
log.Error().Err(err).Str("remote", ws.ec.Request().RemoteAddr).Msg("websocket read fail")
|
||||
return
|
||||
}
|
||||
|
||||
var msgMap map[string]interface{}
|
||||
err = json.NewDecoder(rdr).Decode(&msgMap)
|
||||
if err != nil {
|
||||
ws.writeError(-1, Error{Code: "invalid_format", Message: err.Error()})
|
||||
}
|
||||
|
||||
ch <- msgMap
|
||||
|
||||
}
|
||||
}(cCtx, msgChan)
|
||||
|
||||
for {
|
||||
select {
|
||||
case msg, ok := <-msgChan:
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
err = ws.handleMsg(ctx, msg)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("handleMsg")
|
||||
}
|
||||
case <-ctx.Done():
|
||||
close(msgChan) // maybe remove this?
|
||||
return nil
|
||||
case m := <-write:
|
||||
err := ws.conn.WriteJSON(m)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("writeMsg")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (ws *wsSession) Write(msg interface{}) {
|
||||
ws.write <- msg
|
||||
}
|
||||
|
||||
type MsgType string
|
||||
|
||||
const (
|
||||
ResultMsgType MsgType = "result"
|
||||
)
|
||||
|
||||
type Error struct {
|
||||
Code string `json:"code"`
|
||||
Message string `json:"message"`
|
||||
}
|
||||
|
||||
type WSError struct {
|
||||
ID *int `json:"id,omitempty"`
|
||||
Type MsgType `json:"type"`
|
||||
Success bool `json:"success"`
|
||||
Error Error `json:"error"`
|
||||
}
|
||||
|
||||
func (ws *wsSession) writeError(id int, err Error) error {
|
||||
return ws.conn.WriteJSON(WSError{
|
||||
ID: &id,
|
||||
Type: ResultMsgType,
|
||||
Success: false,
|
||||
Error: err,
|
||||
})
|
||||
}
|
||||
|
||||
func (ws *wsSession) handleMsg(ctx context.Context, msgMap map[string]interface{}) error {
|
||||
if err := ctx.Err(); err != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
msgType, ok := msgMap["type"].(string)
|
||||
if !ok {
|
||||
return NoSuchHandlerErr
|
||||
}
|
||||
|
||||
idFl, ok := msgMap["id"].(float64)
|
||||
if !ok {
|
||||
ws.Write(WSError{
|
||||
Type: ResultMsgType,
|
||||
Success: false,
|
||||
Error: Error{
|
||||
Code: "invalid_id",
|
||||
Message: "command has no ID",
|
||||
},
|
||||
})
|
||||
return nil
|
||||
}
|
||||
|
||||
id := int(idFl)
|
||||
|
||||
cmd := strings.Split(msgType, "/")
|
||||
|
||||
newData, hand, err := ws.b.WSCommandHandler(cmd[0], cmd)
|
||||
switch err {
|
||||
case nil:
|
||||
case NoSuchHandlerErr:
|
||||
ws.writeError(id, Error{
|
||||
Code: "invalid_type",
|
||||
Message: "no such command",
|
||||
})
|
||||
|
||||
return nil
|
||||
default:
|
||||
log.Error().Err(err).Msg("dispatch")
|
||||
return nil
|
||||
}
|
||||
|
||||
nd := newData(cmd)
|
||||
if _, ok := nd.(map[string]interface{}); !ok {
|
||||
err := mapstructure.Decode(&msgMap, &nd)
|
||||
if err != nil {
|
||||
ws.writeError(id, Error{
|
||||
Code: "invalid_format",
|
||||
Message: err.Error(),
|
||||
})
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
err = hand(ctx, ws, id, cmd, nd)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("dispatch")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -1,81 +0,0 @@
|
|||
package wsapi
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"io"
|
||||
|
||||
"dynatron.me/x/blasphem/pkg/auth"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
type authPhase struct {
|
||||
*wsSession
|
||||
}
|
||||
|
||||
func (ws *wsSession) sendAuthRequired() error {
|
||||
authReq := &struct {
|
||||
MsgBase
|
||||
Version string `json:"ha_version"`
|
||||
}{
|
||||
MsgBase{Type: "auth_required"},
|
||||
ws.b.Version(),
|
||||
}
|
||||
return ws.conn.WriteJSON(&authReq)
|
||||
}
|
||||
|
||||
type authMsg struct {
|
||||
MsgBase
|
||||
AccessToken auth.AccessToken `json:"access_token"`
|
||||
}
|
||||
|
||||
func (ap *authPhase) msgSchema() interface{} {
|
||||
return &authMsg{}
|
||||
}
|
||||
|
||||
func (ap *authPhase) finishAuth(rt *auth.RefreshToken) {
|
||||
ap.user = rt.User
|
||||
ap.refreshToken = rt
|
||||
}
|
||||
|
||||
func (ap *authPhase) sendAuthOK() error {
|
||||
return ap.conn.WriteJSON(struct {
|
||||
Type string `json:"type"`
|
||||
Version string `json:"ha_version"`
|
||||
}{Type: "auth_ok", Version: ap.Blas().Version()})
|
||||
}
|
||||
|
||||
func (ap *authPhase) sendAuthInvalid() error {
|
||||
return ap.conn.WriteJSON(struct {
|
||||
Type string `json:"type"`
|
||||
Message string `json:"message"`
|
||||
}{Type: "auth_ok", Message: "invalid auth"})
|
||||
}
|
||||
|
||||
func (ap *authPhase) handleMsg(ctx context.Context, r io.Reader) error {
|
||||
var authMsg authMsg
|
||||
err := json.NewDecoder(r).Decode(&authMsg)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := ctx.Err(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
refreshToken := ap.b.ValidateAccessToken(authMsg.AccessToken)
|
||||
if refreshToken != nil {
|
||||
ap.finishAuth(refreshToken)
|
||||
return ap.sendAuthOK()
|
||||
}
|
||||
|
||||
log.Error().Str("remote", ap.ec.Request().RemoteAddr).Msg("websocket auth failed")
|
||||
|
||||
err = ap.sendAuthInvalid()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return AuthInvalidErr
|
||||
}
|
Loading…
Reference in a new issue