Compare commits

..

27 commits

Author SHA1 Message Date
f272514c65 Improve flows in preparation for MFA 2022-12-27 15:09:20 -05:00
60301c9892 check rt 2022-12-21 19:34:26 -05:00
14401c831a gofmt 2022-12-21 13:22:26 -05:00
c424b75cf6 concurrent ws 2022-12-21 13:22:18 -05:00
8bf7379170 don't use map structure if we're already a map 2022-12-20 21:27:07 -05:00
2ddac95715 reorder 2022-12-20 21:24:14 -05:00
5570e53d99 handle close 2022-12-20 21:22:00 -05:00
6bd36a59c5 gofmt 2022-12-20 20:34:53 -05:00
6443443c6b allow unsplit command registrations 2022-12-20 20:34:45 -05:00
76f95a422b newdata can switch on command 2022-12-20 20:30:58 -05:00
caa371eff1 commands working ish 2022-12-20 20:11:11 -05:00
f119f7086f wip: auth still broken 2022-12-20 19:31:46 -05:00
95d72d2912 auth progress 2022-12-20 19:05:45 -05:00
a1005ce6bf works 2022-12-20 16:26:04 -05:00
1b355d3cbf also compiles 2022-12-20 13:54:49 -05:00
0da222577b it compiles 2022-12-20 13:31:31 -05:00
0378151b9f compiles 2022-12-20 13:16:30 -05:00
a468f0629b WIP: pre dep injection 2022-12-20 11:34:25 -05:00
2de97a6936 WIP: websocket 2022-12-19 19:24:01 -05:00
c91cd6efca refresh token 2022-12-19 13:09:01 -05:00
824e54894e JWT working 2022-12-19 02:42:01 -05:00
6aa2c46717 prejwt 2022-12-18 21:26:34 -05:00
9224b21db7 pre-model 2022-12-18 09:55:50 -05:00
3038750206 Ensure JWT not empty 2022-12-17 15:17:05 -05:00
86abb0b618 Some renaming 2022-11-20 13:42:10 -05:00
d34814f050 Some renaming 2022-11-20 12:51:26 -05:00
f3e17e149f Flow split begin 2022-11-20 08:49:24 -05:00
30 changed files with 1578 additions and 386 deletions

View file

@ -1,11 +1,14 @@
FE=pkg/frontend/frontend
VER=$(shell git describe --always --tags)
LDFLAGS=-ldflags='-X dynatron.me/x/blasphem/internal/common.Version=${VER}'
all: build
build:
go build -o blas ./cmd/blas/
go build ${LDFLAGS} -o blas ./cmd/blas/
serve:
go run ./cmd/blas/ serve ${BLAS_ARGS}
go run ${LDFLAGS} ./cmd/blas/ serve ${BLAS_ARGS}
# pkg/frontend/frontend/hass_frontend:
frontend:

View file

@ -7,6 +7,7 @@ import (
"github.com/rs/zerolog/log"
"dynatron.me/x/blasphem/internal/common"
"dynatron.me/x/blasphem/pkg/blas"
"dynatron.me/x/blasphem/pkg/cmd/serve"
"dynatron.me/x/blasphem/pkg/config"
@ -25,7 +26,12 @@ func main() {
log.Fatal().Err(err).Msg("Config read failed")
}
rootCmd.AddCommand(serve.Command(config))
bl, err := blas.New(config)
if err != nil {
log.Fatal().Err(err).Msg("Core create failed")
}
rootCmd.AddCommand(serve.Command(bl))
err = rootCmd.Execute()
if err != nil {

1
go.mod
View file

@ -21,6 +21,7 @@ require (
github.com/labstack/gommon v0.3.1 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/valyala/fasttemplate v1.2.1 // indirect

2
go.sum
View file

@ -36,6 +36,8 @@ github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2y
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

View file

@ -2,9 +2,13 @@
package common
import (
"github.com/labstack/echo/v4"
"github.com/spf13/cobra"
)
// this symbol overriden by linker args
var Version = "undefined"
const (
// AppName is the name of the application.
AppName = "blasphem"
@ -15,6 +19,13 @@ type cmdOptions interface {
Execute() error
}
func AppNamePtr() *string {
s := AppName
return &s
}
func IntPtr(i int) *int { return &i }
// RunE is a convenience function for use with cobra.
func RunE(c cmdOptions) func(cmd *cobra.Command, args []string) error {
return func(cmd *cobra.Command, args []string) error {
@ -32,3 +43,9 @@ func RunE(c cmdOptions) func(cmd *cobra.Command, args []string) error {
return err
}
}
func NoCache(c echo.Context) echo.Context {
c.Response().Header().Set("Cache-Control", "no-store")
c.Response().Header().Set("Pragma", "no-cache")
return c
}

View file

@ -11,6 +11,7 @@ import (
type (
// PyTimeStamp is a timestamp that marshals to python-style timestamp strings (long nano).
PyTimestamp time.Time
ClientID string
)
const PytTimeFormat = "2006-01-02T15:04:05.999999-07:00"

View file

@ -3,12 +3,12 @@ package auth
import (
"errors"
"net/http"
"sync"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
"dynatron.me/x/blasphem/pkg/auth/provider"
"dynatron.me/x/blasphem/pkg/frontend"
"dynatron.me/x/blasphem/pkg/storage"
// providers
@ -20,23 +20,30 @@ var (
ErrDisabled = errors.New("user disabled")
ErrInvalidAuth = errors.New("invalid auth")
ErrInvalidHandler = errors.New("no such handler")
ErrInvalidIP = errors.New("invalid IP")
ErrUserAuthRemote = errors.New("user cannot authenticate remotely")
)
type Authenticator struct {
type authenticator struct {
sync.Mutex
store AuthStore
flows FlowStore
sessions AccessSessionStore
flows *AuthFlowManager
authCodes authCodeStore
providers map[string]provider.AuthProvider
}
type Authenticator interface {
ValidateAccessToken(token AccessToken) *RefreshToken
InstallRoutes(e *echo.Echo)
}
type AuthError struct {
Error string `json:"error"`
Description string `json:"error_description"`
}
func (a *Authenticator) InstallRoutes(e *echo.Echo) {
func (a *authenticator) InstallRoutes(e *echo.Echo) {
authG := e.Group("/auth")
authG.GET("/authorize", frontend.AliasHandler("authorize.html"))
authG.GET("/providers", a.ProvidersHandler)
authG.POST("/token", a.TokenHandler)
@ -47,31 +54,34 @@ func (a *Authenticator) InstallRoutes(e *echo.Echo) {
loginFlow.DELETE("/:flow_id", a.LoginFlowDeleteHandler)
}
func (a *Authenticator) InitAuth(s storage.Store) error {
a.providers = make(map[string]provider.AuthProvider)
func New(s storage.Store) (Authenticator, error) {
a := &authenticator{
providers: make(map[string]provider.AuthProvider),
}
for _, pI := range provider.Providers {
nProv, err := pI(s)
if err != nil {
return err
return nil, err
}
a.providers[nProv.ProviderType()] = nProv
}
a.flows = make(FlowStore)
a.flows = NewAuthFlowManager()
a.sessions.init()
a.authCodes.init()
var err error
a.store, err = a.newAuthStore(s)
if err != nil {
return err
return nil, err
}
return nil
return a, nil
}
func (a *Authenticator) Provider(name string) provider.AuthProvider {
func (a *authenticator) Provider(name string) provider.AuthProvider {
p, ok := a.providers[name]
if !ok {
return nil
@ -83,7 +93,7 @@ func (a *Authenticator) Provider(name string) provider.AuthProvider {
var HomeAssistant = "homeassistant"
// TODO: make this configurable
func (a *Authenticator) ProvidersHandler(c echo.Context) error {
func (a *authenticator) ProvidersHandler(c echo.Context) error {
providers := []provider.AuthProviderBase{
a.Provider(HomeAssistant).ProviderBase(),
}
@ -91,30 +101,24 @@ func (a *Authenticator) ProvidersHandler(c echo.Context) error {
return c.JSON(http.StatusOK, providers)
}
func (a *Authenticator) Check(f *Flow, req *http.Request, rm map[string]interface{}) (provider.ProviderUser, error) {
func (a *authenticator) Check(f *LoginFlow, req *http.Request, rm map[string]interface{}) (user provider.ProviderUser, clientID string, err error) {
cID, hasCID := rm["client_id"]
cIDStr, cidIsStr := cID.(string)
if !hasCID || !cidIsStr || cIDStr == "" || cIDStr != string(f.request.ClientID) {
return nil, ErrInvalidAuth
clientID, cidIsStr := cID.(string)
if !hasCID || !cidIsStr || clientID == "" || clientID != string(f.ClientID) {
return nil, clientID, ErrInvalidAuth
}
for _, h := range f.Handler {
if h == nil {
return nil, ErrInvalidHandler
}
p := a.Provider(*h)
p := a.Provider(f.Handler.String())
if p == nil {
return nil, ErrInvalidAuth
return nil, clientID, ErrInvalidAuth
}
user, success := p.ValidateCreds(req, rm)
if success {
log.Info().Interface("user", user.UserData()).Msg("Login success")
return user, nil
}
return user, clientID, nil
}
return nil, ErrInvalidAuth
return nil, clientID, ErrInvalidAuth
}

View file

@ -1,134 +1,100 @@
package auth
import (
"fmt"
"net/http"
"strings"
"time"
"github.com/jinzhu/copier"
"github.com/labstack/echo/v4"
"dynatron.me/x/blasphem/internal/common"
"dynatron.me/x/blasphem/internal/generate"
"dynatron.me/x/blasphem/pkg/auth/provider"
"dynatron.me/x/blasphem/pkg/flow"
)
type FlowStore map[FlowID]*Flow
type AuthFlowManager struct {
*flow.FlowManager
}
type FlowRequest struct {
ClientID ClientID `json:"client_id"`
type LoginFlow struct {
flow.FlowHandler
prov provider.AuthProvider
ClientID common.ClientID
FlowContext
}
type FlowContext struct {
IPAddr string
CredentialOnly bool
RedirectURI string
}
type LoginFlowRequest struct {
ClientID common.ClientID `json:"client_id"`
Handler []*string `json:"handler"`
RedirectURI string `json:"redirect_uri"`
Type *string `json:"type"`
ip string `json:"-"`
}
type FlowType string
const (
TypeForm FlowType = "form"
TypeCreateEntry FlowType = "create_entry"
)
type FlowID string
type Step string
const (
StepInit Step = "init"
)
type Flow struct {
Type FlowType `json:"type"`
ID FlowID `json:"flow_id"`
Handler []*string `json:"handler"`
StepID *Step `json:"step_id,omitempty"`
Schema []provider.FlowSchemaItem `json:"data_schema"`
Errors interface{} `json:"errors"`
DescPlace *string `json:"description_placeholders"`
LastStep *string `json:"last_step"`
request *FlowRequest
ctime time.Time
}
func (f *Flow) touch() {
f.ctime = time.Now()
}
func (fs FlowStore) register(f *Flow) {
fs.cull()
fs[f.ID] = f
}
func (fs FlowStore) Remove(f *Flow) {
delete(fs, f.ID)
}
const cullAge = time.Minute * 30
func (fs FlowStore) cull() {
for k, v := range fs {
if time.Now().Sub(v.ctime) > cullAge {
delete(fs, k)
}
func (r *LoginFlowRequest) FlowContext() FlowContext {
return FlowContext{
IPAddr: r.ip,
RedirectURI: r.RedirectURI,
CredentialOnly: r.Type != nil && *r.Type == "link_user",
}
}
func (fs FlowStore) Get(id FlowID) *Flow {
f, ok := fs[id]
if ok {
return f
}
return nil
func NewAuthFlowManager() *AuthFlowManager {
return &AuthFlowManager{FlowManager: flow.NewFlowManager()}
}
func (a *Authenticator) NewFlow(r *FlowRequest) *Flow {
var sch []provider.FlowSchemaItem
func (afm *AuthFlowManager) NewLoginFlow(req *LoginFlowRequest, prov provider.AuthProvider) *LoginFlow {
lf := &LoginFlow{
FlowHandler: flow.NewFlowHandlerBase(prov.ProviderType()),
ClientID: req.ClientID,
FlowContext: req.FlowContext(),
prov: prov,
}
afm.Register(lf)
return lf
}
func (a *authenticator) NewFlow(r *LoginFlowRequest) *flow.Result {
var prov provider.AuthProvider
for _, h := range r.Handler {
if h == nil {
break
}
if hand := a.Provider(*h); hand != nil {
sch = hand.FlowSchema()
prov = a.Provider(*h)
if prov != nil {
break
}
}
if sch == nil {
if prov == nil {
return nil
}
flow := &Flow{
Type: TypeForm,
ID: FlowID(generate.UUID()),
StepID: stepPtr(StepInit),
Schema: sch,
Handler: r.Handler,
Errors: []string{},
request: r,
}
flow.touch()
lf := a.flows.NewLoginFlow(r, prov)
a.flows.register(flow)
return flow
return lf.ShowForm(lf.WithSchema(prov), lf.WithStep(flow.StepInit))
}
func stepPtr(s Step) *Step { return &s }
func (f *Flow) redirect(c echo.Context) {
c.Request().Header.Set("Location", f.request.RedirectURI)
func (f *LoginFlow) redirect(c echo.Context) {
c.Request().Header.Set("Location", f.RedirectURI)
}
func (f *Flow) progress(a *Authenticator, c echo.Context) error {
if f.StepID == nil {
c.Logger().Error("stepID is nil")
return c.String(http.StatusInternalServerError, "No Step ID")
}
switch *f.StepID {
case StepInit:
func (f *LoginFlow) progress(a *authenticator, c echo.Context) error {
switch f.Step() {
case flow.StepInit:
rm := make(map[string]interface{})
err := c.Bind(&rm)
@ -136,31 +102,26 @@ func (f *Flow) progress(a *Authenticator, c echo.Context) error {
return c.String(http.StatusBadRequest, err.Error())
}
for _, si := range f.Schema {
if si.Required {
if _, ok := rm[si.Name]; !ok {
return c.String(http.StatusBadRequest, "missing required param "+si.Name)
}
}
}
user, err := a.Check(f, c.Request(), rm)
switch err {
case nil:
var finishedFlow struct {
ID FlowID `json:"flow_id"`
Handler []*string `json:"handler"`
Result AccessTokenID `json:"result"`
Title string `json:"title"`
Type FlowType `json:"type"`
Version int `json:"version"`
err = f.prov.FlowSchema().CheckRequired(rm)
if err != nil {
return c.JSON(http.StatusBadRequest, f.ShowForm(f.WithErrors([]string{err.Error()})))
}
user, clientID, err := a.Check(f, c.Request(), rm)
switch err {
case nil:
creds := a.store.GetCredential(user)
if creds == nil {
return fmt.Errorf("flow progress: no such credential for %v", user.UserData())
}
finishedFlow := flow.Result{}
a.flows.Remove(f)
copier.Copy(&finishedFlow, f)
finishedFlow.Type = TypeCreateEntry
finishedFlow.Title = common.AppName
finishedFlow.Version = 1
finishedFlow.Result = a.NewAccessToken(c.Request(), user, f)
finishedFlow.Type = flow.TypeCreateEntry
finishedFlow.Title = common.AppNamePtr()
finishedFlow.Version = common.IntPtr(1)
finishedFlow.Result = a.NewAuthCode(ClientID(clientID), creds)
f.redirect(c)
@ -170,24 +131,29 @@ func (f *Flow) progress(a *Authenticator, c echo.Context) error {
case ErrInvalidAuth:
fallthrough
default:
f.Errors = map[string]interface{}{
return c.JSON(http.StatusOK, f.ShowForm(f.WithErrors(map[string]interface{}{
"base": "invalid_auth",
}
return c.JSON(http.StatusOK, f)
})))
}
default:
return c.String(http.StatusBadRequest, "unknown flow step")
return c.JSON(http.StatusOK, f.ShowForm(f.WithErrors(map[string]interface{}{
"base": "unknown_flow_step",
})))
}
}
func (a *Authenticator) LoginFlowDeleteHandler(c echo.Context) error {
flowID := c.Param("flow_id")
func (a *authenticator) LoginFlowDeleteHandler(c echo.Context) error {
a.Lock()
defer a.Unlock()
flowID := flow.FlowID(c.Param("flow_id"))
if flowID == "" {
return c.String(http.StatusBadRequest, "empty flow ID")
}
delete(a.flows, FlowID(flowID))
a.flows.Delete(flowID)
return c.String(http.StatusOK, "deleted")
}
@ -199,15 +165,20 @@ func setJSON(c echo.Context) {
}
}
func (a *Authenticator) BeginLoginFlowHandler(c echo.Context) error {
func (a *authenticator) BeginLoginFlowHandler(c echo.Context) error {
a.Lock()
defer a.Unlock()
setJSON(c)
var flowReq FlowRequest
var flowReq LoginFlowRequest
err := c.Bind(&flowReq)
if err != nil {
return c.String(http.StatusBadRequest, err.Error())
}
flowReq.ip = c.Request().RemoteAddr
resp := a.NewFlow(&flowReq)
if resp == nil {
@ -217,21 +188,18 @@ func (a *Authenticator) BeginLoginFlowHandler(c echo.Context) error {
return c.JSON(http.StatusOK, resp)
}
func (a *Authenticator) LoginFlowHandler(c echo.Context) error {
func (a *authenticator) LoginFlowHandler(c echo.Context) error {
a.Lock()
defer a.Unlock()
setJSON(c)
flowID := c.Param("flow_id")
flow := a.flows.Get(FlowID(flowID))
flow := a.flows.Get(flow.FlowID(flowID))
if flow == nil {
return c.String(http.StatusNotFound, "no such flow")
}
if time.Now().Sub(flow.ctime) > cullAge {
a.flows.Remove(flow)
return c.String(http.StatusGone, "flow timed out")
}
return flow.progress(a, c)
return flow.(*LoginFlow).progress(a, c)
}

View file

@ -9,6 +9,7 @@ import (
"golang.org/x/crypto/bcrypt"
"dynatron.me/x/blasphem/pkg/auth/provider"
"dynatron.me/x/blasphem/pkg/flow"
"dynatron.me/x/blasphem/pkg/storage"
)
@ -26,11 +27,22 @@ type HAUser struct {
func (hau *HAUser) UserData() provider.ProviderUser {
return &UserData{ // strip secret
Username: hau.Username,
AuthProvider: hau.AuthProvider,
}
}
func (hau *HAUser) Provider() provider.AuthProvider {
return hau.AuthProvider
}
func (hau *UserData) Provider() provider.AuthProvider {
return hau.AuthProvider
}
type UserData struct {
Username string `json:"username"`
provider.AuthProvider `json:"-"`
}
func (ud *UserData) UserData() provider.ProviderUser {
@ -83,6 +95,28 @@ func (hap *HomeAssistantProvider) hashPass(p string) ([]byte, error) {
return bcrypt.GenerateFromPassword([]byte(p), bcrypt.DefaultCost)
}
func (hap *HomeAssistantProvider) EqualCreds(c1, c2 provider.ProviderUser) bool {
switch c1c := c1.(type) {
case *HAUser:
switch c2c := c2.(type) {
case *HAUser:
return c2c.Username == c1c.Username
case *UserData:
return c2c.Username == c1c.Username
}
case *UserData:
switch c2c := c2.(type) {
case *HAUser:
return c2c.Username == c1c.Username
case *UserData:
return c2c.Username == c1c.Username
}
}
return false
}
func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]interface{}) (provider.ProviderUser, bool) {
usernameE, hasU := rm["username"]
passwordE, hasP := rm["password"]
@ -116,6 +150,7 @@ func (hap *HomeAssistantProvider) ValidateCreds(r *http.Request, rm map[string]i
err = bcrypt.CompareHashAndPassword(hash, []byte(password))
if err == nil {
found.AuthProvider = hap
return found, true
}
@ -126,19 +161,8 @@ func (hap *HomeAssistantProvider) NewCredData() interface{} {
return &HAUser{}
}
func (hap *HomeAssistantProvider) FlowSchema() []provider.FlowSchemaItem {
return []provider.FlowSchemaItem{
{
Type: "string",
Name: "username",
Required: true,
},
{
Type: "string",
Name: "password",
Required: true,
},
}
func (hap *HomeAssistantProvider) FlowSchema() flow.Schema {
return flow.NewSchema(flow.RequiredString("username"), flow.RequiredString("password"))
}
func init() {

View file

@ -3,6 +3,7 @@ package provider
import (
"net/http"
"dynatron.me/x/blasphem/pkg/flow"
"dynatron.me/x/blasphem/pkg/storage"
)
@ -13,9 +14,10 @@ var Providers = make(map[string]Constructor)
type AuthProvider interface { // TODO: this should include stepping
AuthProviderMetadata
ProviderBase() AuthProviderBase
FlowSchema() []FlowSchemaItem
FlowSchema() flow.Schema
NewCredData() interface{}
ValidateCreds(r *http.Request, reqMap map[string]interface{}) (user ProviderUser, success bool)
EqualCreds(c1, c2 ProviderUser) bool
Lookup(ProviderUser) ProviderUser
}
@ -24,8 +26,9 @@ func Register(providerName string, f func(storage.Store) (AuthProvider, error))
}
type ProviderUser interface {
// TODO: make sure this is sane with all the ProviderUser and UserData type stuf
// TODO: make sure this is sane with all the ProviderUser and UserData type stuff
UserData() ProviderUser
Provider() AuthProvider
}
type AuthProviderBase struct {
@ -44,9 +47,3 @@ func (bp *AuthProviderBase) ProviderName() string { return bp.Name }
func (bp *AuthProviderBase) ProviderID() *string { return bp.ID }
func (bp *AuthProviderBase) ProviderType() string { return bp.Type }
func (bp *AuthProviderBase) ProviderBase() AuthProviderBase { return *bp }
type FlowSchemaItem struct {
Type string `json:"type"`
Name string `json:"name"`
Required bool `json:"required"`
}

View file

@ -6,6 +6,7 @@ import (
"net/http"
"dynatron.me/x/blasphem/pkg/auth/provider"
"dynatron.me/x/blasphem/pkg/flow"
"dynatron.me/x/blasphem/pkg/storage"
)
@ -18,11 +19,22 @@ type User struct {
func (hau *User) UserData() provider.ProviderUser {
return &UserData{
UserID: hau.UserID,
AuthProvider: hau.AuthProvider,
}
}
func (hau *UserData) Provider() provider.AuthProvider {
return hau.AuthProvider
}
func (hau *User) Provider() provider.AuthProvider {
return hau.AuthProvider
}
type UserData struct {
UserID string `json:"user_id"`
provider.AuthProvider `json:"-"`
}
func (ud *UserData) UserData() provider.ProviderUser {
@ -35,6 +47,11 @@ type TrustedNetworksProvider struct {
provider.AuthProviderBase `json:"-"`
}
func (hap *TrustedNetworksProvider) EqualCreds(c1, c2 provider.ProviderUser) bool {
panic("not implemented")
return false
}
func New(s storage.Store) (provider.AuthProvider, error) {
hap := &TrustedNetworksProvider{
AuthProviderBase: provider.AuthProviderBase{
@ -61,19 +78,8 @@ func (hap *TrustedNetworksProvider) NewCredData() interface{} {
return &UserData{}
}
func (hap *TrustedNetworksProvider) FlowSchema() []provider.FlowSchemaItem {
return []provider.FlowSchemaItem{
{
Type: "string",
Name: "username",
Required: true,
},
{
Type: "string",
Name: "password",
Required: true,
},
}
func (hap *TrustedNetworksProvider) FlowSchema() flow.Schema {
return nil
}
func init() {

View file

@ -2,108 +2,102 @@ package auth
import (
"encoding/json"
"fmt"
"net/http"
"time"
"github.com/golang-jwt/jwt"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
"dynatron.me/x/blasphem/internal/common"
"dynatron.me/x/blasphem/internal/generate"
"dynatron.me/x/blasphem/pkg/auth/provider"
)
type (
TokenType string
RefreshTokenID string
)
type RefreshToken struct {
ID RefreshTokenID `json:"id"`
UserID UserID `json:"user_id"`
ClientID *ClientID `json:"client_id"`
ClientName *string `json:"client_name"`
ClientIcon *string `json:"client_icon"`
TokenType TokenType `json:"token_type"`
CreatedAt *common.PyTimestamp `json:"created_at"`
AccessTokenExpiration json.Number `json:"access_token_expiration"`
Token string `json:"token"`
JWTKey string `json:"jwt_key"`
LastUsedAt *common.PyTimestamp `json:"last_used_at"`
LastUsedIP *string `json:"last_used_ip"`
CredentialID *CredID `json:"credential_id"`
Version *string `json:"version"`
}
type AccessSessionStore struct {
s map[AccessTokenID]*AccessToken
type authCodeStore struct {
s map[authCodeTuple]flowResult
lastCull time.Time
}
type AccessTokenID string
type authCodeTuple struct {
ClientID ClientID
Code AuthCode
}
func (t *AccessTokenID) IsValid() bool {
func (t *authCodeTuple) IsValid() bool {
// TODO: more validation than this
return *t != ""
return t.Code != ""
}
type AccessToken struct { // TODO: jwt bro
ID AccessTokenID
Ctime time.Time
Expires time.Time
Addr string
user provider.ProviderUser `json:"-"`
type flowResult struct {
Time time.Time
Cred *Credentials
}
func (ss *AccessSessionStore) init() {
ss.s = make(map[AccessTokenID]*AccessToken)
// OAuth 4.2.1 spec recommends 10 minutes
const authCodeExpire = 10 * time.Minute
func (f *flowResult) IsValid(now time.Time) bool {
if now.After(f.Time.Add(authCodeExpire)) {
return false
}
return true
}
func (ss *authCodeStore) init() {
ss.s = make(map[authCodeTuple]flowResult)
}
const cullInterval = 5 * time.Minute
func (ss *AccessSessionStore) cull() {
func (ss *authCodeStore) cull() {
if now := time.Now(); now.Sub(ss.lastCull) > cullInterval {
for k, v := range ss.s {
if now.After(v.Expires) {
if !v.IsValid(now) {
delete(ss.s, k)
}
}
}
}
func (ss *AccessSessionStore) register(t *AccessToken) {
func (ss *authCodeStore) put(clientID ClientID, cred *Credentials) string {
ss.cull()
ss.s[t.ID] = t
code := generate.UUID()
ss.s[authCodeTuple{clientID, AuthCode(code)}] = flowResult{Time: time.Now(), Cred: cred}
return code
}
func (ss *AccessSessionStore) verify(tr *TokenRequest, r *http.Request) (provider.ProviderUser, bool) {
if t, hasToken := ss.s[tr.Code]; hasToken {
// TODO: JWT
if t.Expires.After(time.Now()) {
return t.user, true
} else {
delete(ss.s, t.ID)
func (ss *authCodeStore) get(tr *TokenRequest) (*Credentials, bool) {
key := authCodeTuple{tr.ClientID, tr.Code}
if t, hasCode := ss.s[key]; hasCode {
defer delete(ss.s, key)
if t.IsValid(time.Now()) {
return t.Cred, true
}
}
return nil, false
}
type Credential struct {
type Credentials struct {
ID CredID `json:"id"`
UserID UserID `json:"user_id"`
AuthProviderType string `json:"auth_provider_type"`
AuthProviderID *string `json:"auth_provider_id"`
DataRaw *json.RawMessage `json:"data,omitempty"`
user provider.ProviderUser `json:"-"`
User provider.ProviderUser `json:"-"`
}
func (cred *Credential) MarshalJSON() ([]byte, error) {
type CredAlias Credential // alias so ø method set and we don't recurse
func (cred *Credentials) MarshalJSON() ([]byte, error) {
type CredAlias Credentials // alias so ø method set and we don't recurse
nCd := (*CredAlias)(cred)
if cred.user != nil {
providerData := cred.user.UserData()
if cred.User != nil {
providerData := cred.User.UserData()
if providerData != nil {
b, err := json.Marshal(providerData)
if err != nil {
@ -118,58 +112,238 @@ func (cred *Credential) MarshalJSON() ([]byte, error) {
return json.Marshal(nCd)
}
func (a *Authenticator) verifyAndGetCredential(tr *TokenRequest, r *http.Request) *Credential {
user, success := a.sessions.verify(tr, r)
if !success {
type (
TokenType string
RefreshTokenID string
RefreshTokenToken string
)
func (rti RefreshTokenID) String() string { return string(rti) }
func (rti RefreshTokenToken) IsValid() bool { return rti != "" }
const (
TokenTypeSystem TokenType = "system"
TokenTypeNormal TokenType = "normal"
TokenTypeLongLived TokenType = "long_lived_access_token"
TokenTypeNone TokenType = ""
)
func (tt TokenType) IsValid() bool {
switch tt {
case TokenTypeSystem, TokenTypeNormal, TokenTypeLongLived:
return true
}
return false
}
type RefreshToken struct {
ID RefreshTokenID `json:"id"`
UserID UserID `json:"user_id"`
ClientID *ClientID `json:"client_id"`
ClientName *string `json:"client_name"`
ClientIcon *string `json:"client_icon"`
TokenType TokenType `json:"token_type"`
CreatedAt *common.PyTimestamp `json:"created_at"`
AccessTokenExpiration json.Number `json:"access_token_expiration"`
Token RefreshTokenToken `json:"token"`
JWTKey string `json:"jwt_key"`
LastUsedAt *common.PyTimestamp `json:"last_used_at"`
LastUsedIP *string `json:"last_used_ip"`
CredentialID *CredID `json:"credential_id"`
Version *string `json:"version"`
User *User `json:"-"`
}
func (rt *RefreshToken) IsValid() bool {
return rt.JWTKey != ""
}
func (rt *RefreshToken) AccessExpiration() (exp int64) {
exp, err := rt.AccessTokenExpiration.Int64()
if err != nil {
panic(err)
}
return
}
type RefreshOption func(*RefreshToken)
func WithClientID(cid ClientID) RefreshOption {
return func(rt *RefreshToken) {
rt.ClientID = &cid
}
}
func WithClientName(n string) RefreshOption {
return func(rt *RefreshToken) {
rt.ClientName = &n
}
}
func WithClientIcon(n string) RefreshOption {
return func(rt *RefreshToken) {
rt.ClientIcon = &n
}
}
func WithTokenType(t TokenType) RefreshOption {
return func(rt *RefreshToken) {
rt.TokenType = t
}
}
func WithCredential(c *Credentials) RefreshOption {
return func(rt *RefreshToken) {
rt.CredentialID = &c.ID
}
}
const DefaultAccessExpiration = "1800" // json 🤮
func (a *authenticator) NewRefreshToken(user *User, opts ...RefreshOption) (*RefreshToken, error) {
e := func(es string, arg ...interface{}) (*RefreshToken, error) {
return nil, fmt.Errorf(es, arg...)
}
now := common.PyTimestamp(time.Now())
r := &RefreshToken{
ID: RefreshTokenID(generate.UUID()),
UserID: user.ID,
Token: RefreshTokenToken(generate.Hex(64)),
JWTKey: generate.Hex(64),
CreatedAt: &now,
AccessTokenExpiration: DefaultAccessExpiration,
User: user,
}
for _, opt := range opts {
opt(r)
}
if r.TokenType == TokenTypeNone {
if user.SystemGenerated {
r.TokenType = TokenTypeSystem
} else {
r.TokenType = TokenTypeNormal
}
}
switch {
case !r.TokenType.IsValid():
return e("invalid token type")
case !user.Active:
return e("user is not active")
case user.SystemGenerated && r.ClientID != nil:
return e("system generated users cannot have refresh tokens connected to a client")
case !r.TokenType.IsValid():
return e("invalid token type '%v'", r.TokenType)
case user.SystemGenerated != (r.TokenType == TokenTypeSystem):
return e("system generated user can only have system type refresh tokens")
case r.TokenType == TokenTypeNormal && r.ClientID == nil:
return e("client is required to generate a refresh token")
case r.TokenType == TokenTypeLongLived && r.ClientName == nil:
return e("client name is required for long-lived token")
}
if r.TokenType == TokenTypeLongLived {
for _, lv := range user.RefreshTokens {
if strPtrEq(lv.ClientName, r.ClientName) && lv.TokenType == TokenTypeLongLived {
return e("client name '%v' already exists", *r.ClientName)
}
}
}
return a.store.PutRefreshToken(r)
}
func (r *RefreshToken) AccessToken(req *http.Request) (string, error) {
now := time.Now()
pytnow := common.PyTimestamp(now)
r.LastUsedAt = &pytnow
r.LastUsedIP = &req.RemoteAddr
return jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
Issuer: r.ID.String(),
IssuedAt: now.Unix(),
ExpiresAt: now.Add(time.Duration(r.AccessExpiration()) * time.Second).Unix(),
}).SignedString([]byte(r.JWTKey))
}
func (a *authenticator) ValidateAccessToken(token AccessToken) *RefreshToken {
var unverifiedIssRT *RefreshToken
claims := &jwt.StandardClaims{}
_, err := jwt.ParseWithClaims(string(token), claims, func(jt *jwt.Token) (interface{}, error) {
iss := jt.Claims.(*jwt.StandardClaims).Issuer
unverifiedIssRT = a.store.GetRefreshToken(RefreshTokenID(iss))
if unverifiedIssRT == nil {
return nil, fmt.Errorf("bad token")
}
return []byte(unverifiedIssRT.JWTKey), nil
})
if err != nil {
log.Error().Err(err).Msg("validateAccessToken")
return nil
}
cred := a.store.Credential(user)
return unverifiedIssRT
}
func (a *authenticator) verifyAndGetCredential(tr *TokenRequest) *Credentials {
cred, success := a.authCodes.get(tr)
if !success {
return nil
}
return cred
}
const defaultExpiration = 15 * time.Minute
func (a *Authenticator) NewAccessToken(r *http.Request, user provider.ProviderUser, f *Flow) AccessTokenID {
id := AccessTokenID(generate.UUID())
now := time.Now()
t := &AccessToken{
ID: id,
Ctime: now,
Expires: now.Add(defaultExpiration),
Addr: r.RemoteAddr,
user: user,
}
a.sessions.register(t)
return id
func (a *authenticator) NewAuthCode(clientID ClientID, cred *Credentials) string {
return a.authCodes.put(clientID, cred)
}
type GrantType string
const (
GTAuthorizationCode GrantType = "authorization_code"
GTRefreshToken GrantType = "refresh_token"
GrantAuthCode GrantType = "authorization_code"
GrantRefreshToken GrantType = "refresh_token"
)
type ClientID string
type ClientID common.ClientID
func (c *ClientID) IsValid() bool {
// TODO: || !indieauth.VerifyClientID(rq.ClientID)?
return *c != ""
}
type TokenRequest struct {
ClientID ClientID `form:"client_id"`
Code AccessTokenID `form:"code"`
GrantType GrantType `form:"grant_type"`
type AuthCode string
func (ac *AuthCode) IsValid() bool {
return *ac != ""
}
func (a *Authenticator) TokenHandler(c echo.Context) error {
type TokenRequest struct {
ClientID ClientID `form:"client_id"`
Code AuthCode `form:"code"`
GrantType GrantType `form:"grant_type"`
RefreshToken RefreshTokenToken `form:"refresh_token"`
}
const AuthFailed = "authentication failure"
func (a *authenticator) TokenHandler(c echo.Context) error {
a.Lock()
defer a.Unlock()
rq := new(TokenRequest)
err := c.Bind(rq)
if err != nil {
@ -177,7 +351,7 @@ func (a *Authenticator) TokenHandler(c echo.Context) error {
}
switch rq.GrantType {
case GTAuthorizationCode:
case GrantAuthCode:
if !rq.ClientID.IsValid() {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid client ID"})
}
@ -186,21 +360,88 @@ func (a *Authenticator) TokenHandler(c echo.Context) error {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid code"})
}
if cred := a.verifyAndGetCredential(rq, c.Request()); cred != nil {
// TODO: success
cred := a.verifyAndGetCredential(rq)
if cred == nil {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid code"})
}
user, err := a.getOrCreateUser(cred)
if err != nil {
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: err.Error()})
log.Error().Err(err).Msg("getOrCreateUser")
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
}
if err := user.allowedToAuth(); err != nil {
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: err.Error()})
}
return c.String(http.StatusOK, "token good I guess")
}
case GTRefreshToken:
return c.String(http.StatusNotImplemented, "not implemented")
if err := user.allowedToAuth(c.Request()); err != nil {
log.Error().Err(err).Msg("allowedToAuth")
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
}
return c.String(http.StatusUnauthorized, "token bad I guess")
rt, err := a.NewRefreshToken(user, WithClientID(rq.ClientID), WithCredential(cred))
if err != nil {
log.Error().Err(err).Msg("NewRefreshToken")
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
}
at, err := rt.AccessToken(c.Request())
if err != nil {
log.Error().Err(err).Msg("AccessToken")
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: AuthFailed})
}
return common.NoCache(c).JSON(http.StatusOK, &struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
RefreshToken RefreshTokenToken `json:"refresh_token"`
ExpiresIn int64 `json:"expires_in"`
HAAuthProvider string `json:"ha_auth_provider"`
}{
AccessToken: at,
TokenType: "Bearer",
RefreshToken: rt.Token,
ExpiresIn: rt.AccessExpiration(),
HAAuthProvider: cred.AuthProviderType,
})
case GrantRefreshToken:
log.Debug().Interface("request", c.Request()).Interface("tokenRequest", rq).Msg("grant_type=refresh_token")
if !rq.ClientID.IsValid() {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid client ID"})
}
if !rq.RefreshToken.IsValid() {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request"})
}
rt := a.store.GetRefreshTokenByToken(rq.RefreshToken)
if rt == nil {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_grant"})
}
if rt.ClientID == nil || *rt.ClientID != rq.ClientID {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request"})
}
if err := rt.User.allowedToAuth(c.Request()); err != nil {
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: err.Error()})
}
at, err := rt.AccessToken(c.Request())
if err != nil {
return c.JSON(http.StatusForbidden, AuthError{Error: "access_denied", Description: err.Error()})
}
return common.NoCache(c).JSON(http.StatusOK, &struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
}{
AccessToken: at,
TokenType: "Bearer",
ExpiresIn: rt.AccessExpiration(),
})
}
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request"})
}
type AccessToken string

View file

@ -1,11 +1,15 @@
package auth
import (
"crypto/subtle"
"encoding/json"
"fmt"
"dynatron.me/x/blasphem/internal/generate"
"dynatron.me/x/blasphem/pkg/auth/provider"
"dynatron.me/x/blasphem/pkg/storage"
"github.com/rs/zerolog/log"
)
const (
@ -14,37 +18,127 @@ const (
type AuthStore interface {
User(UserID) *User
Credential(provider.ProviderUser) *Credential
GetCredential(provider.ProviderUser) *Credentials
PutRefreshToken(*RefreshToken) (*RefreshToken, error)
GetRefreshTokenByToken(token RefreshTokenToken) *RefreshToken
GetRefreshToken(RefreshTokenID) *RefreshToken
}
type authStore struct {
Users []User `json:"users"`
Groups []Group `json:"groups"`
Credentials []Credential `json:"credentials"`
Refresh []RefreshToken `json:"refresh_tokens"`
storage.Item `json:"-"`
Users []*User `json:"users"`
Groups []*Group `json:"groups"`
Credentials []*Credentials `json:"credentials"`
Refresh []*RefreshToken `json:"refresh_tokens"`
userMap map[UserID]*User
providerUsers map[provider.ProviderUser]*Credential
providerUsers map[provider.ProviderUser]*Credentials
store storage.Store
}
func (as *authStore) Credential(p provider.ProviderUser) *Credential {
c, have := as.providerUsers[p]
if !have {
return nil
func (as *authStore) sync() {
err := as.store.Flush(as.ItemKey())
if err != nil {
log.Error().Err(err).Msg("sync authStore")
}
}
func strPtrEq(n1, n2 *string) bool {
return (n1 == n2 || (n1 != nil && n2 != nil && *n1 == *n2))
}
func (as *authStore) GetCredential(p provider.ProviderUser) *Credentials {
var found *Credentials
for _, cr := range as.Credentials {
if p != nil && (p == cr.User ||
(p.Provider() != nil &&
strPtrEq(cr.AuthProviderID, p.Provider().ProviderID()) &&
cr.AuthProviderType == p.Provider().ProviderType() &&
p.Provider().EqualCreds(cr.User.UserData(), p.UserData()))) {
found = cr
}
}
return found
}
func (as *authStore) PutRefreshToken(rt *RefreshToken) (*RefreshToken, error) {
e := func(es string, a ...interface{}) (*RefreshToken, error) {
return nil, fmt.Errorf(es, a...)
}
u, hasUser := as.userMap[rt.UserID]
if !hasUser {
return e("no such user %v", rt.UserID)
}
as.Refresh = append(as.Refresh, rt)
u.RefreshTokens = append(u.RefreshTokens, rt)
as.sync()
return rt, nil
}
func (as *authStore) GetRefreshTokenByToken(token RefreshTokenToken) *RefreshToken {
var found *RefreshToken
for _, u := range as.Users {
for _, rt := range u.RefreshTokens {
if subtle.ConstantTimeCompare([]byte(token), []byte(rt.Token)) == 1 {
found = rt
found.User = u
}
}
}
return found
}
func (as *authStore) GetRefreshToken(tid RefreshTokenID) *RefreshToken {
var found *RefreshToken
for _, u := range as.Users {
for _, rt := range u.RefreshTokens {
if subtle.ConstantTimeCompare([]byte(tid), []byte(rt.ID.String())) == 1 {
found = rt
found.User = u
}
}
}
return found
}
func (as *authStore) newCredential(p provider.ProviderUser) *Credentials {
// XXX: probably broken
prov := p.Provider()
id := generate.UUID()
c := &Credentials{
ID: CredID(id),
AuthProviderType: prov.ProviderBase().Type,
AuthProviderID: prov.ProviderBase().ID,
}
return c
}
func (a *Authenticator) newAuthStore(s storage.Store) (as *authStore, err error) {
as = &authStore{}
err = s.Get(AuthStoreKey, as)
func (a *authenticator) newAuthStore(s storage.Store) (as *authStore, err error) {
as = &authStore{
store: s,
}
as.Item, err = s.GetItem(AuthStoreKey, as)
if err != nil {
return
}
as.userMap = make(map[UserID]*User)
as.providerUsers = make(map[provider.ProviderUser]*Credential)
as.providerUsers = make(map[provider.ProviderUser]*Credentials)
for _, u := range as.Users {
as.userMap[u.ID] = &u
as.userMap[u.ID] = u
}
for _, c := range as.Credentials {
@ -61,14 +155,45 @@ func (a *Authenticator) newAuthStore(s storage.Store) (as *authStore, err error)
return nil, err
}
c.user = prov.Lookup(pd.(provider.ProviderUser))
if c.user == nil {
c.User = prov.Lookup(pd.(provider.ProviderUser))
if c.User == nil {
return nil, fmt.Errorf("cannot find user in provider %s", prov.ProviderName())
}
as.providerUsers[c.user] = &c
as.providerUsers[c.User] = c
}
u, hasUser := as.userMap[c.UserID]
if !hasUser {
log.Error().Str("userid", string(c.UserID)).Msg("creds no such userid in map")
continue
}
u.Creds = append(u.Creds, c)
}
// remove invalid RefreshTokens
i := 0
for _, rt := range as.Refresh {
if rt.IsValid() {
u, hasUser := as.userMap[rt.UserID]
if !hasUser {
log.Error().Str("userid", string(rt.UserID)).Msg("refreshtokens no such userid in map")
continue
}
as.Refresh[i] = rt
i++
u.RefreshTokens = append(u.RefreshTokens, rt)
}
}
// don't leak memory
for j := i; j < len(as.Refresh); j++ {
as.Refresh[j] = nil
}
as.Refresh = as.Refresh[:i]
return
}

View file

@ -1,7 +1,8 @@
package auth
import (
"github.com/rs/zerolog/log"
"net"
"net/http"
)
type UserID string
@ -18,6 +19,9 @@ type User struct {
GroupIDs []GroupID `json:"group_ids"`
Data interface{} `json:"data,omitempty"`
UserMetadata
Creds []*Credentials `json:"-"`
RefreshTokens []*RefreshToken `json:"-"`
}
type UserMetadata struct {
@ -28,16 +32,28 @@ type UserMetadata struct {
LocalOnly bool `json:"local_only"`
}
func (u *User) allowedToAuth() error {
func (u *User) allowedToAuth(r *http.Request) error {
if !u.Active {
return ErrDisabled
}
if !u.LocalOnly {
return nil
}
ip := net.ParseIP(r.RemoteAddr)
if ip == nil {
return ErrInvalidIP
}
if ip.IsLoopback() || ip.IsPrivate() || ip.IsLinkLocalUnicast() {
return nil
}
return ErrUserAuthRemote
}
func (a *Authenticator) getOrCreateUser(c *Credential) (*User, error) {
log.Debug().Interface("userdata", c).Msg("getOrCreateUser")
func (a *authenticator) getOrCreateUser(c *Credentials) (*User, error) {
u := a.store.User(c.UserID)
if u == nil {
return nil, ErrInvalidAuth

View file

@ -7,20 +7,36 @@ import (
"strings"
"dynatron.me/x/blasphem/internal/common"
"dynatron.me/x/blasphem/pkg/auth"
"dynatron.me/x/blasphem/pkg/blas/core"
"dynatron.me/x/blasphem/pkg/bus"
"dynatron.me/x/blasphem/pkg/components"
"dynatron.me/x/blasphem/pkg/config"
"dynatron.me/x/blasphem/pkg/storage"
"dynatron.me/x/blasphem/pkg/wsapi"
"github.com/rs/zerolog/log"
)
type Blas struct {
*bus.Bus
bus.Bus
storage.Store
auth.Authenticator
Config *config.Config
core.WebSocketManager
components components.ComponentStore
}
func (b *Blas) Shutdown(ctx context.Context) error {
b.Bus.Shutdown()
b.Store.Shutdown()
func (b *Blas) Version() string {
return common.Version
}
func (b *Blas) Conf() *config.Config { return b.Config }
func (b *Blas) ShutdownBlas(ctx context.Context) error {
b.Bus.ShutdownBus()
b.Store.ShutdownStore()
return ctx.Err()
}
@ -51,12 +67,42 @@ func (b *Blas) openStore() error {
return err
}
func New(cfg *config.Config) (*Blas, error) {
b := &Blas{
Bus: bus.New(),
Config: cfg,
func (b *Blas) Component(k components.ComponentKey) components.Component {
c, ok := b.components[k]
if !ok {
return nil
}
return c
}
func (b *Blas) Components() components.ComponentStore { return b.components }
func New(cfg *config.Config) (b *Blas, err error) {
b = &Blas{
Bus: bus.New(),
Config: cfg,
components: make(components.ComponentStore),
WebSocketManager: wsapi.NewManager(),
}
err = b.openStore()
if err != nil {
return nil, err
}
b.Authenticator, err = auth.New(b.Store)
for k, v := range Registry {
log.Info().Msgf("Setting up component %s", k)
c, err := v(b)
if err != nil {
log.Error().Err(err).Msgf("Error setting up component %s", k)
continue
}
b.components[k] = c
}
err := b.openStore()
return b, err
}

21
pkg/blas/components.go Normal file
View file

@ -0,0 +1,21 @@
package blas
import (
"fmt"
"dynatron.me/x/blasphem/pkg/blas/core"
"dynatron.me/x/blasphem/pkg/components"
)
type Setup func(core.Blas) (components.Component, error)
var Registry = make(map[components.ComponentKey]Setup)
func Register(key components.ComponentKey, c Setup) {
_, already := Registry[key]
if already {
panic(fmt.Sprintf("component %s already exists", key))
}
Registry[key] = c
}

51
pkg/blas/core/core.go Normal file
View file

@ -0,0 +1,51 @@
package core
import (
"context"
"dynatron.me/x/blasphem/pkg/auth"
"dynatron.me/x/blasphem/pkg/bus"
"dynatron.me/x/blasphem/pkg/components"
"dynatron.me/x/blasphem/pkg/config"
"dynatron.me/x/blasphem/pkg/storage"
"github.com/gorilla/websocket"
)
type Blas interface {
auth.Authenticator
bus.Bus
storage.Store
config.Configured
components.Componenter
WebSocketManager
Shutdowner
Versioner
}
type WebSocketManager interface {
// Register registers a websocket command.
// cmd is the first part, before first slash
// dataNew is a function to create a new message datatype
RegisterWSCommand(cmd string, hnd Handler, dataNew NewData)
WSCommandHandler(cmd string, splitCmd []string) (NewData, Handler, error)
}
type WebSocketSession interface {
Conn() *websocket.Conn
Go(context.Context) error
Blas() Blas
}
type Handler func(ctx context.Context, wss WebSocketSession, msgID int, cmd []string, msg interface{}) error
type NewData func(cmd []string) interface{}
type Shutdowner interface {
ShutdownBlas(context.Context) error
}
type Versioner interface {
Version() string
}

View file

@ -12,22 +12,28 @@ type (
listeners []chan<- Event
Bus struct {
bus struct {
sync.RWMutex
subs map[string]listeners
}
Bus interface {
Sub(topic string, ch chan<- Event)
Unsub(topic string, ch chan<- Event)
Pub(topic string, data interface{})
ShutdownBus()
}
)
func New() *Bus {
bus := &Bus{
func New() Bus {
bus := &bus{
subs: make(map[string]listeners),
}
return bus
}
func (b *Bus) Sub(topic string, ch chan<- Event) {
func (b *bus) Sub(topic string, ch chan<- Event) {
b.Lock()
defer b.Unlock()
@ -38,7 +44,7 @@ func (b *Bus) Sub(topic string, ch chan<- Event) {
}
}
func (b *Bus) Unsub(topic string, ch chan<- Event) {
func (b *bus) Unsub(topic string, ch chan<- Event) {
b.Lock()
defer b.Unlock()
@ -51,7 +57,7 @@ func (b *Bus) Unsub(topic string, ch chan<- Event) {
}
}
func (b *Bus) Pub(topic string, data interface{}) {
func (b *bus) Pub(topic string, data interface{}) {
b.RLock()
defer b.RUnlock()
@ -65,7 +71,7 @@ func (b *Bus) Pub(topic string, data interface{}) {
}
}
func (b *Bus) Shutdown() {
func (b *bus) ShutdownBus() {
for _, v := range b.subs {
for _, c := range v {
close(c)

View file

@ -2,18 +2,18 @@ package serve
import (
"dynatron.me/x/blasphem/internal/common"
"dynatron.me/x/blasphem/pkg/config"
blas "dynatron.me/x/blasphem/pkg/blas/core"
"dynatron.me/x/blasphem/pkg/server"
"github.com/spf13/cobra"
)
type ServeOptions struct {
cfg *config.Config
core blas.Blas
}
func Command(cfg *config.Config) *cobra.Command {
opts := makeOptions(cfg)
func Command(core blas.Blas) *cobra.Command {
opts := makeOptions(core)
serveCmd := &cobra.Command{
Use: "serve",
Short: "starts the " + common.AppName + " server",
@ -23,9 +23,9 @@ func Command(cfg *config.Config) *cobra.Command {
return serveCmd
}
func makeOptions(cfg *config.Config) *ServeOptions {
func makeOptions(core blas.Blas) *ServeOptions {
return &ServeOptions{
cfg: cfg,
core: core,
}
}
@ -34,7 +34,7 @@ func (o *ServeOptions) Options(_ *cobra.Command, args []string) error {
}
func (o *ServeOptions) Execute() error {
server, err := server.New(o.cfg)
server, err := server.New(o.core)
if err != nil {
return err
}

View file

@ -0,0 +1,17 @@
package components
import ()
type Componenter interface {
Component(ComponentKey) Component
Components() ComponentStore
}
type (
ComponentStore map[ComponentKey]Component
ComponentKey string
Component interface {
Shutdown()
}
)

View file

@ -11,6 +11,10 @@ import (
"gopkg.in/yaml.v3"
)
type Configured interface {
Conf() *Config
}
type Config struct {
DataDir *string `yaml:"data_dir,omitempty"`
Server *server.Config `yaml:"server"`

203
pkg/flow/flow.go Normal file
View file

@ -0,0 +1,203 @@
// flow is the data entry flow.
package flow
import (
"fmt"
"time"
"dynatron.me/x/blasphem/internal/generate"
)
type ResultType string
type FlowID string
type Step string
type HandlerKey string
type Errors interface{}
type FlowStore map[FlowID]Handler
type FlowManager struct {
flows FlowStore
}
type Result struct {
Type ResultType `json:"type"`
ID FlowID `json:"flow_id"`
Handler []*HandlerKey `json:"handler"`
Title *string `json:"title,omitempty"`
Data map[string]interface{} `json:"data,omitempty"`
StepID *Step `json:"step_id,omitempty"`
Schema []SchemaItem `json:"data_schema"`
Extra *string `json:"extra,omitempty"`
Required *bool `json:"required,omitempty"`
Errors interface{} `json:"errors"`
Description *string `json:"description,omitempty"`
DescPlace *string `json:"description_placeholders"`
URL *string `json:"url,omitempty"`
Reason *string `json:"reason,omitempty"`
Context *string `json:"context,omitempty"`
Result interface{} `json:"result,omitempty"`
LastStep *string `json:"last_step"`
Options map[string]interface{} `json:"options,omitempty"`
Version *int `json:"version,omitempty"`
}
type Handler interface {
BaseHandler() FlowHandler
FlowID() FlowID
flowCtime() time.Time
}
const (
StepInit Step = "init"
)
func (fs Schema) CheckRequired(rm map[string]interface{}) error {
for _, si := range fs {
if si.Required {
if _, ok := rm[si.Name]; !ok {
return fmt.Errorf("missing required param %s", si.Name)
}
}
}
return nil
}
func NewFlowManager() *FlowManager {
return &FlowManager{
flows: make(FlowStore),
}
}
func stepPtr(s Step) *Step { return &s }
type FlowHandler struct {
ID FlowID // ID is the FlowID
Handler HandlerKey // Handler key
// curStep is the current step set by the flow manager
curStep Step
ctime time.Time
}
func (f *FlowHandler) Step() Step { return f.curStep }
func (f *FlowHandler) BaseHandler() FlowHandler { return *f }
func (f *FlowHandler) FlowID() FlowID {
return f.ID
}
func (f *FlowHandler) flowCtime() time.Time { return f.ctime }
func NewFlowHandlerBase(hand string) FlowHandler {
return FlowHandler{
ID: FlowID(generate.UUID()),
Handler: HandlerKey(hand),
curStep: StepInit,
ctime: time.Now(),
}
}
func (hk *HandlerKey) String() string {
return string(*hk)
}
func (fm *FlowHandler) Handlers() []*HandlerKey {
return []*HandlerKey{&fm.Handler, nil}
}
func resultErrs(e Errors) Errors {
if e == nil {
return []string{}
}
return e
}
type FormOption func(*Result)
func (*FlowHandler) WithErrors(e Errors) FormOption {
return func(r *Result) {
r.Errors = e
}
}
func (*FlowHandler) WithStep(s Step) FormOption {
return func(r *Result) {
r.StepID = stepPtr(s)
}
}
func (*FlowHandler) WithSchema(sch Schemer) FormOption {
return func(r *Result) {
r.Schema = sch.FlowSchema()
}
}
func (fm *FlowHandler) ShowForm(opts ...FormOption) *Result {
res := &Result{
Type: TypeForm,
ID: fm.ID,
StepID: stepPtr(fm.curStep),
Handler: fm.Handlers(),
}
for _, opt := range opts {
opt(res)
}
res.Errors = resultErrs(res.Errors)
return res
}
func (fm *FlowManager) Delete(id FlowID) {
delete(fm.flows, id)
}
const (
TypeForm ResultType = "form"
TypeCreateEntry ResultType = "create_entry"
TypeAbort ResultType = "abort"
TypeExternalStep ResultType = "external"
TypeExternalStepDone ResultType = "external_done"
TypeShowProgress ResultType = "progress"
TypeShowProgressDone ResultType = "progress_done"
TypeMenu ResultType = "menu"
)
func (f *FlowHandler) touch() {
f.ctime = time.Now()
}
func (fm *FlowManager) Register(f Handler) {
fm.flows.cull()
fm.flows[f.FlowID()] = f
}
func (fs *FlowManager) Remove(f Handler) {
delete(fs.flows, f.FlowID())
}
const cullAge = time.Minute * 10
func (fs FlowStore) cull() {
for k, v := range fs {
if time.Now().Sub(v.flowCtime()) > cullAge {
delete(fs, k)
}
}
}
func (fs *FlowManager) Get(id FlowID) Handler {
f, ok := fs.flows[id]
if ok {
return f
}
return nil
}

40
pkg/flow/schema.go Normal file
View file

@ -0,0 +1,40 @@
package flow
type Type string
const (
TypeString Type = "string"
)
func (t Type) IsValid() bool {
switch t {
case TypeString:
return true
}
return false
}
type SchemaItem struct {
Type Type `json:"type"`
Name string `json:"name"`
Required bool `json:"required"`
}
type Schema []SchemaItem
type Schemer interface {
FlowSchema() Schema
}
func NewSchema(items ...SchemaItem) Schema {
return items
}
func RequiredString(name string) SchemaItem {
return SchemaItem{
Type: TypeString,
Name: name,
Required: true,
}
}

View file

@ -1,24 +1,42 @@
package frontend
import (
"context"
"embed"
"io"
"io/fs"
"net/http"
"sync"
"dynatron.me/x/blasphem/pkg/blas"
"dynatron.me/x/blasphem/pkg/blas/core"
"dynatron.me/x/blasphem/pkg/components"
"github.com/labstack/echo/v4"
)
const FrontendKey = "frontend"
//go:embed frontend/hass_frontend
var root embed.FS
var RootFS fs.FS
type Frontend struct {
fsHandler echo.HandlerFunc
rootFS fs.FS
var FSHandler echo.HandlerFunc
routeInstall sync.Once
}
func AliasHandler(toFile string) echo.HandlerFunc {
func (fe *Frontend) InstallRoutes(e *echo.Echo) {
fe.routeInstall.Do(func() {
e.GET("/*", fe.fsHandler)
e.GET("/auth/authorize", fe.AliasHandler("authorize.html"))
})
}
func (fe *Frontend) AliasHandler(toFile string) echo.HandlerFunc {
return func(c echo.Context) error {
file, err := RootFS.Open(toFile)
file, err := fe.rootFS.Open(toFile)
if err != nil {
return err
}
@ -33,13 +51,32 @@ func AliasHandler(toFile string) echo.HandlerFunc {
}
}
func init() {
func (*Frontend) Shutdown() {}
func newData(_ []string) interface{} {
return map[string]interface{}{}
}
func wsHand(ctx context.Context, wss core.WebSocketSession, msgID int, cmd []string, msg interface{}) error {
return nil
}
func Setup(b core.Blas) (components.Component, error) {
fe := &Frontend{}
var err error
RootFS, err = fs.Sub(root, "frontend/hass_frontend")
fe.rootFS, err = fs.Sub(root, "frontend/hass_frontend")
if err != nil {
panic(err)
return nil, err
}
FSHandler = echo.StaticDirectoryHandler(RootFS, false)
fe.fsHandler = echo.StaticDirectoryHandler(fe.rootFS, false)
b.RegisterWSCommand("frontend", wsHand, newData)
return fe, nil
}
func init() {
blas.Register(FrontendKey, Setup)
}

View file

@ -12,40 +12,39 @@ import (
"github.com/rs/zerolog/log"
"github.com/ziflex/lecho/v3"
"dynatron.me/x/blasphem/pkg/auth"
"dynatron.me/x/blasphem/pkg/blas"
"dynatron.me/x/blasphem/pkg/config"
"dynatron.me/x/blasphem/pkg/blas/core"
"dynatron.me/x/blasphem/pkg/frontend"
conf "dynatron.me/x/blasphem/pkg/server/config"
)
type Server struct {
*blas.Blas
core.Blas
*echo.Echo
auth.Authenticator
wg sync.WaitGroup
}
func (s *Server) installRoutes() {
s.GET("/*", frontend.FSHandler)
s.GET("/api/websocket", s.wsHandler)
s.Authenticator.InstallRoutes(s.Echo)
type RouteHaver interface {
InstallRoutes(e *echo.Echo)
}
func New(cfg *config.Config) (s *Server, err error) {
b, err := blas.New(cfg)
if err != nil {
return nil, err
}
func (s *Server) installRoutes() {
s.GET("/api/websocket", s.wsHandler)
s = &Server{
Blas: b,
Echo: echo.New(),
s.Component(frontend.FrontendKey).(RouteHaver).InstallRoutes(s.Echo)
s.Blas.(*blas.Blas).Authenticator.InstallRoutes(s.Echo)
for _, c := range s.Components() {
if rh, ok := c.(RouteHaver); ok {
rh.InstallRoutes(s.Echo)
}
err = s.InitAuth(b.Store)
if err != nil {
return s, err
}
}
func New(core core.Blas) (s *Server, err error) {
s = &Server{
Blas: core,
Echo: echo.New(),
}
s.Echo.Debug = true
@ -53,6 +52,8 @@ func New(cfg *config.Config) (s *Server, err error) {
logger := lecho.From(log.Logger)
s.Echo.Logger = logger
cfg := s.Conf()
if cfg.Server.LogRequestErrors {
s.Echo.Use(lecho.Middleware(lecho.Config{
Logger: logger,
@ -80,7 +81,7 @@ func New(cfg *config.Config) (s *Server, err error) {
}
func (s *Server) Shutdown(ctx context.Context) error {
err := s.Blas.Shutdown(ctx)
err := s.ShutdownBlas(ctx)
if err != nil {
return err
}
@ -91,8 +92,8 @@ func (s *Server) Shutdown(ctx context.Context) error {
func (s *Server) Go() error {
s.wg.Add(1)
go func() {
log.Info().Str("bind", s.Config.Server.Bind).Msg("Server listening")
err := s.Start(s.Config.Server.Bind)
log.Info().Str("version", s.Version()).Str("bind", s.Conf().Server.Bind).Msg("Server listening")
err := s.Start(s.Conf().Server.Bind)
if err != nil && err != http.ErrServerClosed {
s.Logger.Fatal(err)
}

View file

@ -1,11 +1,12 @@
package server
import (
"errors"
"log"
"context"
"dynatron.me/x/blasphem/pkg/wsapi"
"github.com/gorilla/websocket"
"github.com/labstack/echo/v4"
"github.com/rs/zerolog/log"
)
var upgrader = websocket.Upgrader{
@ -14,7 +15,16 @@ var upgrader = websocket.Upgrader{
}
func (s *Server) wsHandler(c echo.Context) error {
log.Println("WebSocket")
//conn, err := upgrader.Upgrade(w, req, nil)
return errors.New("not handled")
conn, err := upgrader.Upgrade(c.Response(), c.Request(), nil)
if err != nil {
return err
}
defer conn.Close()
_ = log.Debug
ctx, cancel := context.WithCancel(c.Request().Context())
defer cancel()
return wsapi.NewSession(s, c, conn).Go(ctx)
}

View file

@ -129,7 +129,7 @@ func (s *fsStore) FlushAll() []error {
return errs
}
func (s *fsStore) Shutdown() {
func (s *fsStore) ShutdownStore() {
errs := s.FlushAll()
if errs != nil {
log.Error().Errs("errors", errs).Msg("errors persisting store")

View file

@ -50,6 +50,6 @@ type Store interface {
// Flush flushes a single key to backing.
Flush(key string) error
// Shutdown is called to quiesce and shutdown the store.
Shutdown()
// ShutdownStore is called to quiesce and shutdown the store.
ShutdownStore()
}

264
pkg/wsapi/api.go Normal file
View file

@ -0,0 +1,264 @@
package wsapi
import (
"context"
"encoding/json"
"errors"
"strings"
"dynatron.me/x/blasphem/pkg/auth"
"dynatron.me/x/blasphem/pkg/blas/core"
"github.com/gorilla/websocket"
"github.com/labstack/echo/v4"
"github.com/mitchellh/mapstructure"
"github.com/rs/zerolog/log"
)
var (
NoSuchHandlerErr = errors.New("bad websocket command")
NoMessageIDErr = errors.New("no message ID")
AuthInvalidErr = errors.New("invalid auth")
)
type Type string
type MsgBase struct {
ID *int `json:"id,omitempty"`
Type Type `json:"type"`
}
type (
wsSession struct {
conn *websocket.Conn
b core.Blas
ec echo.Context
write chan<- interface{}
user *auth.User
refreshToken *auth.RefreshToken
}
wsEntry struct {
dataNew core.NewData
hnd core.Handler
}
wsRegistry map[string]wsEntry
wsManager struct {
r wsRegistry
}
)
func (wsm *wsManager) RegisterWSCommand(cmd string, hnd core.Handler, dataNew core.NewData) {
wsm.r[cmd] = wsEntry{
dataNew: dataNew,
hnd: hnd,
}
}
func (wsm *wsManager) WSCommandHandler(cmd string, cmdSplit []string) (core.NewData, core.Handler, error) {
if wse, ok := wsm.r[cmd]; ok {
return wse.dataNew, wse.hnd, nil
}
if wse, ok := wsm.r[cmdSplit[0]]; ok {
return wse.dataNew, wse.hnd, nil
}
return nil, nil, NoSuchHandlerErr
}
func NewManager() core.WebSocketManager {
return &wsManager{
r: make(wsRegistry),
}
}
func NewSession(s core.Blas, c echo.Context, conn *websocket.Conn) core.WebSocketSession {
ws := &wsSession{
conn: conn,
b: s,
ec: c,
}
return ws
}
func (ws *wsSession) Conn() *websocket.Conn {
return ws.conn
}
func (ws *wsSession) Blas() core.Blas { return ws.b }
func (ws *wsSession) Go(ctx context.Context) error {
authP := &authPhase{ws}
err := ws.sendAuthRequired()
if err != nil {
return err
}
_, rdr, err := ws.conn.NextReader()
if err != nil {
return err
}
err = authP.handleMsg(ctx, rdr)
if err != nil || ws.refreshToken == nil {
return err
}
// command phase
msgChan := make(chan map[string]interface{})
write := make(chan interface{})
ws.write = write
defer close(write)
cCtx, cancel := context.WithCancel(ctx)
defer cancel()
go func(ctx context.Context, ch chan<- map[string]interface{}) {
defer close(ch)
for {
if err := ctx.Err(); err != nil {
return
}
_, rdr, err := ws.conn.NextReader()
switch {
case err == nil:
case websocket.IsCloseError(err, websocket.CloseGoingAway):
return
case err != nil:
log.Error().Err(err).Str("remote", ws.ec.Request().RemoteAddr).Msg("websocket read fail")
return
}
var msgMap map[string]interface{}
err = json.NewDecoder(rdr).Decode(&msgMap)
if err != nil {
ws.writeError(-1, Error{Code: "invalid_format", Message: err.Error()})
}
ch <- msgMap
}
}(cCtx, msgChan)
for {
select {
case msg, ok := <-msgChan:
if !ok {
return nil
}
err = ws.handleMsg(ctx, msg)
if err != nil {
log.Error().Err(err).Msg("handleMsg")
}
case <-ctx.Done():
close(msgChan) // maybe remove this?
return nil
case m := <-write:
err := ws.conn.WriteJSON(m)
if err != nil {
log.Error().Err(err).Msg("writeMsg")
}
}
}
}
func (ws *wsSession) Write(msg interface{}) {
ws.write <- msg
}
type MsgType string
const (
ResultMsgType MsgType = "result"
)
type Error struct {
Code string `json:"code"`
Message string `json:"message"`
}
type WSError struct {
ID *int `json:"id,omitempty"`
Type MsgType `json:"type"`
Success bool `json:"success"`
Error Error `json:"error"`
}
func (ws *wsSession) writeError(id int, err Error) error {
return ws.conn.WriteJSON(WSError{
ID: &id,
Type: ResultMsgType,
Success: false,
Error: err,
})
}
func (ws *wsSession) handleMsg(ctx context.Context, msgMap map[string]interface{}) error {
if err := ctx.Err(); err != nil {
return nil
}
msgType, ok := msgMap["type"].(string)
if !ok {
return NoSuchHandlerErr
}
idFl, ok := msgMap["id"].(float64)
if !ok {
ws.Write(WSError{
Type: ResultMsgType,
Success: false,
Error: Error{
Code: "invalid_id",
Message: "command has no ID",
},
})
return nil
}
id := int(idFl)
cmd := strings.Split(msgType, "/")
newData, hand, err := ws.b.WSCommandHandler(cmd[0], cmd)
switch err {
case nil:
case NoSuchHandlerErr:
ws.writeError(id, Error{
Code: "invalid_type",
Message: "no such command",
})
return nil
default:
log.Error().Err(err).Msg("dispatch")
return nil
}
nd := newData(cmd)
if _, ok := nd.(map[string]interface{}); !ok {
err := mapstructure.Decode(&msgMap, &nd)
if err != nil {
ws.writeError(id, Error{
Code: "invalid_format",
Message: err.Error(),
})
return nil
}
}
err = hand(ctx, ws, id, cmd, nd)
if err != nil {
log.Error().Err(err).Msg("dispatch")
}
return nil
}

81
pkg/wsapi/auth.go Normal file
View file

@ -0,0 +1,81 @@
package wsapi
import (
"context"
"encoding/json"
"io"
"dynatron.me/x/blasphem/pkg/auth"
"github.com/rs/zerolog/log"
)
type authPhase struct {
*wsSession
}
func (ws *wsSession) sendAuthRequired() error {
authReq := &struct {
MsgBase
Version string `json:"ha_version"`
}{
MsgBase{Type: "auth_required"},
ws.b.Version(),
}
return ws.conn.WriteJSON(&authReq)
}
type authMsg struct {
MsgBase
AccessToken auth.AccessToken `json:"access_token"`
}
func (ap *authPhase) msgSchema() interface{} {
return &authMsg{}
}
func (ap *authPhase) finishAuth(rt *auth.RefreshToken) {
ap.user = rt.User
ap.refreshToken = rt
}
func (ap *authPhase) sendAuthOK() error {
return ap.conn.WriteJSON(struct {
Type string `json:"type"`
Version string `json:"ha_version"`
}{Type: "auth_ok", Version: ap.Blas().Version()})
}
func (ap *authPhase) sendAuthInvalid() error {
return ap.conn.WriteJSON(struct {
Type string `json:"type"`
Message string `json:"message"`
}{Type: "auth_ok", Message: "invalid auth"})
}
func (ap *authPhase) handleMsg(ctx context.Context, r io.Reader) error {
var authMsg authMsg
err := json.NewDecoder(r).Decode(&authMsg)
if err != nil {
return err
}
if err := ctx.Err(); err != nil {
return err
}
refreshToken := ap.b.ValidateAccessToken(authMsg.AccessToken)
if refreshToken != nil {
ap.finishAuth(refreshToken)
return ap.sendAuthOK()
}
log.Error().Str("remote", ap.ec.Request().RemoteAddr).Msg("websocket auth failed")
err = ap.sendAuthInvalid()
if err != nil {
return err
}
return AuthInvalidErr
}