From 58b00525cc8b0f5d73db0279d421d5d2fdc547c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= Date: Sat, 13 Mar 2021 20:42:56 +0100 Subject: [PATCH] refactor authenticate to use Token. --- internal/api/router.go | 2 +- internal/api/session.go | 9 +++--- internal/session/auth.go | 52 ++++++++++++++--------------------- internal/websocket/manager.go | 2 +- 4 files changed, 27 insertions(+), 38 deletions(-) diff --git a/internal/api/router.go b/internal/api/router.go index c57ee9dc..b1fe988a 100644 --- a/internal/api/router.go +++ b/internal/api/router.go @@ -59,7 +59,7 @@ func (api *ApiManagerCtx) Route(r chi.Router) { func (api *ApiManagerCtx) Authenticate(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session, err := api.sessions.AuthenticateRequest(r) + session, err := api.sessions.Authenticate(r) if err != nil { utils.HttpUnauthorized(w, err) } else { diff --git a/internal/api/session.go b/internal/api/session.go index a9f67a37..c7678e14 100644 --- a/internal/api/session.go +++ b/internal/api/session.go @@ -30,11 +30,12 @@ func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) { return } - session, err := api.sessions.Authenticate(data.ID, data.Secret) - if err != nil { - utils.HttpUnauthorized(w, err) + // TODO: Proper login. + //session, err := api.sessions.Authenticate(data.ID, data.Secret) + //if err != nil { + utils.HttpUnauthorized(w, "no authentication implemented") return - } + //} sameSite := http.SameSiteNoneMode if UnsecureCookies { diff --git a/internal/session/auth.go b/internal/session/auth.go index b49da1e2..d875dc64 100644 --- a/internal/session/auth.go +++ b/internal/session/auth.go @@ -2,57 +2,45 @@ package session import ( "fmt" + "strings" "net/http" "demodesk/neko/internal/types" ) -func (manager *SessionManagerCtx) AuthenticateRequest(r *http.Request) (types.Session, error) { - id, secret, ok := getAuthData(r) +func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session, error) { + token, ok := getToken(r) if !ok { return nil, fmt.Errorf("no authentication provided") } - return manager.Authenticate(id, secret) -} - -func (manager *SessionManagerCtx) Authenticate(id string, secret string) (types.Session, error) { - session, ok := manager.Get(id) + session, ok := manager.Get(token) if !ok { - return nil, fmt.Errorf("member not found") - } - - if !session.VerifySecret(secret) { - return nil, fmt.Errorf("invalid password provided") - } - - if !session.CanLogin() { - return nil, fmt.Errorf("login disabled") + return nil, fmt.Errorf("session not found") } return session, nil } -func getAuthData(r *http.Request) (string, string, bool) { - // get from Cookies - cid, err1 := r.Cookie("neko-id") - csecret, err2 := r.Cookie("neko-secret") - if err1 == nil && err2 == nil { - return cid.Value, csecret.Value, true +func getToken(r *http.Request) (string, bool) { + // get from Cookie + cookie, err := r.Cookie("neko-token") + if err == nil { + return cookie.Value, true } - // get from BasicAuth - id, secret, ok := r.BasicAuth() - if ok { - return id, secret, true + // get from Header + reqToken := r.Header.Get("Authorization") + splitToken := strings.Split(reqToken, "Bearer ") + if len(splitToken) == 2 { + return strings.TrimSpace(splitToken[1]), true } - // get from QueryParams - id = r.URL.Query().Get("id") - secret = r.URL.Query().Get("secret") - if id != "" && secret != "" { - return id, secret, true + // get from URL + token := r.URL.Query().Get("token") + if token != "" { + return token, true } - return "", "", false + return "", false } diff --git a/internal/websocket/manager.go b/internal/websocket/manager.go index 7b4418e6..613dd34e 100644 --- a/internal/websocket/manager.go +++ b/internal/websocket/manager.go @@ -138,7 +138,7 @@ func (manager *WebSocketManagerCtx) Upgrade(w http.ResponseWriter, r *http.Reque return err } - session, err := manager.sessions.AuthenticateRequest(r) + session, err := manager.sessions.Authenticate(r) if err != nil { manager.logger.Warn().Err(err).Msg("authentication failed")