iridium/neko
2
2
Fork 0
mirror of https://github.com/m1k1o/neko.git synced 2024-07-24 14:40:50 +12:00
Code Issues Packages Projects Releases Wiki Activity

refactor authenticate to use Token.

Browse Source
This commit is contained in:
Miroslav Šedivý 2021-03-13 20:42:56 +01:00
parent 6b638db825
commit 58b00525cc
4 changed files with 27 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/router.go
View File

@ -59,7 +59,7 @@ func (api *ApiManagerCtx) Route(r chi.Router) {
func (api *ApiManagerCtx) Authenticate(next http.Handler) http.Handler { func (api *ApiManagerCtx) Authenticate(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session, err := api.sessions.AuthenticateRequest(r) session, err := api.sessions.Authenticate(r)
if err != nil { if err != nil {
utils.HttpUnauthorized(w, err) utils.HttpUnauthorized(w, err)
} else { } else {

9
internal/api/session.go
View File

@ -30,11 +30,12 @@ func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) {
return return
} }
session, err := api.sessions.Authenticate(data.ID, data.Secret) // TODO: Proper login.
if err != nil { //session, err := api.sessions.Authenticate(data.ID, data.Secret)
utils.HttpUnauthorized(w, err) //if err != nil {
utils.HttpUnauthorized(w, "no authentication implemented")
return return
} //}
sameSite := http.SameSiteNoneMode sameSite := http.SameSiteNoneMode
if UnsecureCookies { if UnsecureCookies {

52
internal/session/auth.go
View File

@ -2,57 +2,45 @@ package session
import ( import (
"fmt" "fmt"
"strings"
"net/http" "net/http"
"demodesk/neko/internal/types" "demodesk/neko/internal/types"
) )
func (manager *SessionManagerCtx) AuthenticateRequest(r *http.Request) (types.Session, error) { func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session, error) {
id, secret, ok := getAuthData(r) token, ok := getToken(r)
if !ok { if !ok {
return nil, fmt.Errorf("no authentication provided") return nil, fmt.Errorf("no authentication provided")
} }
return manager.Authenticate(id, secret) session, ok := manager.Get(token)
}
func (manager *SessionManagerCtx) Authenticate(id string, secret string) (types.Session, error) {
session, ok := manager.Get(id)
if !ok { if !ok {
return nil, fmt.Errorf("member not found") return nil, fmt.Errorf("session not found")
}
if !session.VerifySecret(secret) {
return nil, fmt.Errorf("invalid password provided")
}
if !session.CanLogin() {
return nil, fmt.Errorf("login disabled")
} }
return session, nil return session, nil
} }
func getAuthData(r *http.Request) (string, string, bool) { func getToken(r *http.Request) (string, bool) {
// get from Cookies // get from Cookie
cid, err1 := r.Cookie("neko-id") cookie, err := r.Cookie("neko-token")
csecret, err2 := r.Cookie("neko-secret") if err == nil {
if err1 == nil && err2 == nil { return cookie.Value, true
return cid.Value, csecret.Value, true
} }
// get from BasicAuth // get from Header
id, secret, ok := r.BasicAuth() reqToken := r.Header.Get("Authorization")
if ok { splitToken := strings.Split(reqToken, "Bearer ")
return id, secret, true if len(splitToken) == 2 {
return strings.TrimSpace(splitToken[1]), true
} }
// get from QueryParams // get from URL
id = r.URL.Query().Get("id") token := r.URL.Query().Get("token")
secret = r.URL.Query().Get("secret") if token != "" {
if id != "" && secret != "" { return token, true
return id, secret, true
} }
return "", "", false return "", false
} }

2
internal/websocket/manager.go
View File

@ -138,7 +138,7 @@ func (manager *WebSocketManagerCtx) Upgrade(w http.ResponseWriter, r *http.Reque
return err return err
} }
session, err := manager.sessions.AuthenticateRequest(r) session, err := manager.sessions.Authenticate(r)
if err != nil { if err != nil {
manager.logger.Warn().Err(err).Msg("authentication failed") manager.logger.Warn().Err(err).Msg("authentication failed")