2018-09-22 19:08:28 +02:00
|
|
|
require "uuid"
|
2018-11-12 18:51:21 +01:00
|
|
|
require "option_parser"
|
2018-09-22 19:08:28 +02:00
|
|
|
|
|
|
|
|
require "jwt"
|
|
|
|
|
|
|
|
|
|
require "pg"
|
|
|
|
|
require "crecto"
|
|
|
|
|
|
2018-11-12 18:51:21 +01:00
|
|
|
require "ipc"
|
|
|
|
|
|
|
|
|
|
require "./authd.cr"
|
2018-12-17 00:56:03 +01:00
|
|
|
require "./passwd.cr"
|
2018-11-12 18:51:21 +01:00
|
|
|
|
|
|
|
|
extend AuthD
|
2018-09-22 21:23:50 +02:00
|
|
|
|
2018-12-19 13:54:19 +01:00
|
|
|
class IPC::RemoteClient
|
|
|
|
|
def send(type : ResponseTypes, payload : String)
|
|
|
|
|
send type.value.to_u8, payload
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2018-12-17 00:56:03 +01:00
|
|
|
authd_passwd_file = "passwd"
|
|
|
|
|
authd_group_file = "group"
|
2018-09-22 19:46:48 +02:00
|
|
|
authd_jwt_key = "nico-nico-nii"
|
2018-09-22 19:08:28 +02:00
|
|
|
|
2018-11-12 18:51:21 +01:00
|
|
|
OptionParser.parse! do |parser|
|
2018-12-17 00:56:03 +01:00
|
|
|
parser.on "-u file", "--passwd-file file", "passwd file." do |name|
|
|
|
|
|
authd_passwd_file = name
|
2018-09-22 19:08:28 +02:00
|
|
|
end
|
|
|
|
|
|
2018-12-17 00:56:03 +01:00
|
|
|
parser.on "-g file", "--group-file file", "group file." do |name|
|
|
|
|
|
authd_group_file = name
|
2018-09-22 19:46:48 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
parser.on "-K file", "--key-file file", "JWT key file" do |file_name|
|
2018-09-24 22:10:24 +02:00
|
|
|
authd_jwt_key = File.read(file_name).chomp
|
2018-09-22 19:08:28 +02:00
|
|
|
end
|
|
|
|
|
|
2018-11-12 18:51:21 +01:00
|
|
|
parser.on "-h", "--help", "Show this help" do
|
|
|
|
|
puts parser
|
2018-09-22 19:08:28 +02:00
|
|
|
|
2018-11-12 18:51:21 +01:00
|
|
|
exit 0
|
2018-09-22 19:08:28 +02:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2018-12-17 00:56:03 +01:00
|
|
|
passwd = Passwd.new authd_passwd_file, authd_group_file
|
2018-11-12 18:51:21 +01:00
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Provides a JWT-based authentication scheme for service-specific users.
|
|
|
|
|
IPC::Service.new "auth" do |event|
|
|
|
|
|
client = event.client
|
|
|
|
|
|
|
|
|
|
case event
|
|
|
|
|
when IPC::Event::Message
|
|
|
|
|
message = event.message
|
|
|
|
|
payload = message.payload
|
|
|
|
|
|
|
|
|
|
case RequestTypes.new message.type.to_i
|
|
|
|
|
when RequestTypes::GET_TOKEN
|
|
|
|
|
begin
|
|
|
|
|
request = GetTokenRequest.from_json payload
|
|
|
|
|
rescue e
|
|
|
|
|
client.send ResponseTypes::MALFORMED_REQUEST.value.to_u8, e.message || ""
|
|
|
|
|
|
|
|
|
|
next
|
|
|
|
|
end
|
|
|
|
|
|
2018-12-17 04:39:01 +01:00
|
|
|
user = passwd.get_user request.login, request.password
|
2018-11-12 18:51:21 +01:00
|
|
|
|
|
|
|
|
if user.nil?
|
|
|
|
|
client.send ResponseTypes::INVALID_CREDENTIALS.value.to_u8, ""
|
|
|
|
|
|
|
|
|
|
next
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
client.send ResponseTypes::OK.value.to_u8,
|
|
|
|
|
JWT.encode user.to_h, authd_jwt_key, "HS256"
|
2018-12-19 13:54:19 +01:00
|
|
|
when RequestTypes::ADD_USER
|
|
|
|
|
begin
|
|
|
|
|
request = AddUserRequest.from_json payload
|
|
|
|
|
rescue e
|
|
|
|
|
client.send ResponseTypes::MALFORMED_REQUEST.value.to_u8, e.message || ""
|
|
|
|
|
|
|
|
|
|
next
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if passwd.user_exists? request.login
|
|
|
|
|
client.send ResponseTypes::INVALID_USER, "Another user with the same login already exists."
|
|
|
|
|
|
|
|
|
|
next
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = passwd.add_user request.login, request.password
|
|
|
|
|
|
|
|
|
|
client.send ResponseTypes::OK, user.to_json
|
2018-11-12 18:51:21 +01:00
|
|
|
end
|
2018-09-23 16:17:48 +02:00
|
|
|
end
|
2018-09-22 19:08:28 +02:00
|
|
|
end
|
2018-11-12 18:51:21 +01:00
|
|
|
|
