Grooming.
parent
c2503637f3
commit
16fa2271f6
24
src/authd.cr
24
src/authd.cr
|
@ -96,17 +96,13 @@ class AuthD::Response
|
|||
]
|
||||
{% end %}
|
||||
|
||||
def self.from_ipc(message : IPC::Message)
|
||||
def self.from_ipc(message : IPC::Message) : Response?
|
||||
payload = String.new message.payload
|
||||
type = Type.new message.type.to_i
|
||||
|
||||
begin
|
||||
request = requests.find(&.type.==(type)).try &.from_json(payload)
|
||||
rescue e : JSON::ParseException
|
||||
raise Exception.new "malformed request"
|
||||
end
|
||||
|
||||
request
|
||||
requests.find(&.type.==(type)).try &.from_json(payload)
|
||||
rescue e : JSON::ParseException
|
||||
raise Exception.new "malformed request"
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -218,17 +214,13 @@ class AuthD::Request
|
|||
]
|
||||
{% end %}
|
||||
|
||||
def self.from_ipc(message : IPC::Message)
|
||||
def self.from_ipc(message : IPC::Message) : Request?
|
||||
payload = String.new message.payload
|
||||
type = Type.new message.type.to_i
|
||||
|
||||
begin
|
||||
request = requests.find(&.type.==(type)).try &.from_json(payload)
|
||||
rescue e : JSON::ParseException
|
||||
raise Exception.new "misformed request"
|
||||
end
|
||||
|
||||
request
|
||||
requests.find(&.type.==(type)).try &.from_json(payload)
|
||||
rescue e : JSON::ParseException
|
||||
raise Exception.new "malformed request"
|
||||
end
|
||||
end
|
||||
|
||||
|
|
155
src/main.cr
155
src/main.cr
|
@ -10,9 +10,86 @@ require "./authd.cr"
|
|||
|
||||
extend AuthD
|
||||
|
||||
class IPC::Connection
|
||||
def send(type : AuthD::Response::Type, payload : String)
|
||||
send type.to_u8, payload
|
||||
class AuthD::Service
|
||||
def initialize(@passwd : Passwd, @jwt_key : String)
|
||||
end
|
||||
|
||||
def handle_request(request : AuthD::Request?, connection : IPC::Connection)
|
||||
case request
|
||||
when Request::GetToken
|
||||
user = @passwd.get_user request.login, request.password
|
||||
|
||||
if user.nil?
|
||||
return Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
token = JWT.encode user.to_h, @jwt_key, JWT::Algorithm::HS256
|
||||
|
||||
Response::Token.new token
|
||||
when Request::AddUser
|
||||
if request.shared_key != @jwt_key
|
||||
return Response::Error.new "invalid authentication key"
|
||||
end
|
||||
|
||||
if @passwd.user_exists? request.login
|
||||
return Response::Error.new "login already used"
|
||||
end
|
||||
|
||||
user = @passwd.add_user request.login, request.password
|
||||
|
||||
Response::UserAdded.new user
|
||||
when Request::GetUserByCredentials
|
||||
user = @passwd.get_user request.login, request.password
|
||||
|
||||
if user
|
||||
Response::User.new user
|
||||
else
|
||||
Response::Error.new "user not found"
|
||||
end
|
||||
when Request::GetUser
|
||||
user = @passwd.get_user request.uid
|
||||
|
||||
if user
|
||||
Response::User.new user
|
||||
else
|
||||
Response::Error.new "user not found"
|
||||
end
|
||||
when Request::ModUser
|
||||
if request.shared_key != @jwt_key
|
||||
return Response::Error.new "invalid authentication key"
|
||||
end
|
||||
|
||||
password_hash = request.password.try do |s|
|
||||
Passwd.hash_password s
|
||||
end
|
||||
|
||||
@passwd.mod_user request.uid, password_hash: password_hash
|
||||
|
||||
Response::UserEdited.new request.uid
|
||||
else
|
||||
Response::Error.new "unhandled request type"
|
||||
end
|
||||
end
|
||||
|
||||
def run
|
||||
##
|
||||
# Provides a JWT-based authentication scheme for service-specific users.
|
||||
IPC::Service.new "auth" do |event|
|
||||
if event.is_a? IPC::Exception
|
||||
puts "oh no"
|
||||
pp! event
|
||||
next
|
||||
end
|
||||
|
||||
case event
|
||||
when IPC::Event::Message
|
||||
request = Request.from_ipc event.message
|
||||
|
||||
response = handle_request request, event.connection
|
||||
|
||||
event.connection.send response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -42,75 +119,5 @@ end
|
|||
|
||||
passwd = Passwd.new authd_passwd_file, authd_group_file
|
||||
|
||||
##
|
||||
# Provides a JWT-based authentication scheme for service-specific users.
|
||||
IPC::Service.new "auth" do |event|
|
||||
if event.is_a? IPC::Exception
|
||||
puts "oh no"
|
||||
pp! event
|
||||
next
|
||||
end
|
||||
|
||||
case event
|
||||
when IPC::Event::Message
|
||||
request = Request.from_ipc event.message
|
||||
|
||||
response = case request
|
||||
when Request::GetToken
|
||||
user = passwd.get_user request.login, request.password
|
||||
|
||||
if user.nil?
|
||||
next Response::Error.new "invalid credentials"
|
||||
end
|
||||
|
||||
token = JWT.encode user.to_h, authd_jwt_key, JWT::Algorithm::HS256
|
||||
|
||||
Response::Token.new token
|
||||
when Request::AddUser
|
||||
if request.shared_key != authd_jwt_key
|
||||
next Response::Error.new "invalid authentication key"
|
||||
end
|
||||
|
||||
if passwd.user_exists? request.login
|
||||
next Response::Error.new "login already used"
|
||||
end
|
||||
|
||||
user = passwd.add_user request.login, request.password
|
||||
|
||||
Response::UserAdded.new user
|
||||
when Request::GetUserByCredentials
|
||||
user = passwd.get_user request.login, request.password
|
||||
|
||||
if user
|
||||
Response::User.new user
|
||||
else
|
||||
Response::Error.new "user not found"
|
||||
end
|
||||
when Request::GetUser
|
||||
user = passwd.get_user request.uid
|
||||
|
||||
if user
|
||||
Response::User.new user
|
||||
else
|
||||
Response::Error.new "user not found"
|
||||
end
|
||||
when Request::ModUser
|
||||
if request.shared_key != authd_jwt_key
|
||||
next Response::Error.new "invalid authentication key"
|
||||
end
|
||||
|
||||
password_hash = request.password.try do |s|
|
||||
Passwd.hash_password s
|
||||
end
|
||||
|
||||
passwd.mod_user request.uid, password_hash: password_hash
|
||||
|
||||
Response::UserEdited.new request.uid
|
||||
else
|
||||
Response::Error.new "unhandled request type"
|
||||
end
|
||||
|
||||
event.connection.send response
|
||||
end
|
||||
end
|
||||
AuthD::Service.new(passwd, authd_jwt_key).run
|
||||
|
||||
|
|
Loading…
Reference in New Issue