Grooming.
parent
c2503637f3
commit
16fa2271f6
18
src/authd.cr
18
src/authd.cr
|
@ -96,18 +96,14 @@ class AuthD::Response
|
||||||
]
|
]
|
||||||
{% end %}
|
{% end %}
|
||||||
|
|
||||||
def self.from_ipc(message : IPC::Message)
|
def self.from_ipc(message : IPC::Message) : Response?
|
||||||
payload = String.new message.payload
|
payload = String.new message.payload
|
||||||
type = Type.new message.type.to_i
|
type = Type.new message.type.to_i
|
||||||
|
|
||||||
begin
|
requests.find(&.type.==(type)).try &.from_json(payload)
|
||||||
request = requests.find(&.type.==(type)).try &.from_json(payload)
|
|
||||||
rescue e : JSON::ParseException
|
rescue e : JSON::ParseException
|
||||||
raise Exception.new "malformed request"
|
raise Exception.new "malformed request"
|
||||||
end
|
end
|
||||||
|
|
||||||
request
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
class IPC::Connection
|
class IPC::Connection
|
||||||
|
@ -218,17 +214,13 @@ class AuthD::Request
|
||||||
]
|
]
|
||||||
{% end %}
|
{% end %}
|
||||||
|
|
||||||
def self.from_ipc(message : IPC::Message)
|
def self.from_ipc(message : IPC::Message) : Request?
|
||||||
payload = String.new message.payload
|
payload = String.new message.payload
|
||||||
type = Type.new message.type.to_i
|
type = Type.new message.type.to_i
|
||||||
|
|
||||||
begin
|
requests.find(&.type.==(type)).try &.from_json(payload)
|
||||||
request = requests.find(&.type.==(type)).try &.from_json(payload)
|
|
||||||
rescue e : JSON::ParseException
|
rescue e : JSON::ParseException
|
||||||
raise Exception.new "misformed request"
|
raise Exception.new "malformed request"
|
||||||
end
|
|
||||||
|
|
||||||
request
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
155
src/main.cr
155
src/main.cr
|
@ -10,9 +10,86 @@ require "./authd.cr"
|
||||||
|
|
||||||
extend AuthD
|
extend AuthD
|
||||||
|
|
||||||
class IPC::Connection
|
class AuthD::Service
|
||||||
def send(type : AuthD::Response::Type, payload : String)
|
def initialize(@passwd : Passwd, @jwt_key : String)
|
||||||
send type.to_u8, payload
|
end
|
||||||
|
|
||||||
|
def handle_request(request : AuthD::Request?, connection : IPC::Connection)
|
||||||
|
case request
|
||||||
|
when Request::GetToken
|
||||||
|
user = @passwd.get_user request.login, request.password
|
||||||
|
|
||||||
|
if user.nil?
|
||||||
|
return Response::Error.new "invalid credentials"
|
||||||
|
end
|
||||||
|
|
||||||
|
token = JWT.encode user.to_h, @jwt_key, JWT::Algorithm::HS256
|
||||||
|
|
||||||
|
Response::Token.new token
|
||||||
|
when Request::AddUser
|
||||||
|
if request.shared_key != @jwt_key
|
||||||
|
return Response::Error.new "invalid authentication key"
|
||||||
|
end
|
||||||
|
|
||||||
|
if @passwd.user_exists? request.login
|
||||||
|
return Response::Error.new "login already used"
|
||||||
|
end
|
||||||
|
|
||||||
|
user = @passwd.add_user request.login, request.password
|
||||||
|
|
||||||
|
Response::UserAdded.new user
|
||||||
|
when Request::GetUserByCredentials
|
||||||
|
user = @passwd.get_user request.login, request.password
|
||||||
|
|
||||||
|
if user
|
||||||
|
Response::User.new user
|
||||||
|
else
|
||||||
|
Response::Error.new "user not found"
|
||||||
|
end
|
||||||
|
when Request::GetUser
|
||||||
|
user = @passwd.get_user request.uid
|
||||||
|
|
||||||
|
if user
|
||||||
|
Response::User.new user
|
||||||
|
else
|
||||||
|
Response::Error.new "user not found"
|
||||||
|
end
|
||||||
|
when Request::ModUser
|
||||||
|
if request.shared_key != @jwt_key
|
||||||
|
return Response::Error.new "invalid authentication key"
|
||||||
|
end
|
||||||
|
|
||||||
|
password_hash = request.password.try do |s|
|
||||||
|
Passwd.hash_password s
|
||||||
|
end
|
||||||
|
|
||||||
|
@passwd.mod_user request.uid, password_hash: password_hash
|
||||||
|
|
||||||
|
Response::UserEdited.new request.uid
|
||||||
|
else
|
||||||
|
Response::Error.new "unhandled request type"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def run
|
||||||
|
##
|
||||||
|
# Provides a JWT-based authentication scheme for service-specific users.
|
||||||
|
IPC::Service.new "auth" do |event|
|
||||||
|
if event.is_a? IPC::Exception
|
||||||
|
puts "oh no"
|
||||||
|
pp! event
|
||||||
|
next
|
||||||
|
end
|
||||||
|
|
||||||
|
case event
|
||||||
|
when IPC::Event::Message
|
||||||
|
request = Request.from_ipc event.message
|
||||||
|
|
||||||
|
response = handle_request request, event.connection
|
||||||
|
|
||||||
|
event.connection.send response
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -42,75 +119,5 @@ end
|
||||||
|
|
||||||
passwd = Passwd.new authd_passwd_file, authd_group_file
|
passwd = Passwd.new authd_passwd_file, authd_group_file
|
||||||
|
|
||||||
##
|
AuthD::Service.new(passwd, authd_jwt_key).run
|
||||||
# Provides a JWT-based authentication scheme for service-specific users.
|
|
||||||
IPC::Service.new "auth" do |event|
|
|
||||||
if event.is_a? IPC::Exception
|
|
||||||
puts "oh no"
|
|
||||||
pp! event
|
|
||||||
next
|
|
||||||
end
|
|
||||||
|
|
||||||
case event
|
|
||||||
when IPC::Event::Message
|
|
||||||
request = Request.from_ipc event.message
|
|
||||||
|
|
||||||
response = case request
|
|
||||||
when Request::GetToken
|
|
||||||
user = passwd.get_user request.login, request.password
|
|
||||||
|
|
||||||
if user.nil?
|
|
||||||
next Response::Error.new "invalid credentials"
|
|
||||||
end
|
|
||||||
|
|
||||||
token = JWT.encode user.to_h, authd_jwt_key, JWT::Algorithm::HS256
|
|
||||||
|
|
||||||
Response::Token.new token
|
|
||||||
when Request::AddUser
|
|
||||||
if request.shared_key != authd_jwt_key
|
|
||||||
next Response::Error.new "invalid authentication key"
|
|
||||||
end
|
|
||||||
|
|
||||||
if passwd.user_exists? request.login
|
|
||||||
next Response::Error.new "login already used"
|
|
||||||
end
|
|
||||||
|
|
||||||
user = passwd.add_user request.login, request.password
|
|
||||||
|
|
||||||
Response::UserAdded.new user
|
|
||||||
when Request::GetUserByCredentials
|
|
||||||
user = passwd.get_user request.login, request.password
|
|
||||||
|
|
||||||
if user
|
|
||||||
Response::User.new user
|
|
||||||
else
|
|
||||||
Response::Error.new "user not found"
|
|
||||||
end
|
|
||||||
when Request::GetUser
|
|
||||||
user = passwd.get_user request.uid
|
|
||||||
|
|
||||||
if user
|
|
||||||
Response::User.new user
|
|
||||||
else
|
|
||||||
Response::Error.new "user not found"
|
|
||||||
end
|
|
||||||
when Request::ModUser
|
|
||||||
if request.shared_key != authd_jwt_key
|
|
||||||
next Response::Error.new "invalid authentication key"
|
|
||||||
end
|
|
||||||
|
|
||||||
password_hash = request.password.try do |s|
|
|
||||||
Passwd.hash_password s
|
|
||||||
end
|
|
||||||
|
|
||||||
passwd.mod_user request.uid, password_hash: password_hash
|
|
||||||
|
|
||||||
Response::UserEdited.new request.uid
|
|
||||||
else
|
|
||||||
Response::Error.new "unhandled request type"
|
|
||||||
end
|
|
||||||
|
|
||||||
event.connection.send response
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue