Grooming.

ipc07
Luka Vandervelden 2019-11-23 01:08:05 +01:00
parent c2503637f3
commit 16fa2271f6
2 changed files with 89 additions and 90 deletions

View File

@ -96,17 +96,13 @@ class AuthD::Response
] ]
{% end %} {% end %}
def self.from_ipc(message : IPC::Message) def self.from_ipc(message : IPC::Message) : Response?
payload = String.new message.payload payload = String.new message.payload
type = Type.new message.type.to_i type = Type.new message.type.to_i
begin requests.find(&.type.==(type)).try &.from_json(payload)
request = requests.find(&.type.==(type)).try &.from_json(payload) rescue e : JSON::ParseException
rescue e : JSON::ParseException raise Exception.new "malformed request"
raise Exception.new "malformed request"
end
request
end end
end end
@ -218,17 +214,13 @@ class AuthD::Request
] ]
{% end %} {% end %}
def self.from_ipc(message : IPC::Message) def self.from_ipc(message : IPC::Message) : Request?
payload = String.new message.payload payload = String.new message.payload
type = Type.new message.type.to_i type = Type.new message.type.to_i
begin requests.find(&.type.==(type)).try &.from_json(payload)
request = requests.find(&.type.==(type)).try &.from_json(payload) rescue e : JSON::ParseException
rescue e : JSON::ParseException raise Exception.new "malformed request"
raise Exception.new "misformed request"
end
request
end end
end end

View File

@ -10,9 +10,86 @@ require "./authd.cr"
extend AuthD extend AuthD
class IPC::Connection class AuthD::Service
def send(type : AuthD::Response::Type, payload : String) def initialize(@passwd : Passwd, @jwt_key : String)
send type.to_u8, payload end
def handle_request(request : AuthD::Request?, connection : IPC::Connection)
case request
when Request::GetToken
user = @passwd.get_user request.login, request.password
if user.nil?
return Response::Error.new "invalid credentials"
end
token = JWT.encode user.to_h, @jwt_key, JWT::Algorithm::HS256
Response::Token.new token
when Request::AddUser
if request.shared_key != @jwt_key
return Response::Error.new "invalid authentication key"
end
if @passwd.user_exists? request.login
return Response::Error.new "login already used"
end
user = @passwd.add_user request.login, request.password
Response::UserAdded.new user
when Request::GetUserByCredentials
user = @passwd.get_user request.login, request.password
if user
Response::User.new user
else
Response::Error.new "user not found"
end
when Request::GetUser
user = @passwd.get_user request.uid
if user
Response::User.new user
else
Response::Error.new "user not found"
end
when Request::ModUser
if request.shared_key != @jwt_key
return Response::Error.new "invalid authentication key"
end
password_hash = request.password.try do |s|
Passwd.hash_password s
end
@passwd.mod_user request.uid, password_hash: password_hash
Response::UserEdited.new request.uid
else
Response::Error.new "unhandled request type"
end
end
def run
##
# Provides a JWT-based authentication scheme for service-specific users.
IPC::Service.new "auth" do |event|
if event.is_a? IPC::Exception
puts "oh no"
pp! event
next
end
case event
when IPC::Event::Message
request = Request.from_ipc event.message
response = handle_request request, event.connection
event.connection.send response
end
end
end end
end end
@ -42,75 +119,5 @@ end
passwd = Passwd.new authd_passwd_file, authd_group_file passwd = Passwd.new authd_passwd_file, authd_group_file
## AuthD::Service.new(passwd, authd_jwt_key).run
# Provides a JWT-based authentication scheme for service-specific users.
IPC::Service.new "auth" do |event|
if event.is_a? IPC::Exception
puts "oh no"
pp! event
next
end
case event
when IPC::Event::Message
request = Request.from_ipc event.message
response = case request
when Request::GetToken
user = passwd.get_user request.login, request.password
if user.nil?
next Response::Error.new "invalid credentials"
end
token = JWT.encode user.to_h, authd_jwt_key, JWT::Algorithm::HS256
Response::Token.new token
when Request::AddUser
if request.shared_key != authd_jwt_key
next Response::Error.new "invalid authentication key"
end
if passwd.user_exists? request.login
next Response::Error.new "login already used"
end
user = passwd.add_user request.login, request.password
Response::UserAdded.new user
when Request::GetUserByCredentials
user = passwd.get_user request.login, request.password
if user
Response::User.new user
else
Response::Error.new "user not found"
end
when Request::GetUser
user = passwd.get_user request.uid
if user
Response::User.new user
else
Response::Error.new "user not found"
end
when Request::ModUser
if request.shared_key != authd_jwt_key
next Response::Error.new "invalid authentication key"
end
password_hash = request.password.try do |s|
Passwd.hash_password s
end
passwd.mod_user request.uid, password_hash: password_hash
Response::UserEdited.new request.uid
else
Response::Error.new "unhandled request type"
end
event.connection.send response
end
end