From a5247fd9f08fca90d9ee0f64a8afdb180ce4c0f7 Mon Sep 17 00:00:00 2001
From: Luka Vandervelden <lukc@upyum.com>
Date: Thu, 10 Oct 2019 20:58:44 +0200
Subject: [PATCH] Imposed authentication on a few requests.

---
 src/authd.cr |  9 +++++++++
 src/main.cr  | 12 +++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/authd.cr b/src/authd.cr
index b5ad647..083f248 100644
--- a/src/authd.cr
+++ b/src/authd.cr
@@ -21,6 +21,7 @@ module AuthD
 		InvalidCredentials
 		InvalidUser
 		UserNotFound # For UID-based GetUser requests.
+		AuthenticationError
 	end
 
 	class GetTokenRequest
@@ -33,6 +34,10 @@ module AuthD
 
 	class AddUserRequest
 		JSON.mapping({
+			# Only clients that have the right shared key will be allowed
+			# to create users.
+			shared_key: String,
+
 			login: String,
 			password: String,
 			uid: Int32?,
@@ -57,6 +62,8 @@ module AuthD
 
 	class ModUserRequest
 		JSON.mapping({
+			shared_key: String,
+
 			uid: Int32,
 			password: String?,
 			avatar: String?
@@ -129,6 +136,7 @@ module AuthD
 		# FIXME: Extra options may be useful to implement here.
 		def add_user(login : String, password : String) : AuthD::User | Exception
 			send RequestTypes::AddUser, {
+				:shared_key => @key,
 				:login => login,
 				:password => password
 			}.to_json
@@ -147,6 +155,7 @@ module AuthD
 		def mod_user(uid : Int32, password : String? = nil, avatar : String? = nil) : Bool | Exception
 			payload = Hash(String, String|Int32).new
 			payload["uid"] = uid
+			payload["shared_key"] = @key
 
 			password.try do |password|
 				payload["password"] = password
diff --git a/src/main.cr b/src/main.cr
index d0a99c8..8285efc 100644
--- a/src/main.cr
+++ b/src/main.cr
@@ -21,7 +21,7 @@ authd_passwd_file = "passwd"
 authd_group_file = "group"
 authd_jwt_key = "nico-nico-nii"
 
-OptionParser.parse! do |parser|
+OptionParser.parse do |parser|
 	parser.on "-u file", "--passwd-file file", "passwd file." do |name|
 		authd_passwd_file = name
 	end
@@ -88,6 +88,11 @@ IPC::Service.new "auth" do |event|
 				next
 			end
 
+			if request.shared_key != authd_jwt_key
+				client.send ResponseTypes::AuthenticationError, "Invalid authentication key."
+				next
+			end
+
 			if passwd.user_exists? request.login
 				client.send ResponseTypes::InvalidUser, "Another user with the same login already exists."
 
@@ -135,6 +140,11 @@ IPC::Service.new "auth" do |event|
 				next
 			end
 
+			if request.shared_key != authd_jwt_key
+				client.send ResponseTypes::AuthenticationError, "Invalid authentication key."
+				next
+			end
+
 			password_hash = request.password.try do |s|
 				Passwd.hash_password s
 			end