Imposed authentication on a few requests.
parent
e956d36260
commit
a5247fd9f0
|
@ -21,6 +21,7 @@ module AuthD
|
||||||
InvalidCredentials
|
InvalidCredentials
|
||||||
InvalidUser
|
InvalidUser
|
||||||
UserNotFound # For UID-based GetUser requests.
|
UserNotFound # For UID-based GetUser requests.
|
||||||
|
AuthenticationError
|
||||||
end
|
end
|
||||||
|
|
||||||
class GetTokenRequest
|
class GetTokenRequest
|
||||||
|
@ -33,6 +34,10 @@ module AuthD
|
||||||
|
|
||||||
class AddUserRequest
|
class AddUserRequest
|
||||||
JSON.mapping({
|
JSON.mapping({
|
||||||
|
# Only clients that have the right shared key will be allowed
|
||||||
|
# to create users.
|
||||||
|
shared_key: String,
|
||||||
|
|
||||||
login: String,
|
login: String,
|
||||||
password: String,
|
password: String,
|
||||||
uid: Int32?,
|
uid: Int32?,
|
||||||
|
@ -57,6 +62,8 @@ module AuthD
|
||||||
|
|
||||||
class ModUserRequest
|
class ModUserRequest
|
||||||
JSON.mapping({
|
JSON.mapping({
|
||||||
|
shared_key: String,
|
||||||
|
|
||||||
uid: Int32,
|
uid: Int32,
|
||||||
password: String?,
|
password: String?,
|
||||||
avatar: String?
|
avatar: String?
|
||||||
|
@ -129,6 +136,7 @@ module AuthD
|
||||||
# FIXME: Extra options may be useful to implement here.
|
# FIXME: Extra options may be useful to implement here.
|
||||||
def add_user(login : String, password : String) : AuthD::User | Exception
|
def add_user(login : String, password : String) : AuthD::User | Exception
|
||||||
send RequestTypes::AddUser, {
|
send RequestTypes::AddUser, {
|
||||||
|
:shared_key => @key,
|
||||||
:login => login,
|
:login => login,
|
||||||
:password => password
|
:password => password
|
||||||
}.to_json
|
}.to_json
|
||||||
|
@ -147,6 +155,7 @@ module AuthD
|
||||||
def mod_user(uid : Int32, password : String? = nil, avatar : String? = nil) : Bool | Exception
|
def mod_user(uid : Int32, password : String? = nil, avatar : String? = nil) : Bool | Exception
|
||||||
payload = Hash(String, String|Int32).new
|
payload = Hash(String, String|Int32).new
|
||||||
payload["uid"] = uid
|
payload["uid"] = uid
|
||||||
|
payload["shared_key"] = @key
|
||||||
|
|
||||||
password.try do |password|
|
password.try do |password|
|
||||||
payload["password"] = password
|
payload["password"] = password
|
||||||
|
|
12
src/main.cr
12
src/main.cr
|
@ -21,7 +21,7 @@ authd_passwd_file = "passwd"
|
||||||
authd_group_file = "group"
|
authd_group_file = "group"
|
||||||
authd_jwt_key = "nico-nico-nii"
|
authd_jwt_key = "nico-nico-nii"
|
||||||
|
|
||||||
OptionParser.parse! do |parser|
|
OptionParser.parse do |parser|
|
||||||
parser.on "-u file", "--passwd-file file", "passwd file." do |name|
|
parser.on "-u file", "--passwd-file file", "passwd file." do |name|
|
||||||
authd_passwd_file = name
|
authd_passwd_file = name
|
||||||
end
|
end
|
||||||
|
@ -88,6 +88,11 @@ IPC::Service.new "auth" do |event|
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if request.shared_key != authd_jwt_key
|
||||||
|
client.send ResponseTypes::AuthenticationError, "Invalid authentication key."
|
||||||
|
next
|
||||||
|
end
|
||||||
|
|
||||||
if passwd.user_exists? request.login
|
if passwd.user_exists? request.login
|
||||||
client.send ResponseTypes::InvalidUser, "Another user with the same login already exists."
|
client.send ResponseTypes::InvalidUser, "Another user with the same login already exists."
|
||||||
|
|
||||||
|
@ -135,6 +140,11 @@ IPC::Service.new "auth" do |event|
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if request.shared_key != authd_jwt_key
|
||||||
|
client.send ResponseTypes::AuthenticationError, "Invalid authentication key."
|
||||||
|
next
|
||||||
|
end
|
||||||
|
|
||||||
password_hash = request.password.try do |s|
|
password_hash = request.password.try do |s|
|
||||||
Passwd.hash_password s
|
Passwd.hash_password s
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue