Merge branch 'master' of ssh://git.baguette.netlib.re:2299/Baguette/authd
This commit is contained in:
commit
b69afedbd2
19
src/authd.cr
19
src/authd.cr
@ -1,11 +1,26 @@
|
||||
require "json"
|
||||
|
||||
require "jwt"
|
||||
|
||||
require "ipc"
|
||||
|
||||
require "baguette-crystal-base"
|
||||
require "./user.cr"
|
||||
|
||||
# Allows get configuration from a provided file.
|
||||
# See Baguette::Configuration::Base.get
|
||||
class Baguette::Configuration
|
||||
class Auth < Base
|
||||
include YAML::Serializable
|
||||
|
||||
property login : String? = nil
|
||||
property pass : String? = nil
|
||||
property shared_key : String = "nico-nico-nii" # Default authd key, as per the specs. :eyes:
|
||||
property shared_key_file : String? = nil
|
||||
|
||||
def initialize
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
class AuthD::Exception < Exception
|
||||
end
|
||||
|
||||
|
127
src/main.cr
127
src/main.cr
@ -14,7 +14,28 @@ require "./authd.cr"
|
||||
|
||||
extend AuthD
|
||||
|
||||
class Baguette::Configuration
|
||||
class Auth < Base
|
||||
property recreate_indexes : Bool = false
|
||||
property storage : String = "storage"
|
||||
property registrations : Bool = false
|
||||
property require_email : Bool = false
|
||||
property activation_url : String? = nil
|
||||
property field_subject : String? = nil
|
||||
property field_from : String? = nil
|
||||
property read_only_profile_keys : Array(String) = Array(String).new
|
||||
|
||||
property print_password_recovery_parameters : Bool = false
|
||||
property verbosity : Int32 = 3
|
||||
property print_ipc_timer : Bool = false
|
||||
property ipc_timer : Int32 = 30_000
|
||||
end
|
||||
end
|
||||
|
||||
class AuthD::Service
|
||||
property timer = 30_000 # 30 seconds
|
||||
property print_timer = false
|
||||
|
||||
property registrations_allowed = false
|
||||
property require_email = false
|
||||
property mailer_activation_url : String? = nil
|
||||
@ -22,15 +43,22 @@ class AuthD::Service
|
||||
property mailer_field_subject : String? = nil
|
||||
property read_only_profile_keys = Array(String).new
|
||||
|
||||
|
||||
property print_password_recovery_parameters : Bool = false
|
||||
|
||||
@users_per_login : DODB::Index(User)
|
||||
@users_per_uid : DODB::Index(User)
|
||||
|
||||
def initialize(@storage_root : String, @jwt_key : String)
|
||||
def initialize(@storage_root : String, @jwt_key : String, recreate_indexes : Bool)
|
||||
@users = DODB::DataBase(User).new @storage_root
|
||||
@users_per_uid = @users.new_index "uid", &.uid.to_s
|
||||
@users_per_login = @users.new_index "login", &.login
|
||||
|
||||
@last_uid_file = "#{@storage_root}/last_used_uid"
|
||||
|
||||
if recreate_indexes
|
||||
@users.reindex_everything!
|
||||
end
|
||||
end
|
||||
|
||||
def hash_password(password : String) : String
|
||||
@ -222,6 +250,11 @@ class AuthD::Service
|
||||
end
|
||||
end
|
||||
|
||||
# In this case we should not accept its registration.
|
||||
if request.password.size < 4
|
||||
return Response::Error.new "password too short"
|
||||
end
|
||||
|
||||
uid = new_uid
|
||||
password = hash_password request.password
|
||||
|
||||
@ -407,6 +440,15 @@ class AuthD::Service
|
||||
mailer_activation_url = @mailer_activation_url.not_nil!
|
||||
|
||||
# Once the user is created and stored, we try to contact him
|
||||
|
||||
if @print_password_recovery_parameters
|
||||
pp! user.login,
|
||||
user.contact.email.not_nil!,
|
||||
mailer_field_from,
|
||||
mailer_activation_url,
|
||||
user.password_renew_key.not_nil!
|
||||
end
|
||||
|
||||
unless Process.run("password-recovery-mailer", [
|
||||
"-l", user.login,
|
||||
"-e", user.contact.email.not_nil!,
|
||||
@ -415,6 +457,7 @@ class AuthD::Service
|
||||
"-u", mailer_activation_url,
|
||||
"-a", user.password_renew_key.not_nil!
|
||||
]).success?
|
||||
|
||||
return Response::Error.new "cannot contact the user for password recovery"
|
||||
end
|
||||
end
|
||||
@ -610,8 +653,8 @@ class AuthD::Service
|
||||
##
|
||||
# Provides a JWT-based authentication scheme for service-specific users.
|
||||
server = IPC::Server.new "auth"
|
||||
server.base_timer = 30000 # 30 seconds
|
||||
server.timer = 30000 # 30 seconds
|
||||
server.base_timer = @timer
|
||||
server.timer = @timer
|
||||
server.loop do |event|
|
||||
if event.is_a? IPC::Exception
|
||||
Baguette::Log.error "IPC::Exception"
|
||||
@ -621,7 +664,7 @@ class AuthD::Service
|
||||
|
||||
case event
|
||||
when IPC::Event::Timer
|
||||
Baguette::Log.debug "Timer"
|
||||
Baguette::Log.debug "Timer" if @print_timer
|
||||
when IPC::Event::MessageReceived
|
||||
begin
|
||||
request = Request.from_ipc(event.message).not_nil!
|
||||
@ -636,6 +679,7 @@ class AuthD::Service
|
||||
rescue e : MalformedRequest
|
||||
Baguette::Log.error "#{e.message}"
|
||||
Baguette::Log.error " .. type was: #{e.ipc_type}"
|
||||
Baguette::Log.error " .. tried class was: #{Request.requests.find(&.type.==(e.ipc_type)).to_s}"
|
||||
Baguette::Log.error " .. payload was: #{e.payload}"
|
||||
response = Response::Error.new e.message
|
||||
rescue e
|
||||
@ -649,72 +693,83 @@ class AuthD::Service
|
||||
end
|
||||
end
|
||||
|
||||
authd_storage = "storage"
|
||||
authd_jwt_key = "nico-nico-nii"
|
||||
authd_registrations = false
|
||||
authd_require_email = false
|
||||
activation_url : String? = nil
|
||||
field_subject : String? = nil
|
||||
field_from : String? = nil
|
||||
read_only_profile_keys = Array(String).new
|
||||
|
||||
begin
|
||||
simulation, no_configuration, configuration_file = Baguette::Configuration.option_parser
|
||||
|
||||
configuration = if no_configuration
|
||||
Baguette::Log.info "do not load a configuration file."
|
||||
Baguette::Configuration::Auth.new
|
||||
else
|
||||
Baguette::Configuration::Auth.get(configuration_file) ||
|
||||
Baguette::Configuration::Auth.new
|
||||
end
|
||||
|
||||
Baguette::Context.verbosity = configuration.verbosity
|
||||
|
||||
if key_file = configuration.shared_key_file
|
||||
configuration.shared_key = File.read(key_file).chomp
|
||||
end
|
||||
|
||||
OptionParser.parse do |parser|
|
||||
parser.banner = "usage: authd [options]"
|
||||
|
||||
parser.on "-s directory", "--storage directory", "Directory in which to store users." do |directory|
|
||||
authd_storage = directory
|
||||
parser.on "--storage directory", "Directory in which to store users." do |directory|
|
||||
configuration.storage = directory
|
||||
end
|
||||
|
||||
parser.on "-K file", "--key-file file", "JWT key file" do |file_name|
|
||||
authd_jwt_key = File.read(file_name).chomp
|
||||
configuration.shared_key = File.read(file_name).chomp
|
||||
end
|
||||
|
||||
parser.on "-R", "--allow-registrations" do
|
||||
authd_registrations = true
|
||||
configuration.registrations = true
|
||||
end
|
||||
|
||||
parser.on "-E", "--require-email" do
|
||||
authd_require_email = true
|
||||
configuration.require_email = true
|
||||
end
|
||||
|
||||
parser.on "-t subject", "--subject title", "Subject of the email." do |s|
|
||||
field_subject = s
|
||||
configuration.field_subject = s
|
||||
end
|
||||
|
||||
parser.on "-f from-email", "--from email", "'From:' field to use in activation email." do |f|
|
||||
field_from = f
|
||||
configuration.field_from = f
|
||||
end
|
||||
|
||||
parser.on "-u", "--activation-url url", "Activation URL." do |opt|
|
||||
activation_url = opt
|
||||
configuration.activation_url = opt
|
||||
end
|
||||
|
||||
parser.on "-x key", "--read-only-profile-key key", "Marks a user profile key as being read-only." do |key|
|
||||
read_only_profile_keys.push key
|
||||
configuration.read_only_profile_keys.push key
|
||||
end
|
||||
|
||||
parser.on "-v verbosity",
|
||||
"--verbosity level",
|
||||
"Verbosity level. From 0 to 3. Default: 1" do |v|
|
||||
Baguette::Context.verbosity = v.to_i
|
||||
end
|
||||
|
||||
|
||||
parser.on "-h", "--help", "Show this help" do
|
||||
puts parser
|
||||
|
||||
exit 0
|
||||
end
|
||||
end
|
||||
|
||||
AuthD::Service.new(authd_storage, authd_jwt_key).tap do |authd|
|
||||
authd.registrations_allowed = authd_registrations
|
||||
authd.require_email = authd_require_email
|
||||
authd.mailer_activation_url = activation_url
|
||||
authd.mailer_field_subject = field_subject
|
||||
authd.mailer_field_from = field_from
|
||||
authd.read_only_profile_keys = read_only_profile_keys
|
||||
if simulation
|
||||
pp! configuration
|
||||
exit 0
|
||||
end
|
||||
|
||||
AuthD::Service.new(configuration.storage,
|
||||
configuration.shared_key,
|
||||
configuration.recreate_indexes,
|
||||
).tap do |authd|
|
||||
authd.registrations_allowed = configuration.registrations
|
||||
authd.require_email = configuration.require_email
|
||||
authd.mailer_activation_url = configuration.activation_url
|
||||
authd.mailer_field_subject = configuration.field_subject
|
||||
authd.mailer_field_from = configuration.field_from
|
||||
authd.read_only_profile_keys = configuration.read_only_profile_keys
|
||||
authd.print_timer = configuration.print_ipc_timer
|
||||
authd.timer = configuration.ipc_timer
|
||||
authd.print_password_recovery_parameters = configuration.print_password_recovery_parameters
|
||||
end.run
|
||||
rescue e : OptionParser::Exception
|
||||
Baguette::Log.error e.message
|
||||
|
@ -56,6 +56,8 @@ unrecognized_args_to_context_args = -> (parser : OptionParser, n_expected_args :
|
||||
# With the right args, these will be interpreted as serialized data.
|
||||
parser.unknown_args do |args|
|
||||
if args.size != n_expected_args
|
||||
Baguette::Log.error "expected number of arguments: #{n_expected_args}, received: #{args.size}"
|
||||
Baguette::Log.error "args: #{args}"
|
||||
Baguette::Log.error "#{parser}"
|
||||
exit 1
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user