astra/ntfy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Token login

Browse source
This commit is contained in:
Philipp Heckel 2022-12-07 20:44:20 -05:00
parent 35657a7bbd
commit 8dcb4be8a8
11 changed files with 94 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

5
auth/auth.go
View file

@ -14,8 +14,8 @@ type Auther interface {
Authenticate(username, password string) (*User, error)
AuthenticateToken(token string) (*User, error)
GenerateToken(user *User) (string, error)
CreateToken(user *User) (string, error)
RemoveToken(user *User) error
// Authorize returns nil if the given user has access to the given topic using the desired
// permission. The user param may be nil to signal an anonymous user.
@ -62,6 +62,7 @@ type Manager interface {
type User struct {
Name string
Hash string // password hash (bcrypt)
Token string // Only set if token was used to log in
Role Role
Grants []Grant
Language string

16
auth/auth_sqlite.go
View file

@ -102,6 +102,7 @@ const (
deleteTopicAccessQuery = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) AND topic = ?`
insertTokenQuery = `INSERT INTO user_token (user_id, token, expires) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?)`
deleteTokenQuery = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
)
// Schema management queries
@ -138,7 +139,7 @@ func NewSQLiteAuth(filename string, defaultRead, defaultWrite bool) (*SQLiteAuth
}, nil
}
// AuthenticateUser checks username and password and returns a user if correct. The method
// Authenticate checks username and password and returns a user if correct. The method
// returns in constant-ish time, regardless of whether the user exists or the password is
// correct or incorrect.
func (a *SQLiteAuth) Authenticate(username, password string) (*User, error) {
@ -162,10 +163,11 @@ func (a *SQLiteAuth) AuthenticateToken(token string) (*User, error) {
if err != nil {
return nil, ErrUnauthenticated
}
user.Token = token
return user, nil
}
func (a *SQLiteAuth) GenerateToken(user *User) (string, error) {
func (a *SQLiteAuth) CreateToken(user *User) (string, error) {
token := util.RandomString(tokenLength)
expires := 1 // FIXME
if _, err := a.db.Exec(insertTokenQuery, user.Name, token, expires); err != nil {
@ -174,6 +176,16 @@ func (a *SQLiteAuth) GenerateToken(user *User) (string, error) {
return token, nil
}
func (a *SQLiteAuth) RemoveToken(user *User) error {
if user.Token == "" {
return ErrUnauthorized
}
if _, err := a.db.Exec(deleteTokenQuery, user.Name, user.Token); err != nil {
return err
}
return nil
}
// Authorize returns nil if the given user has access to the given topic using the desired
// permission. The user param may be nil to signal an anonymous user.
func (a *SQLiteAuth) Authorize(user *User, topic string, perm Permission) error {