rpdata
/
api
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
GraphQL API and utilities for the rpdata project
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
261 Commits
6 Branches
38 Tags
5.6 MiB
Tree: 0e70e37038
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0e70e37038'
${ noResults }
api/internal/auth/key.go

109 lines
2.3 KiB
Raw Normal View History

auth: Replaced old system with api key-based system.
6 years ago
  1. package auth
  3. import (
  4. "crypto/rand"
  5. "encoding/binary"
  6. "errors"
  7. "strconv"
  9. "git.aiterp.net/rpdata/api/internal/store"
  10. "github.com/globalsign/mgo"
  11. )
  13. var keyCollection *mgo.Collection
  15. // A Key contains a JWT secret and the limitations of it. There are two types of
  16. // keys, single-user keys and wildcard keys. The former is used to authenticate
  17. // a single user (e.g. the logbot) through an API while the latter is only for
  18. // services that can be trusted to perform its own authentication (a frontend).
  19. type Key struct {
  20. ID string `bson:"_id"`
  21. Name string `bson:"name"`
  22. User string `bson:"user"`
  23. Secret string `bson:"secret"`
  24. }
  26. // ValidForUser returns true if the key's user is the same as
  27. // the user, or it's a wildcard key.
  28. func (key *Key) ValidForUser(user string) bool {
  29. return key.User == user || key.User == "*"
  30. }
  32. // FindKey finds a key by kid (key ID)
  33. func FindKey(kid string) (Key, error) {
  34. key := Key{}
  35. err := keyCollection.FindId(kid).One(&key)
  37. return key, err
  38. }
  40. // NewKey generates a new key for the user and name. This
  41. // does not allow generating wildcard keys, they have to be
  42. // manually inserted into the DB.
  43. func NewKey(name, user string) (*Key, error) {
  44. if user == "*" {
  45. return nil, errors.New("auth: wildcard keys not allowed")
  46. }
  48. secret, err := makeKeySecret()
  49. if err != nil {
  50. return nil, err
  51. }
  53. key := &Key{
  54. ID: makeKeyID(),
  55. Name: name,
  56. User: user,
  57. Secret: secret,
  58. }
  60. if err := keyCollection.Insert(key); err != nil {
  61. return nil, err
  62. }
  64. return key, nil
  65. }
  67. func init() {
  68. store.HandleInit(func(db *mgo.Database) {
  69. keyCollection = db.C("auth.keys")
  71. keyCollection.EnsureIndexKey("user")
  72. })
  73. }
  75. // makeKeyID makes a random story ID that's 16 characters long
  76. func makeKeyID() string {
  77. result := "K"
  78. offset := 0
  79. data := make([]byte, 32)
  81. rand.Read(data)
  82. for len(result) < 16 {
  83. result += strconv.FormatUint(binary.LittleEndian.Uint64(data[offset:]), 36)
  84. offset += 8
  86. if offset >= 32 {
  87. rand.Read(data)
  88. offset = 0
  89. }
  90. }
  92. return result[:16]
  93. }
  95. func makeKeySecret() (string, error) {
  96. data := make([]byte, 64)
  97. alphabet := "0123456789abcdefghjiklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSUTVWXYZ-_"
  99. _, err := rand.Read(data)
  100. if err != nil {
  101. return "", err
  102. }
  104. for i := range data {
  105. data[i] = alphabet[data[i]%64]
  106. }
  108. return string(data), nil
  109. }