Removed modular authentication system.
This commit is contained in:
parent
d3ce658e2c
commit
ecf11693b0
7 changed files with 63 additions and 118 deletions
|
@ -1,13 +1,8 @@
|
||||||
database:dsn mariadb://user:password@:unix:/eeprom?socket=/var/run/mysqld/mysqld.sock&charset=utf8mb4
|
database:dsn mariadb://user:password@:unix:/eeprom?socket=/var/run/mysqld/mysqld.sock&charset=utf8mb4
|
||||||
|
|
||||||
; Must be implementations of \EEPROM\Auth\IAuth
|
|
||||||
auth:clients \EEPROM\Auth\MisuzuAuth \EEPROM\Auth\NabuccoAuth
|
|
||||||
|
|
||||||
misuzu:secret woomy
|
misuzu:secret woomy
|
||||||
misuzu:endpoint https://flashii.net/_sockchat/verify
|
misuzu:endpoint https://flashii.net/_sockchat/verify
|
||||||
|
|
||||||
nabucco:secret secret key
|
|
||||||
|
|
||||||
domain:short i.flashii.net
|
domain:short i.flashii.net
|
||||||
domain:api eeprom.flashii.net
|
domain:api eeprom.flashii.net
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
namespace EEPROM\Auth;
|
namespace EEPROM\Auth;
|
||||||
|
|
||||||
use stdClass;
|
|
||||||
use Index\Routing\Route;
|
use Index\Routing\Route;
|
||||||
use Index\Routing\RouteHandler;
|
use Index\Routing\RouteHandler;
|
||||||
use Syokuhou\IConfig;
|
use Syokuhou\IConfig;
|
||||||
|
@ -23,18 +22,16 @@ class AuthRoutes extends RouteHandler {
|
||||||
$authMethod = strval($authParts[0] ?? '');
|
$authMethod = strval($authParts[0] ?? '');
|
||||||
$authToken = strval($authParts[1] ?? '');
|
$authToken = strval($authParts[1] ?? '');
|
||||||
|
|
||||||
$authClients = $this->config->getArray('clients');
|
if($authMethod === 'Misuzu') {
|
||||||
|
$authResult = ChatAuth::attempt(
|
||||||
|
$this->config->getString('endpoint'),
|
||||||
|
$this->config->getString('secret'),
|
||||||
|
$authToken
|
||||||
|
);
|
||||||
|
|
||||||
foreach($authClients as $client) {
|
if(!empty($authResult->success))
|
||||||
$client = new $client;
|
$this->authInfo->setInfo($this->usersCtx->getUser($authResult->user_id));
|
||||||
if($client->getName() !== $authMethod)
|
}
|
||||||
continue;
|
|
||||||
$authUserId = $client->verifyToken($authToken);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($authUserId) && $authUserId > 0)
|
|
||||||
$this->authInfo->setInfo($this->usersCtx->getUser($authUserId));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
54
src/Auth/ChatAuth.php
Normal file
54
src/Auth/ChatAuth.php
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
<?php
|
||||||
|
namespace EEPROM\Auth;
|
||||||
|
|
||||||
|
use stdClass;
|
||||||
|
|
||||||
|
final class ChatAuth {
|
||||||
|
public static function attempt(string $endPoint, string $secret, string $cookie): object {
|
||||||
|
if(!empty($cookie)) {
|
||||||
|
$method = 'Misuzu';
|
||||||
|
$signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']);
|
||||||
|
$signature = hash_hmac('sha256', $signature, $secret);
|
||||||
|
|
||||||
|
$login = curl_init($endPoint);
|
||||||
|
curl_setopt_array($login, [
|
||||||
|
CURLOPT_AUTOREFERER => false,
|
||||||
|
CURLOPT_FAILONERROR => false,
|
||||||
|
CURLOPT_FOLLOWLOCATION => true,
|
||||||
|
CURLOPT_HEADER => false,
|
||||||
|
CURLOPT_POST => true,
|
||||||
|
CURLOPT_POSTFIELDS => http_build_query([
|
||||||
|
'method' => $method,
|
||||||
|
'token' => $cookie,
|
||||||
|
'ipaddr' => $_SERVER['REMOTE_ADDR'],
|
||||||
|
], '', '&', PHP_QUERY_RFC3986),
|
||||||
|
CURLOPT_RETURNTRANSFER => true,
|
||||||
|
CURLOPT_TCP_FASTOPEN => true,
|
||||||
|
CURLOPT_CONNECTTIMEOUT => 2,
|
||||||
|
CURLOPT_MAXREDIRS => 2,
|
||||||
|
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
|
||||||
|
CURLOPT_TIMEOUT => 5,
|
||||||
|
CURLOPT_USERAGENT => 'EEPROM',
|
||||||
|
CURLOPT_HTTPHEADER => [
|
||||||
|
'Content-Type: application/x-www-form-urlencoded',
|
||||||
|
'X-SharpChat-Signature: ' . $signature,
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
$userInfo = json_decode(curl_exec($login));
|
||||||
|
curl_close($login);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(empty($userInfo->success)) {
|
||||||
|
$userInfo = new stdClass;
|
||||||
|
$userInfo->success = false;
|
||||||
|
$userInfo->user_id = 0;
|
||||||
|
$userInfo->username = 'Anonymous';
|
||||||
|
$userInfo->colour_raw = 0x40000000;
|
||||||
|
$userInfo->rank = 0;
|
||||||
|
$userInfo->hierarchy = 0;
|
||||||
|
$userInfo->perms = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $userInfo;
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,7 +0,0 @@
|
||||||
<?php
|
|
||||||
namespace EEPROM\Auth;
|
|
||||||
|
|
||||||
interface IAuth {
|
|
||||||
public function getName(): string;
|
|
||||||
public function verifyToken(string $token): int;
|
|
||||||
}
|
|
|
@ -1,58 +0,0 @@
|
||||||
<?php
|
|
||||||
namespace EEPROM\Auth;
|
|
||||||
|
|
||||||
use RuntimeException;
|
|
||||||
use Index\Serialisation\Serialiser;
|
|
||||||
|
|
||||||
class MisuzuAuth implements IAuth {
|
|
||||||
private $endPoint = '';
|
|
||||||
private $secretKey = '';
|
|
||||||
|
|
||||||
public function __construct() {
|
|
||||||
global $cfg;
|
|
||||||
|
|
||||||
$this->endPoint = $cfg->getString('misuzu:endpoint');
|
|
||||||
$this->secretKey = $cfg->getString('misuzu:secret');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getName(): string { return 'Misuzu'; }
|
|
||||||
|
|
||||||
public function verifyToken(string $token): int {
|
|
||||||
if(empty($token))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
$method = 'Misuzu';
|
|
||||||
$signature = sprintf('verify#%s#%s#%s', $method, $token, $_SERVER['REMOTE_ADDR']);
|
|
||||||
$signature = hash_hmac('sha256', $signature, $this->secretKey);
|
|
||||||
|
|
||||||
$login = curl_init($this->endPoint);
|
|
||||||
curl_setopt_array($login, [
|
|
||||||
CURLOPT_AUTOREFERER => false,
|
|
||||||
CURLOPT_FAILONERROR => false,
|
|
||||||
CURLOPT_FOLLOWLOCATION => true,
|
|
||||||
CURLOPT_HEADER => false,
|
|
||||||
CURLOPT_POST => true,
|
|
||||||
CURLOPT_POSTFIELDS => http_build_query([
|
|
||||||
'method' => $method,
|
|
||||||
'token' => $token,
|
|
||||||
'ipaddr' => $_SERVER['REMOTE_ADDR'],
|
|
||||||
], '', '&', PHP_QUERY_RFC3986),
|
|
||||||
CURLOPT_RETURNTRANSFER => true,
|
|
||||||
CURLOPT_TCP_FASTOPEN => true,
|
|
||||||
CURLOPT_CONNECTTIMEOUT => 2,
|
|
||||||
CURLOPT_MAXREDIRS => 2,
|
|
||||||
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
|
|
||||||
CURLOPT_TIMEOUT => 5,
|
|
||||||
CURLOPT_USERAGENT => 'Flashii EEPROM',
|
|
||||||
CURLOPT_HTTPHEADER => [
|
|
||||||
'Content-Type: application/x-www-form-urlencoded',
|
|
||||||
'X-SharpChat-Signature: ' . $signature,
|
|
||||||
],
|
|
||||||
]);
|
|
||||||
$rawUserInfo = curl_exec($login);
|
|
||||||
$userInfo = json_decode($rawUserInfo);
|
|
||||||
curl_close($login);
|
|
||||||
|
|
||||||
return empty($userInfo->success) || empty($userInfo->user_id) ? 0 : $userInfo->user_id;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,36 +0,0 @@
|
||||||
<?php
|
|
||||||
namespace EEPROM\Auth;
|
|
||||||
|
|
||||||
use Index\Serialisation\UriBase64;
|
|
||||||
|
|
||||||
class NabuccoAuth implements IAuth {
|
|
||||||
private $secretKey = '';
|
|
||||||
|
|
||||||
public function __construct() {
|
|
||||||
global $cfg;
|
|
||||||
|
|
||||||
$this->secretKey = $cfg->getString('nabucco:secret');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getName(): string { return 'Nabucco'; }
|
|
||||||
|
|
||||||
public function hashToken(string $token): string {
|
|
||||||
return hash_hmac('md5', $token, $this->secretKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function verifyToken(string $token): int {
|
|
||||||
$length = strlen($token);
|
|
||||||
if($length < 32 || $length > 100)
|
|
||||||
return -1;
|
|
||||||
$userHash = substr($token, 0, 32);
|
|
||||||
$packed = UriBase64::decode(substr($token, 32));
|
|
||||||
$realHash = $this->hashToken($packed);
|
|
||||||
if(!hash_equals($realHash, $userHash))
|
|
||||||
return -1;
|
|
||||||
$unpacked = unpack('NuserId/Ntime/CipWidth/a16ipAddr', $packed);
|
|
||||||
if(empty($unpacked['userId']) || empty($unpacked['time'])
|
|
||||||
|| $unpacked['time'] < strtotime('-1 month'))
|
|
||||||
return -1;
|
|
||||||
return intval($unpacked['userId']);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -55,7 +55,7 @@ class EEPROMContext {
|
||||||
|
|
||||||
if($isApiDomain) {
|
if($isApiDomain) {
|
||||||
$routingCtx->register(new Auth\AuthRoutes(
|
$routingCtx->register(new Auth\AuthRoutes(
|
||||||
$this->config->scopeTo('auth'),
|
$this->config->scopeTo('misuzu'),
|
||||||
$this->authInfo,
|
$this->authInfo,
|
||||||
$this->usersCtx
|
$this->usersCtx
|
||||||
));
|
));
|
||||||
|
|
Loading…
Reference in a new issue