Removed modular authentication system.

2023-11-09 21:32:39 +00:00 · 2023-11-09 21:32:39 +00:00 · ecf11693b0
commit ecf11693b0
parent d3ce658e2c
7 changed files with 63 additions and 118 deletions
--- a/config.example.cfg
+++ b/config.example.cfg
@ -1,13 +1,8 @@
 database:dsn mariadb://user:password@:unix:/eeprom?socket=/var/run/mysqld/mysqld.sock&charset=utf8mb4
 ; Must be implementations of \EEPROM\Auth\IAuth
 auth:clients \EEPROM\Auth\MisuzuAuth \EEPROM\Auth\NabuccoAuth
 misuzu:secret   woomy
 misuzu:endpoint https://flashii.net/_sockchat/verify
 nabucco:secret secret key
 domain:short i.flashii.net
 domain:api   eeprom.flashii.net
--- a/src/Auth/AuthRoutes.php
+++ b/src/Auth/AuthRoutes.php
@ -1,7 +1,6 @@
 <?php
 namespace EEPROM\Auth;
 use stdClass;
 use Index\Routing\Route;
 use Index\Routing\RouteHandler;
 use Syokuhou\IConfig;
@ -23,18 +22,16 @@ class AuthRoutes extends RouteHandler {
            $authMethod = strval($authParts[0] ?? '');
            $authToken = strval($authParts[1] ?? '');
-            $authClients = $this->config->getArray('clients');
+            if($authMethod === 'Misuzu') {
                $authResult = ChatAuth::attempt(
                    $this->config->getString('endpoint'),
                    $this->config->getString('secret'),
                    $authToken
                );
-            foreach($authClients as $client) {
+                if(!empty($authResult->success))
-                $client = new $client;
+                    $this->authInfo->setInfo($this->usersCtx->getUser($authResult->user_id));
                if($client->getName() !== $authMethod)
                    continue;
                $authUserId = $client->verifyToken($authToken);
                break;
            }
            if(isset($authUserId) && $authUserId > 0)
                $this->authInfo->setInfo($this->usersCtx->getUser($authUserId));
        }
    }
 }
--- a/src/Auth/ChatAuth.php
+++ b/src/Auth/ChatAuth.php
@ -0,0 +1,54 @@
 <?php
 namespace EEPROM\Auth;
 use stdClass;
 final class ChatAuth {
    public static function attempt(string $endPoint, string $secret, string $cookie): object {
        if(!empty($cookie)) {
            $method = 'Misuzu';
            $signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']);
            $signature = hash_hmac('sha256', $signature, $secret);
            $login = curl_init($endPoint);
            curl_setopt_array($login, [
                CURLOPT_AUTOREFERER => false,
                CURLOPT_FAILONERROR => false,
                CURLOPT_FOLLOWLOCATION => true,
                CURLOPT_HEADER => false,
                CURLOPT_POST => true,
                CURLOPT_POSTFIELDS => http_build_query([
                    'method' => $method,
                    'token' => $cookie,
                    'ipaddr' => $_SERVER['REMOTE_ADDR'],
                ], '', '&', PHP_QUERY_RFC3986),
                CURLOPT_RETURNTRANSFER => true,
                CURLOPT_TCP_FASTOPEN => true,
                CURLOPT_CONNECTTIMEOUT => 2,
                CURLOPT_MAXREDIRS => 2,
                CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
                CURLOPT_TIMEOUT => 5,
                CURLOPT_USERAGENT => 'EEPROM',
                CURLOPT_HTTPHEADER => [
                    'Content-Type: application/x-www-form-urlencoded',
                    'X-SharpChat-Signature: ' . $signature,
                ],
            ]);
            $userInfo = json_decode(curl_exec($login));
            curl_close($login);
        }
        if(empty($userInfo->success)) {
            $userInfo = new stdClass;
            $userInfo->success = false;
            $userInfo->user_id = 0;
            $userInfo->username = 'Anonymous';
            $userInfo->colour_raw = 0x40000000;
            $userInfo->rank = 0;
            $userInfo->hierarchy = 0;
            $userInfo->perms = 0;
        }
        return $userInfo;
    }
 }
--- a/src/Auth/IAuth.php
+++ b/src/Auth/IAuth.php
@ -1,7 +0,0 @@
 <?php
 namespace EEPROM\Auth;
 interface IAuth {
    public function getName(): string;
    public function verifyToken(string $token): int;
 }
--- a/src/Auth/MisuzuAuth.php
+++ b/src/Auth/MisuzuAuth.php
@ -1,58 +0,0 @@
 <?php
 namespace EEPROM\Auth;
 use RuntimeException;
 use Index\Serialisation\Serialiser;
 class MisuzuAuth implements IAuth {
    private $endPoint = '';
    private $secretKey = '';
    public function __construct() {
        global $cfg;
        $this->endPoint = $cfg->getString('misuzu:endpoint');
        $this->secretKey = $cfg->getString('misuzu:secret');
    }
    public function getName(): string { return 'Misuzu'; }
    public function verifyToken(string $token): int {
        if(empty($token))
            return 0;
        $method = 'Misuzu';
        $signature = sprintf('verify#%s#%s#%s', $method, $token, $_SERVER['REMOTE_ADDR']);
        $signature = hash_hmac('sha256', $signature, $this->secretKey);
        $login = curl_init($this->endPoint);
        curl_setopt_array($login, [
            CURLOPT_AUTOREFERER => false,
            CURLOPT_FAILONERROR => false,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_HEADER => false,
            CURLOPT_POST => true,
            CURLOPT_POSTFIELDS => http_build_query([
                'method' => $method,
                'token' => $token,
                'ipaddr' => $_SERVER['REMOTE_ADDR'],
            ], '', '&', PHP_QUERY_RFC3986),
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_TCP_FASTOPEN => true,
            CURLOPT_CONNECTTIMEOUT => 2,
            CURLOPT_MAXREDIRS => 2,
            CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
            CURLOPT_TIMEOUT => 5,
            CURLOPT_USERAGENT => 'Flashii EEPROM',
            CURLOPT_HTTPHEADER => [
                'Content-Type: application/x-www-form-urlencoded',
                'X-SharpChat-Signature: ' . $signature,
            ],
        ]);
        $rawUserInfo = curl_exec($login);
        $userInfo = json_decode($rawUserInfo);
        curl_close($login);
        return empty($userInfo->success) || empty($userInfo->user_id) ? 0 : $userInfo->user_id;
    }
 }
--- a/src/Auth/NabuccoAuth.php
+++ b/src/Auth/NabuccoAuth.php
@ -1,36 +0,0 @@
 <?php
 namespace EEPROM\Auth;
 use Index\Serialisation\UriBase64;
 class NabuccoAuth implements IAuth {
    private $secretKey = '';
    public function __construct() {
        global $cfg;
        $this->secretKey = $cfg->getString('nabucco:secret');
    }
    public function getName(): string { return 'Nabucco'; }
    public function hashToken(string $token): string {
        return hash_hmac('md5', $token, $this->secretKey);
    }
    public function verifyToken(string $token): int {
        $length = strlen($token);
        if($length < 32 || $length > 100)
            return -1;
        $userHash = substr($token, 0, 32);
        $packed = UriBase64::decode(substr($token, 32));
        $realHash = $this->hashToken($packed);
        if(!hash_equals($realHash, $userHash))
            return -1;
        $unpacked = unpack('NuserId/Ntime/CipWidth/a16ipAddr', $packed);
        if(empty($unpacked['userId']) || empty($unpacked['time'])
            || $unpacked['time'] < strtotime('-1 month'))
            return -1;
        return intval($unpacked['userId']);
    }
 }
--- a/src/EEPROMContext.php
+++ b/src/EEPROMContext.php
@ -55,7 +55,7 @@ class EEPROMContext {
        if($isApiDomain) {
            $routingCtx->register(new Auth\AuthRoutes(
-                $this->config->scopeTo('auth'),
+                $this->config->scopeTo('misuzu'),
                $this->authInfo,
                $this->usersCtx
            ));