Removed modular authentication system.
This commit is contained in:
parent
d3ce658e2c
commit
ecf11693b0
7 changed files with 63 additions and 118 deletions
|
@ -1,13 +1,8 @@
|
|||
database:dsn mariadb://user:password@:unix:/eeprom?socket=/var/run/mysqld/mysqld.sock&charset=utf8mb4
|
||||
|
||||
; Must be implementations of \EEPROM\Auth\IAuth
|
||||
auth:clients \EEPROM\Auth\MisuzuAuth \EEPROM\Auth\NabuccoAuth
|
||||
|
||||
misuzu:secret woomy
|
||||
misuzu:endpoint https://flashii.net/_sockchat/verify
|
||||
|
||||
nabucco:secret secret key
|
||||
|
||||
domain:short i.flashii.net
|
||||
domain:api eeprom.flashii.net
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
<?php
|
||||
namespace EEPROM\Auth;
|
||||
|
||||
use stdClass;
|
||||
use Index\Routing\Route;
|
||||
use Index\Routing\RouteHandler;
|
||||
use Syokuhou\IConfig;
|
||||
|
@ -23,18 +22,16 @@ class AuthRoutes extends RouteHandler {
|
|||
$authMethod = strval($authParts[0] ?? '');
|
||||
$authToken = strval($authParts[1] ?? '');
|
||||
|
||||
$authClients = $this->config->getArray('clients');
|
||||
if($authMethod === 'Misuzu') {
|
||||
$authResult = ChatAuth::attempt(
|
||||
$this->config->getString('endpoint'),
|
||||
$this->config->getString('secret'),
|
||||
$authToken
|
||||
);
|
||||
|
||||
foreach($authClients as $client) {
|
||||
$client = new $client;
|
||||
if($client->getName() !== $authMethod)
|
||||
continue;
|
||||
$authUserId = $client->verifyToken($authToken);
|
||||
break;
|
||||
}
|
||||
|
||||
if(isset($authUserId) && $authUserId > 0)
|
||||
$this->authInfo->setInfo($this->usersCtx->getUser($authUserId));
|
||||
if(!empty($authResult->success))
|
||||
$this->authInfo->setInfo($this->usersCtx->getUser($authResult->user_id));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
54
src/Auth/ChatAuth.php
Normal file
54
src/Auth/ChatAuth.php
Normal file
|
@ -0,0 +1,54 @@
|
|||
<?php
|
||||
namespace EEPROM\Auth;
|
||||
|
||||
use stdClass;
|
||||
|
||||
final class ChatAuth {
|
||||
public static function attempt(string $endPoint, string $secret, string $cookie): object {
|
||||
if(!empty($cookie)) {
|
||||
$method = 'Misuzu';
|
||||
$signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']);
|
||||
$signature = hash_hmac('sha256', $signature, $secret);
|
||||
|
||||
$login = curl_init($endPoint);
|
||||
curl_setopt_array($login, [
|
||||
CURLOPT_AUTOREFERER => false,
|
||||
CURLOPT_FAILONERROR => false,
|
||||
CURLOPT_FOLLOWLOCATION => true,
|
||||
CURLOPT_HEADER => false,
|
||||
CURLOPT_POST => true,
|
||||
CURLOPT_POSTFIELDS => http_build_query([
|
||||
'method' => $method,
|
||||
'token' => $cookie,
|
||||
'ipaddr' => $_SERVER['REMOTE_ADDR'],
|
||||
], '', '&', PHP_QUERY_RFC3986),
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_TCP_FASTOPEN => true,
|
||||
CURLOPT_CONNECTTIMEOUT => 2,
|
||||
CURLOPT_MAXREDIRS => 2,
|
||||
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
|
||||
CURLOPT_TIMEOUT => 5,
|
||||
CURLOPT_USERAGENT => 'EEPROM',
|
||||
CURLOPT_HTTPHEADER => [
|
||||
'Content-Type: application/x-www-form-urlencoded',
|
||||
'X-SharpChat-Signature: ' . $signature,
|
||||
],
|
||||
]);
|
||||
$userInfo = json_decode(curl_exec($login));
|
||||
curl_close($login);
|
||||
}
|
||||
|
||||
if(empty($userInfo->success)) {
|
||||
$userInfo = new stdClass;
|
||||
$userInfo->success = false;
|
||||
$userInfo->user_id = 0;
|
||||
$userInfo->username = 'Anonymous';
|
||||
$userInfo->colour_raw = 0x40000000;
|
||||
$userInfo->rank = 0;
|
||||
$userInfo->hierarchy = 0;
|
||||
$userInfo->perms = 0;
|
||||
}
|
||||
|
||||
return $userInfo;
|
||||
}
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
<?php
|
||||
namespace EEPROM\Auth;
|
||||
|
||||
interface IAuth {
|
||||
public function getName(): string;
|
||||
public function verifyToken(string $token): int;
|
||||
}
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
namespace EEPROM\Auth;
|
||||
|
||||
use RuntimeException;
|
||||
use Index\Serialisation\Serialiser;
|
||||
|
||||
class MisuzuAuth implements IAuth {
|
||||
private $endPoint = '';
|
||||
private $secretKey = '';
|
||||
|
||||
public function __construct() {
|
||||
global $cfg;
|
||||
|
||||
$this->endPoint = $cfg->getString('misuzu:endpoint');
|
||||
$this->secretKey = $cfg->getString('misuzu:secret');
|
||||
}
|
||||
|
||||
public function getName(): string { return 'Misuzu'; }
|
||||
|
||||
public function verifyToken(string $token): int {
|
||||
if(empty($token))
|
||||
return 0;
|
||||
|
||||
$method = 'Misuzu';
|
||||
$signature = sprintf('verify#%s#%s#%s', $method, $token, $_SERVER['REMOTE_ADDR']);
|
||||
$signature = hash_hmac('sha256', $signature, $this->secretKey);
|
||||
|
||||
$login = curl_init($this->endPoint);
|
||||
curl_setopt_array($login, [
|
||||
CURLOPT_AUTOREFERER => false,
|
||||
CURLOPT_FAILONERROR => false,
|
||||
CURLOPT_FOLLOWLOCATION => true,
|
||||
CURLOPT_HEADER => false,
|
||||
CURLOPT_POST => true,
|
||||
CURLOPT_POSTFIELDS => http_build_query([
|
||||
'method' => $method,
|
||||
'token' => $token,
|
||||
'ipaddr' => $_SERVER['REMOTE_ADDR'],
|
||||
], '', '&', PHP_QUERY_RFC3986),
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_TCP_FASTOPEN => true,
|
||||
CURLOPT_CONNECTTIMEOUT => 2,
|
||||
CURLOPT_MAXREDIRS => 2,
|
||||
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
|
||||
CURLOPT_TIMEOUT => 5,
|
||||
CURLOPT_USERAGENT => 'Flashii EEPROM',
|
||||
CURLOPT_HTTPHEADER => [
|
||||
'Content-Type: application/x-www-form-urlencoded',
|
||||
'X-SharpChat-Signature: ' . $signature,
|
||||
],
|
||||
]);
|
||||
$rawUserInfo = curl_exec($login);
|
||||
$userInfo = json_decode($rawUserInfo);
|
||||
curl_close($login);
|
||||
|
||||
return empty($userInfo->success) || empty($userInfo->user_id) ? 0 : $userInfo->user_id;
|
||||
}
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
<?php
|
||||
namespace EEPROM\Auth;
|
||||
|
||||
use Index\Serialisation\UriBase64;
|
||||
|
||||
class NabuccoAuth implements IAuth {
|
||||
private $secretKey = '';
|
||||
|
||||
public function __construct() {
|
||||
global $cfg;
|
||||
|
||||
$this->secretKey = $cfg->getString('nabucco:secret');
|
||||
}
|
||||
|
||||
public function getName(): string { return 'Nabucco'; }
|
||||
|
||||
public function hashToken(string $token): string {
|
||||
return hash_hmac('md5', $token, $this->secretKey);
|
||||
}
|
||||
|
||||
public function verifyToken(string $token): int {
|
||||
$length = strlen($token);
|
||||
if($length < 32 || $length > 100)
|
||||
return -1;
|
||||
$userHash = substr($token, 0, 32);
|
||||
$packed = UriBase64::decode(substr($token, 32));
|
||||
$realHash = $this->hashToken($packed);
|
||||
if(!hash_equals($realHash, $userHash))
|
||||
return -1;
|
||||
$unpacked = unpack('NuserId/Ntime/CipWidth/a16ipAddr', $packed);
|
||||
if(empty($unpacked['userId']) || empty($unpacked['time'])
|
||||
|| $unpacked['time'] < strtotime('-1 month'))
|
||||
return -1;
|
||||
return intval($unpacked['userId']);
|
||||
}
|
||||
}
|
|
@ -55,7 +55,7 @@ class EEPROMContext {
|
|||
|
||||
if($isApiDomain) {
|
||||
$routingCtx->register(new Auth\AuthRoutes(
|
||||
$this->config->scopeTo('auth'),
|
||||
$this->config->scopeTo('misuzu'),
|
||||
$this->authInfo,
|
||||
$this->usersCtx
|
||||
));
|
||||
|
|
Loading…
Reference in a new issue