Removed modular authentication system.

This commit is contained in:
flash 2023-11-09 21:32:39 +00:00
parent d3ce658e2c
commit ecf11693b0
7 changed files with 63 additions and 118 deletions

View file

@ -1,13 +1,8 @@
database:dsn mariadb://user:password@:unix:/eeprom?socket=/var/run/mysqld/mysqld.sock&charset=utf8mb4
; Must be implementations of \EEPROM\Auth\IAuth
auth:clients \EEPROM\Auth\MisuzuAuth \EEPROM\Auth\NabuccoAuth
misuzu:secret woomy
misuzu:endpoint https://flashii.net/_sockchat/verify
nabucco:secret secret key
domain:short i.flashii.net
domain:api eeprom.flashii.net

View file

@ -1,7 +1,6 @@
<?php
namespace EEPROM\Auth;
use stdClass;
use Index\Routing\Route;
use Index\Routing\RouteHandler;
use Syokuhou\IConfig;
@ -23,18 +22,16 @@ class AuthRoutes extends RouteHandler {
$authMethod = strval($authParts[0] ?? '');
$authToken = strval($authParts[1] ?? '');
$authClients = $this->config->getArray('clients');
if($authMethod === 'Misuzu') {
$authResult = ChatAuth::attempt(
$this->config->getString('endpoint'),
$this->config->getString('secret'),
$authToken
);
foreach($authClients as $client) {
$client = new $client;
if($client->getName() !== $authMethod)
continue;
$authUserId = $client->verifyToken($authToken);
break;
}
if(isset($authUserId) && $authUserId > 0)
$this->authInfo->setInfo($this->usersCtx->getUser($authUserId));
if(!empty($authResult->success))
$this->authInfo->setInfo($this->usersCtx->getUser($authResult->user_id));
}
}
}
}

54
src/Auth/ChatAuth.php Normal file
View file

@ -0,0 +1,54 @@
<?php
namespace EEPROM\Auth;
use stdClass;
final class ChatAuth {
public static function attempt(string $endPoint, string $secret, string $cookie): object {
if(!empty($cookie)) {
$method = 'Misuzu';
$signature = sprintf('verify#%s#%s#%s', $method, $cookie, $_SERVER['REMOTE_ADDR']);
$signature = hash_hmac('sha256', $signature, $secret);
$login = curl_init($endPoint);
curl_setopt_array($login, [
CURLOPT_AUTOREFERER => false,
CURLOPT_FAILONERROR => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HEADER => false,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query([
'method' => $method,
'token' => $cookie,
'ipaddr' => $_SERVER['REMOTE_ADDR'],
], '', '&', PHP_QUERY_RFC3986),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TCP_FASTOPEN => true,
CURLOPT_CONNECTTIMEOUT => 2,
CURLOPT_MAXREDIRS => 2,
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
CURLOPT_TIMEOUT => 5,
CURLOPT_USERAGENT => 'EEPROM',
CURLOPT_HTTPHEADER => [
'Content-Type: application/x-www-form-urlencoded',
'X-SharpChat-Signature: ' . $signature,
],
]);
$userInfo = json_decode(curl_exec($login));
curl_close($login);
}
if(empty($userInfo->success)) {
$userInfo = new stdClass;
$userInfo->success = false;
$userInfo->user_id = 0;
$userInfo->username = 'Anonymous';
$userInfo->colour_raw = 0x40000000;
$userInfo->rank = 0;
$userInfo->hierarchy = 0;
$userInfo->perms = 0;
}
return $userInfo;
}
}

View file

@ -1,7 +0,0 @@
<?php
namespace EEPROM\Auth;
interface IAuth {
public function getName(): string;
public function verifyToken(string $token): int;
}

View file

@ -1,58 +0,0 @@
<?php
namespace EEPROM\Auth;
use RuntimeException;
use Index\Serialisation\Serialiser;
class MisuzuAuth implements IAuth {
private $endPoint = '';
private $secretKey = '';
public function __construct() {
global $cfg;
$this->endPoint = $cfg->getString('misuzu:endpoint');
$this->secretKey = $cfg->getString('misuzu:secret');
}
public function getName(): string { return 'Misuzu'; }
public function verifyToken(string $token): int {
if(empty($token))
return 0;
$method = 'Misuzu';
$signature = sprintf('verify#%s#%s#%s', $method, $token, $_SERVER['REMOTE_ADDR']);
$signature = hash_hmac('sha256', $signature, $this->secretKey);
$login = curl_init($this->endPoint);
curl_setopt_array($login, [
CURLOPT_AUTOREFERER => false,
CURLOPT_FAILONERROR => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HEADER => false,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query([
'method' => $method,
'token' => $token,
'ipaddr' => $_SERVER['REMOTE_ADDR'],
], '', '&', PHP_QUERY_RFC3986),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TCP_FASTOPEN => true,
CURLOPT_CONNECTTIMEOUT => 2,
CURLOPT_MAXREDIRS => 2,
CURLOPT_PROTOCOLS => CURLPROTO_HTTPS,
CURLOPT_TIMEOUT => 5,
CURLOPT_USERAGENT => 'Flashii EEPROM',
CURLOPT_HTTPHEADER => [
'Content-Type: application/x-www-form-urlencoded',
'X-SharpChat-Signature: ' . $signature,
],
]);
$rawUserInfo = curl_exec($login);
$userInfo = json_decode($rawUserInfo);
curl_close($login);
return empty($userInfo->success) || empty($userInfo->user_id) ? 0 : $userInfo->user_id;
}
}

View file

@ -1,36 +0,0 @@
<?php
namespace EEPROM\Auth;
use Index\Serialisation\UriBase64;
class NabuccoAuth implements IAuth {
private $secretKey = '';
public function __construct() {
global $cfg;
$this->secretKey = $cfg->getString('nabucco:secret');
}
public function getName(): string { return 'Nabucco'; }
public function hashToken(string $token): string {
return hash_hmac('md5', $token, $this->secretKey);
}
public function verifyToken(string $token): int {
$length = strlen($token);
if($length < 32 || $length > 100)
return -1;
$userHash = substr($token, 0, 32);
$packed = UriBase64::decode(substr($token, 32));
$realHash = $this->hashToken($packed);
if(!hash_equals($realHash, $userHash))
return -1;
$unpacked = unpack('NuserId/Ntime/CipWidth/a16ipAddr', $packed);
if(empty($unpacked['userId']) || empty($unpacked['time'])
|| $unpacked['time'] < strtotime('-1 month'))
return -1;
return intval($unpacked['userId']);
}
}

View file

@ -55,7 +55,7 @@ class EEPROMContext {
if($isApiDomain) {
$routingCtx->register(new Auth\AuthRoutes(
$this->config->scopeTo('auth'),
$this->config->scopeTo('misuzu'),
$this->authInfo,
$this->usersCtx
));