Added auth RPC routes.
This commit is contained in:
parent
34528ae413
commit
8a06836985
3 changed files with 80 additions and 5 deletions
63
src/Auth/AuthRpcActions.php
Normal file
63
src/Auth/AuthRpcActions.php
Normal file
|
|
@ -0,0 +1,63 @@
|
||||||
|
<?php
|
||||||
|
namespace Misuzu\Auth;
|
||||||
|
|
||||||
|
use RuntimeException;
|
||||||
|
use Misuzu\Users\{UsersContext,UserInfo};
|
||||||
|
use Aiwass\Server\{RpcActionHandler,RpcProcedure};
|
||||||
|
use Syokuhou\IConfig;
|
||||||
|
|
||||||
|
final class AuthRpcActions extends RpcActionHandler {
|
||||||
|
public function __construct(
|
||||||
|
private IConfig $impersonateConfig,
|
||||||
|
private UsersContext $usersCtx,
|
||||||
|
private AuthContext $authCtx
|
||||||
|
) {}
|
||||||
|
|
||||||
|
private function canImpersonateUserId(UserInfo $impersonator, string $targetId): bool {
|
||||||
|
if($impersonator->isSuperUser())
|
||||||
|
return true;
|
||||||
|
|
||||||
|
$whitelist = $this->impersonateConfig->getArray(sprintf('allow.u%s', $impersonator->getId()));
|
||||||
|
return in_array($targetId, $whitelist, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[RpcProcedure('misuzu:auth:attemptMisuzuAuth')]
|
||||||
|
public function procAttemptMisuzuAuth(string $remoteAddr, string $token): array {
|
||||||
|
$tokenInfo = $this->authCtx->createAuthTokenPacker()->unpack($token);
|
||||||
|
if(!$tokenInfo->isEmpty())
|
||||||
|
$token = $tokenInfo->getSessionToken();
|
||||||
|
|
||||||
|
$sessions = $this->authCtx->getSessions();
|
||||||
|
try {
|
||||||
|
$sessionInfo = $sessions->getSession(sessionToken: $token);
|
||||||
|
} catch(RuntimeException $ex) {
|
||||||
|
return ['method' => 'misuzu', 'error' => 'token'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if($sessionInfo->hasExpired()) {
|
||||||
|
$sessions->deleteSessions(sessionInfos: $sessionInfo);
|
||||||
|
return ['method' => 'misuzu', 'error' => 'expired'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $remoteAddr);
|
||||||
|
|
||||||
|
$users = $this->usersCtx->getUsers();
|
||||||
|
$userInfo = $users->getUser($sessionInfo->getUserId(), 'id');
|
||||||
|
if($tokenInfo->hasImpersonatedUserId() && $this->canImpersonateUserId($userInfo, $tokenInfo->getImpersonatedUserId())) {
|
||||||
|
$userInfoReal = $userInfo;
|
||||||
|
|
||||||
|
try {
|
||||||
|
$userInfo = $users->getUser($tokenInfo->getImpersonatedUserId(), 'id');
|
||||||
|
} catch(RuntimeException $ex) {
|
||||||
|
$userInfo = $userInfoReal;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return [
|
||||||
|
'method' => 'misuzu',
|
||||||
|
'type' => 'user',
|
||||||
|
'user' => $userInfo->getId(),
|
||||||
|
'expires' => $sessionInfo->getExpiresTime(),
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -282,11 +282,23 @@ class MisuzuContext {
|
||||||
$routingCtx->register(new LegacyRoutes($this->urls));
|
$routingCtx->register(new LegacyRoutes($this->urls));
|
||||||
|
|
||||||
$rpcServer = new RpcServer;
|
$rpcServer = new RpcServer;
|
||||||
$routingCtx->getRouter()->scopeTo('/_hanyuu')->register($rpcServer->createRouteHandler(
|
$routingCtx->getRouter()->register($rpcServer->createRouteHandler(
|
||||||
|
new HmacVerificationProvider(fn() => $this->config->getString('aleister.secret'))
|
||||||
|
));
|
||||||
|
|
||||||
|
$rpcServer->register(new Auth\AuthRpcActions(
|
||||||
|
$this->config->scopeTo('impersonate'),
|
||||||
|
$this->usersCtx,
|
||||||
|
$this->authCtx
|
||||||
|
));
|
||||||
|
|
||||||
|
// This RPC server will eventually despawn when Hanyuu fully owns auth
|
||||||
|
$hanyuuRpcServer = new RpcServer;
|
||||||
|
$routingCtx->getRouter()->scopeTo('/_hanyuu')->register($hanyuuRpcServer->createRouteHandler(
|
||||||
new HmacVerificationProvider(fn() => $this->config->getString('hanyuu.secret'))
|
new HmacVerificationProvider(fn() => $this->config->getString('hanyuu.secret'))
|
||||||
));
|
));
|
||||||
|
|
||||||
$rpcServer->register(new Hanyuu\HanyuuRpcActions(
|
$hanyuuRpcServer->register(new Hanyuu\HanyuuRpcActions(
|
||||||
fn() => $this->config->getString('hanyuu.endpoint'),
|
fn() => $this->config->getString('hanyuu.endpoint'),
|
||||||
$this->config->scopeTo('impersonate'),
|
$this->config->scopeTo('impersonate'),
|
||||||
$this->urls,
|
$this->urls,
|
||||||
|
|
|
||||||
|
|
@ -2,15 +2,15 @@
|
||||||
namespace Misuzu\SharpChat;
|
namespace Misuzu\SharpChat;
|
||||||
|
|
||||||
use RuntimeException;
|
use RuntimeException;
|
||||||
use Index\Colour\Colour;
|
|
||||||
use Index\Http\Routing\{HandlerAttribute,HttpDelete,HttpGet,HttpOptions,HttpPost,RouteHandler};
|
|
||||||
use Syokuhou\IConfig;
|
|
||||||
use Misuzu\RoutingContext;
|
use Misuzu\RoutingContext;
|
||||||
use Misuzu\Auth\{AuthContext,AuthInfo,Sessions};
|
use Misuzu\Auth\{AuthContext,AuthInfo,Sessions};
|
||||||
use Misuzu\Emoticons\Emotes;
|
use Misuzu\Emoticons\Emotes;
|
||||||
use Misuzu\Perms\Permissions;
|
use Misuzu\Perms\Permissions;
|
||||||
use Misuzu\URLs\URLRegistry;
|
use Misuzu\URLs\URLRegistry;
|
||||||
use Misuzu\Users\{Bans,UsersContext,UserInfo};
|
use Misuzu\Users\{Bans,UsersContext,UserInfo};
|
||||||
|
use Index\Colour\Colour;
|
||||||
|
use Index\Http\Routing\{HandlerAttribute,HttpDelete,HttpGet,HttpOptions,HttpPost,RouteHandler};
|
||||||
|
use Syokuhou\IConfig;
|
||||||
|
|
||||||
final class SharpChatRoutes extends RouteHandler {
|
final class SharpChatRoutes extends RouteHandler {
|
||||||
private string $hashKey;
|
private string $hashKey;
|
||||||
|
|
|
||||||
Reference in a new issue