mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-10 08:23:11 -06:00
Code Issues Packages Projects Releases Wiki Activity

Begin fleshing out how CS API endpoints do auth properly

Browse source 
Without it being a GIGANTIC PITA
This commit is contained in:
Kegan Dougal 2017-05-22 17:25:39 +01:00
parent d63a1ddc7c
commit c9ffdd98d4
3 changed files with 54 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
View file

@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
// Package auth implements authentication checks and storage.
package auth package auth
import ( import (
@ -19,31 +20,48 @@ import (
"net/http" "net/http"
"strings" "strings"
"github.com/matrix-org/dendrite/clientapi/auth/storage/devices"
"github.com/matrix-org/dendrite/clientapi/auth/types"
"github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/clientapi/jsonerror"
"github.com/matrix-org/util" "github.com/matrix-org/util"
) )
// VerifyAccessToken verifies that an access token was supplied in the given HTTP request // VerifyAccessToken TODO: Remove me.
// and returns the user ID it corresponds to. Returns resErr (an error response which can be
// sent to the client) if the token is invalid or there was a problem querying the database.
func VerifyAccessToken(req *http.Request) (userID string, resErr *util.JSONResponse) { func VerifyAccessToken(req *http.Request) (userID string, resErr *util.JSONResponse) {
token, tokenErr := extractAccessToken(req) token, err := extractAccessToken(req)
if tokenErr != nil { if err != nil {
resErr = &util.JSONResponse{ resErr = &util.JSONResponse{
Code: 401, Code: 401,
JSON: jsonerror.MissingToken(tokenErr.Error()), JSON: jsonerror.MissingToken(err.Error()),
} }
return return
} }
if token == "fail" {
res := util.ErrorResponse(fmt.Errorf("Fatal error"))
resErr = &res
}
// TODO: Check the token against the database
userID = token userID = token
return return
} }
// VerifyAccessTokenNew verifies that an access token was supplied in the given HTTP request
// and returns the device it corresponds to. Returns resErr (an error response which can be
// sent to the client) if the token is invalid or there was a problem querying the database.
func VerifyAccessTokenNew(req *http.Request, deviceDB *devices.Database) (device *types.Device, resErr *util.JSONResponse) {
token, err := extractAccessToken(req)
if err != nil {
resErr = &util.JSONResponse{
Code: 401,
JSON: jsonerror.MissingToken(err.Error()),
}
return
}
device, err = deviceDB.GetDeviceByAccessToken(token)
if err != nil {
resErr = &util.JSONResponse{
Code: 500,
JSON: jsonerror.Unknown("Failed to check access token"),
}
}
return
}
// extractAccessToken from a request, or return an error detailing what went wrong. The // extractAccessToken from a request, or return an error detailing what went wrong. The
// error message MUST be human-readable and comprehensible to the client. // error message MUST be human-readable and comprehensible to the client.
func extractAccessToken(req *http.Request) (string, error) { func extractAccessToken(req *http.Request) (string, error) {

12
src/github.com/matrix-org/dendrite/clientapi/auth/storage/devices/storage.go
View file

@ -14,6 +14,10 @@
package devices package devices
import (
"github.com/matrix-org/dendrite/clientapi/auth/types"
)
// Database represents a device database. // Database represents a device database.
type Database struct { type Database struct {
// TODO // TODO
@ -23,3 +27,11 @@ type Database struct {
func NewDatabase() *Database { func NewDatabase() *Database {
return &Database{} return &Database{}
} }
// GetDeviceByAccessToken returns the device matching the given access token.
func (d *Database) GetDeviceByAccessToken(token string) (*types.Device, error) {
// TODO: Actual implementation
return &types.Device{
UserID: token,
}, nil
}

13
src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
View file

@ -20,6 +20,7 @@ import (
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/matrix-org/dendrite/clientapi/auth/storage" "github.com/matrix-org/dendrite/clientapi/auth/storage"
"github.com/matrix-org/dendrite/clientapi/auth/types"
"github.com/matrix-org/dendrite/clientapi/config" "github.com/matrix-org/dendrite/clientapi/config"
"github.com/matrix-org/dendrite/clientapi/producers" "github.com/matrix-org/dendrite/clientapi/producers"
"github.com/matrix-org/dendrite/clientapi/readers" "github.com/matrix-org/dendrite/clientapi/readers"
@ -151,6 +152,18 @@ func Setup(servMux *http.ServeMux, httpClient *http.Client, cfg config.ClientAPI
servMux.Handle("/api/", http.StripPrefix("/api", apiMux)) servMux.Handle("/api/", http.StripPrefix("/api", apiMux))
} }
// make a util.JSONRequestHandler function into an http.Handler which checks the access token in the request.
func makeAuthAPI(metricsName string, deviceDB *devices.Database, f func(*http.Request, types.Device) util.JSONResponse) http.Handler {
h := util.NewJSONRequestHandler(func(req *http.Request) util.JSONResponse {
device, resErr := auth.VerifyAccessToken(req, deviceDB)
if resErr != nil {
return resErr
}
return f(req, device)
})
return prometheus.InstrumentHandler(metricsName, util.MakeJSONAPI(h))
}
// make a util.JSONRequestHandler function into an http.Handler. // make a util.JSONRequestHandler function into an http.Handler.
func makeAPI(metricsName string, f func(*http.Request) util.JSONResponse) http.Handler { func makeAPI(metricsName string, f func(*http.Request) util.JSONResponse) http.Handler {
h := util.NewJSONRequestHandler(f) h := util.NewJSONRequestHandler(f)