2024-01-15 04:54:43 +00:00
|
|
|
package s5
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2024-01-16 18:32:47 +00:00
|
|
|
"crypto/ed25519"
|
2024-01-16 16:31:33 +00:00
|
|
|
"crypto/rand"
|
|
|
|
"encoding/base64"
|
2024-01-16 07:01:18 +00:00
|
|
|
"encoding/hex"
|
2024-01-15 04:54:43 +00:00
|
|
|
"errors"
|
2024-01-16 21:16:37 +00:00
|
|
|
"fmt"
|
2024-01-15 04:54:43 +00:00
|
|
|
"git.lumeweb.com/LumeWeb/libs5-go/encoding"
|
2024-01-15 19:41:24 +00:00
|
|
|
"git.lumeweb.com/LumeWeb/libs5-go/types"
|
2024-01-16 07:01:18 +00:00
|
|
|
"git.lumeweb.com/LumeWeb/portal/db/models"
|
2024-01-15 04:54:43 +00:00
|
|
|
"git.lumeweb.com/LumeWeb/portal/interfaces"
|
2024-01-16 18:32:47 +00:00
|
|
|
emailverifier "github.com/AfterShip/email-verifier"
|
2024-01-15 04:54:43 +00:00
|
|
|
"go.sia.tech/jape"
|
|
|
|
"go.uber.org/zap"
|
|
|
|
"io"
|
|
|
|
"mime/multipart"
|
|
|
|
"net/http"
|
2024-01-15 13:29:09 +00:00
|
|
|
"strings"
|
2024-01-16 18:32:47 +00:00
|
|
|
"time"
|
2024-01-15 04:54:43 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2024-01-16 16:31:33 +00:00
|
|
|
errMultiformParse = "Error parsing multipart form"
|
|
|
|
errRetrievingFile = "Error retrieving the file"
|
|
|
|
errReadFile = "Error reading the file"
|
|
|
|
errClosingStream = "Error closing the stream"
|
|
|
|
errUploadingFile = "Error uploading the file"
|
|
|
|
errAccountGenerateChallenge = "Error generating challenge"
|
2024-01-16 18:32:47 +00:00
|
|
|
errAccountRegister = "Error registering account"
|
2024-01-16 18:51:03 +00:00
|
|
|
errAccountLogin = "Error logging in account"
|
2024-01-15 04:54:43 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2024-01-16 16:31:33 +00:00
|
|
|
errUploadingFileErr = errors.New(errUploadingFile)
|
|
|
|
errAccountGenerateChallengeErr = errors.New(errAccountGenerateChallenge)
|
2024-01-16 18:32:47 +00:00
|
|
|
errAccountRegisterErr = errors.New(errAccountRegister)
|
|
|
|
errInvalidChallengeErr = errors.New("Invalid challenge")
|
|
|
|
errInvalidSignatureErr = errors.New("Invalid signature")
|
|
|
|
errPubkeyNotSupported = errors.New("Only ed25519 keys are supported")
|
|
|
|
errInvalidEmail = errors.New("Invalid email")
|
|
|
|
errEmailAlreadyExists = errors.New("Email already exists")
|
|
|
|
errGeneratingPassword = errors.New("Error generating password")
|
|
|
|
errPubkeyAlreadyExists = errors.New("Pubkey already exists")
|
2024-01-16 21:05:28 +00:00
|
|
|
errPubkeyNotExist = errors.New("Pubkey does not exist")
|
2024-01-16 18:51:03 +00:00
|
|
|
errAccountLoginErr = errors.New(errAccountLogin)
|
2024-01-15 04:54:43 +00:00
|
|
|
)
|
|
|
|
|
2024-01-16 16:42:50 +00:00
|
|
|
type HttpHandler struct {
|
2024-01-16 18:32:47 +00:00
|
|
|
portal interfaces.Portal
|
|
|
|
verifier *emailverifier.Verifier
|
2024-01-15 04:54:43 +00:00
|
|
|
}
|
|
|
|
|
2024-01-16 16:42:50 +00:00
|
|
|
func NewHttpHandler(portal interfaces.Portal) *HttpHandler {
|
2024-01-16 18:32:47 +00:00
|
|
|
|
|
|
|
verifier := emailverifier.NewVerifier()
|
|
|
|
|
|
|
|
verifier.DisableSMTPCheck()
|
|
|
|
verifier.DisableGravatarCheck()
|
|
|
|
verifier.DisableDomainSuggest()
|
|
|
|
verifier.DisableAutoUpdateDisposable()
|
|
|
|
|
|
|
|
return &HttpHandler{
|
|
|
|
portal: portal,
|
|
|
|
verifier: verifier,
|
|
|
|
}
|
2024-01-15 04:54:43 +00:00
|
|
|
}
|
|
|
|
|
2024-01-16 16:42:50 +00:00
|
|
|
func (h *HttpHandler) SmallFileUpload(jc jape.Context) {
|
2024-01-15 20:16:48 +00:00
|
|
|
var rs io.ReadSeeker
|
|
|
|
var bufferSize int64
|
2024-01-15 04:54:43 +00:00
|
|
|
|
|
|
|
r := jc.Request
|
2024-01-15 13:29:09 +00:00
|
|
|
contentType := r.Header.Get("Content-Type")
|
|
|
|
|
|
|
|
if strings.HasPrefix(contentType, "multipart/form-data") {
|
2024-01-15 04:54:43 +00:00
|
|
|
// Parse the multipart form
|
|
|
|
err := r.ParseMultipartForm(h.portal.Config().GetInt64("core.post-upload-limit"))
|
|
|
|
|
|
|
|
if jc.Check(errMultiformParse, err) != nil {
|
|
|
|
h.portal.Logger().Error(errMultiformParse, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Retrieve the file from the form data
|
|
|
|
file, _, err := r.FormFile("file")
|
|
|
|
if jc.Check(errRetrievingFile, err) != nil {
|
|
|
|
h.portal.Logger().Error(errRetrievingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer func(file multipart.File) {
|
|
|
|
err := file.Close()
|
|
|
|
if err != nil {
|
|
|
|
h.portal.Logger().Error(errClosingStream, zap.Error(err))
|
|
|
|
}
|
|
|
|
}(file)
|
|
|
|
|
2024-01-15 20:16:48 +00:00
|
|
|
rs = file
|
2024-01-15 04:54:43 +00:00
|
|
|
} else {
|
2024-01-15 20:16:48 +00:00
|
|
|
data, err := io.ReadAll(r.Body)
|
2024-01-15 04:54:43 +00:00
|
|
|
if jc.Check(errReadFile, err) != nil {
|
|
|
|
h.portal.Logger().Error(errReadFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-15 20:16:48 +00:00
|
|
|
buffer := bytes.NewReader(data)
|
|
|
|
bufferSize = int64(buffer.Len())
|
|
|
|
rs = buffer
|
|
|
|
|
2024-01-15 04:54:43 +00:00
|
|
|
defer func(Body io.ReadCloser) {
|
|
|
|
err := Body.Close()
|
|
|
|
if err != nil {
|
|
|
|
h.portal.Logger().Error(errClosingStream, zap.Error(err))
|
|
|
|
}
|
|
|
|
}(r.Body)
|
|
|
|
}
|
|
|
|
|
2024-01-16 06:05:09 +00:00
|
|
|
hash, err := h.portal.Storage().GetHash(rs)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errUploadingFileErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errUploadingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if exists, upload := h.portal.Storage().FileExists(hash); exists {
|
|
|
|
cid, err := encoding.CIDFromHash(hash, upload.Size, types.CIDTypeRaw)
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errUploadingFileErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errUploadingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cidStr, err := cid.ToString()
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errUploadingFileErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errUploadingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
jc.Encode(map[string]string{"hash": cidStr})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
hash, err = h.portal.Storage().PutFile(rs, "s5", false)
|
2024-01-15 04:54:43 +00:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errUploadingFileErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errUploadingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-15 20:16:48 +00:00
|
|
|
cid, err := encoding.CIDFromHash(hash, uint64(bufferSize), types.CIDTypeRaw)
|
2024-01-15 04:54:43 +00:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errUploadingFileErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errUploadingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
cidStr, err := cid.ToString()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errUploadingFileErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errUploadingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 07:01:18 +00:00
|
|
|
tx := h.portal.Database().Create(&models.Upload{
|
|
|
|
Hash: hex.EncodeToString(hash),
|
|
|
|
Size: uint64(bufferSize),
|
|
|
|
Protocol: "s5",
|
|
|
|
UserID: 0,
|
|
|
|
})
|
|
|
|
|
|
|
|
if tx.Error != nil {
|
|
|
|
_ = jc.Error(errUploadingFileErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errUploadingFile, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 18:32:47 +00:00
|
|
|
jc.Encode(&SmallUploadResponse{
|
|
|
|
CID: cidStr,
|
|
|
|
})
|
2024-01-15 04:54:43 +00:00
|
|
|
}
|
2024-01-16 16:31:33 +00:00
|
|
|
|
2024-01-16 16:42:50 +00:00
|
|
|
func (h *HttpHandler) AccountRegisterChallenge(jc jape.Context) {
|
2024-01-16 16:31:33 +00:00
|
|
|
var pubkey string
|
|
|
|
if jc.DecodeForm("pubKey", &pubkey) != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
challenge := make([]byte, 32)
|
|
|
|
|
|
|
|
_, err := rand.Read(challenge)
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errAccountGenerateChallengeErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountGenerateChallenge, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedKey, err := base64.RawURLEncoding.DecodeString(pubkey)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errAccountGenerateChallengeErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountGenerateChallenge, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:22:48 +00:00
|
|
|
if len(decodedKey) != 33 && int(decodedKey[0]) != int(types.HashTypeEd25519) {
|
2024-01-16 16:31:33 +00:00
|
|
|
_ = jc.Error(errAccountGenerateChallengeErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountGenerateChallenge, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
result := h.portal.Database().Create(&models.S5Challenge{
|
2024-01-16 19:22:16 +00:00
|
|
|
Pubkey: pubkey,
|
2024-01-16 20:12:05 +00:00
|
|
|
Challenge: base64.RawURLEncoding.EncodeToString(challenge),
|
2024-01-16 18:51:03 +00:00
|
|
|
Type: "register",
|
2024-01-16 16:31:33 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
if result.Error != nil {
|
|
|
|
_ = jc.Error(errAccountGenerateChallengeErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountGenerateChallenge, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 18:32:47 +00:00
|
|
|
jc.Encode(&AccountRegisterChallengeResponse{
|
|
|
|
Challenge: base64.RawURLEncoding.EncodeToString(challenge),
|
|
|
|
})
|
2024-01-16 16:31:33 +00:00
|
|
|
}
|
|
|
|
|
2024-01-16 18:32:47 +00:00
|
|
|
func (h *HttpHandler) AccountRegister(jc jape.Context) {
|
|
|
|
var request AccountRegisterRequest
|
|
|
|
|
|
|
|
if jc.Decode(&request) != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
errored := func(err error) {
|
|
|
|
_ = jc.Error(errAccountRegisterErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountRegister, zap.Error(err))
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedKey, err := base64.RawURLEncoding.DecodeString(request.Pubkey)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:26:36 +00:00
|
|
|
if len(decodedKey) != 33 {
|
2024-01-16 18:32:47 +00:00
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var challenge models.S5Challenge
|
|
|
|
|
2024-01-16 18:51:03 +00:00
|
|
|
result := h.portal.Database().Model(&models.S5Challenge{}).Where(&models.S5Challenge{Pubkey: request.Pubkey, Type: "register"}).First(&challenge)
|
2024-01-16 18:32:47 +00:00
|
|
|
|
|
|
|
if result.RowsAffected == 0 || result.Error != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedResponse, err := base64.RawURLEncoding.DecodeString(request.Response)
|
|
|
|
|
|
|
|
if err != nil {
|
2024-01-16 20:26:57 +00:00
|
|
|
errored(errInvalidChallengeErr)
|
2024-01-16 18:32:47 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 19:32:53 +00:00
|
|
|
if len(decodedResponse) != 65 {
|
2024-01-16 20:26:57 +00:00
|
|
|
errored(errInvalidChallengeErr)
|
2024-01-16 18:32:47 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedChallenge, err := base64.RawURLEncoding.DecodeString(challenge.Challenge)
|
|
|
|
|
|
|
|
if err != nil {
|
2024-01-16 20:26:57 +00:00
|
|
|
errored(errInvalidChallengeErr)
|
2024-01-16 18:32:47 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 19:45:07 +00:00
|
|
|
if !bytes.Equal(decodedResponse[1:33], decodedChallenge) {
|
2024-01-16 18:32:47 +00:00
|
|
|
errored(errInvalidChallengeErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if int(decodedKey[0]) != int(types.HashTypeEd25519) {
|
|
|
|
errored(errPubkeyNotSupported)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedSignature, err := base64.RawURLEncoding.DecodeString(request.Signature)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:37:08 +00:00
|
|
|
if !ed25519.Verify(decodedKey[1:], decodedResponse, decodedSignature) {
|
2024-01-16 18:32:47 +00:00
|
|
|
errored(errInvalidSignatureErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 21:16:37 +00:00
|
|
|
if request.Email == "" {
|
|
|
|
request.Email = fmt.Sprintf("%s@%s", hex.EncodeToString(decodedKey[1:]), "example.com")
|
|
|
|
}
|
|
|
|
|
2024-01-16 18:32:47 +00:00
|
|
|
verify, _ := h.verifier.Verify(request.Email)
|
|
|
|
|
|
|
|
if !verify.Syntax.Valid {
|
|
|
|
errored(errInvalidEmail)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
accountExists, _ := h.portal.Accounts().EmailExists(request.Email)
|
|
|
|
|
|
|
|
if accountExists {
|
|
|
|
errored(errEmailAlreadyExists)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-17 13:47:58 +00:00
|
|
|
pubkeyExists, _ := h.portal.Accounts().PubkeyExists(hex.EncodeToString(decodedKey[1:]))
|
2024-01-16 18:32:47 +00:00
|
|
|
|
|
|
|
if pubkeyExists {
|
|
|
|
errored(errPubkeyAlreadyExists)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
passwd := make([]byte, 32)
|
|
|
|
|
|
|
|
_, err = rand.Read(passwd)
|
|
|
|
|
|
|
|
if accountExists {
|
|
|
|
errored(errGeneratingPassword)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
newAccount, err := h.portal.Accounts().CreateAccount(request.Email, string(passwd))
|
|
|
|
if err != nil {
|
|
|
|
errored(errAccountRegisterErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:30:00 +00:00
|
|
|
rawPubkey := hex.EncodeToString(decodedKey[1:])
|
|
|
|
|
|
|
|
err = h.portal.Accounts().AddPubkeyToAccount(*newAccount, rawPubkey)
|
2024-01-16 18:32:47 +00:00
|
|
|
if err != nil {
|
|
|
|
errored(errAccountRegisterErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:30:00 +00:00
|
|
|
jwt, err := h.portal.Accounts().LoginPubkey(rawPubkey)
|
2024-01-16 18:32:47 +00:00
|
|
|
if err != nil {
|
|
|
|
errored(errAccountRegisterErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:48:45 +00:00
|
|
|
result = h.portal.Database().Delete(&challenge)
|
|
|
|
|
|
|
|
if result.Error != nil {
|
|
|
|
errored(errAccountRegisterErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 18:38:10 +00:00
|
|
|
setAuthCookie(jwt, jc)
|
2024-01-16 16:31:33 +00:00
|
|
|
}
|
|
|
|
|
2024-01-16 18:32:47 +00:00
|
|
|
func (h *HttpHandler) AccountLoginChallenge(jc jape.Context) {
|
2024-01-16 18:51:03 +00:00
|
|
|
var pubkey string
|
|
|
|
if jc.DecodeForm("pubKey", &pubkey) != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
errored := func(err error) {
|
|
|
|
_ = jc.Error(errAccountLoginErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountLogin, zap.Error(err))
|
|
|
|
}
|
|
|
|
|
|
|
|
challenge := make([]byte, 32)
|
|
|
|
|
|
|
|
_, err := rand.Read(challenge)
|
|
|
|
if err != nil {
|
|
|
|
_ = jc.Error(errAccountGenerateChallengeErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountGenerateChallenge, zap.Error(err))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedKey, err := base64.RawURLEncoding.DecodeString(pubkey)
|
|
|
|
|
|
|
|
if err != nil {
|
2024-01-16 20:23:00 +00:00
|
|
|
errored(errAccountGenerateChallengeErr)
|
2024-01-16 18:51:03 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:22:48 +00:00
|
|
|
if len(decodedKey) != 33 && int(decodedKey[0]) != int(types.HashTypeEd25519) {
|
|
|
|
errored(errPubkeyNotSupported)
|
2024-01-16 18:51:03 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 21:05:28 +00:00
|
|
|
pubkeyExists, _ := h.portal.Accounts().PubkeyExists(hex.EncodeToString(decodedKey[1:]))
|
|
|
|
|
|
|
|
if pubkeyExists {
|
|
|
|
errored(errPubkeyNotExist)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 18:51:03 +00:00
|
|
|
result := h.portal.Database().Create(&models.S5Challenge{
|
2024-01-16 20:12:05 +00:00
|
|
|
Challenge: base64.RawURLEncoding.EncodeToString(challenge),
|
2024-01-16 18:51:03 +00:00
|
|
|
Type: "login",
|
|
|
|
})
|
|
|
|
|
|
|
|
if result.Error != nil {
|
2024-01-16 20:23:00 +00:00
|
|
|
errored(result.Error)
|
2024-01-16 18:51:03 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
jc.Encode(&AccountLoginChallengeResponse{
|
|
|
|
Challenge: base64.RawURLEncoding.EncodeToString(challenge),
|
|
|
|
})
|
2024-01-16 16:31:33 +00:00
|
|
|
}
|
|
|
|
|
2024-01-16 18:32:47 +00:00
|
|
|
func (h *HttpHandler) AccountLogin(jc jape.Context) {
|
2024-01-16 18:56:25 +00:00
|
|
|
var request AccountLoginRequest
|
|
|
|
|
|
|
|
if jc.Decode(&request) != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
errored := func(err error) {
|
|
|
|
_ = jc.Error(errAccountLoginErr, http.StatusInternalServerError)
|
|
|
|
h.portal.Logger().Error(errAccountLogin, zap.Error(err))
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedKey, err := base64.RawURLEncoding.DecodeString(request.Pubkey)
|
|
|
|
if err != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(decodedKey) != 32 {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var challenge models.S5Challenge
|
|
|
|
|
|
|
|
result := h.portal.Database().Model(&models.S5Challenge{}).Where(&models.S5Challenge{Pubkey: request.Pubkey, Type: "login"}).First(&challenge)
|
|
|
|
|
|
|
|
if result.RowsAffected == 0 || result.Error != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedResponse, err := base64.RawURLEncoding.DecodeString(request.Response)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 19:32:53 +00:00
|
|
|
if len(decodedResponse) != 65 {
|
2024-01-16 18:56:25 +00:00
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedChallenge, err := base64.RawURLEncoding.DecodeString(challenge.Challenge)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 19:45:07 +00:00
|
|
|
if !bytes.Equal(decodedResponse[1:33], decodedChallenge) {
|
2024-01-16 18:56:25 +00:00
|
|
|
errored(errInvalidChallengeErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if int(decodedKey[0]) != int(types.HashTypeEd25519) {
|
|
|
|
errored(errPubkeyNotSupported)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
decodedSignature, err := base64.RawURLEncoding.DecodeString(request.Signature)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
errored(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:37:08 +00:00
|
|
|
if !ed25519.Verify(decodedKey[1:], decodedResponse, decodedSignature) {
|
2024-01-16 18:56:25 +00:00
|
|
|
errored(errInvalidSignatureErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
jwt, err := h.portal.Accounts().LoginPubkey(request.Pubkey)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
errored(errAccountLoginErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 20:48:45 +00:00
|
|
|
result = h.portal.Database().Delete(&challenge)
|
|
|
|
|
|
|
|
if result.Error != nil {
|
|
|
|
errored(errAccountLoginErr)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-16 18:56:25 +00:00
|
|
|
setAuthCookie(jwt, jc)
|
2024-01-16 16:31:33 +00:00
|
|
|
}
|
2024-01-16 18:38:10 +00:00
|
|
|
|
|
|
|
func setAuthCookie(jwt string, jc jape.Context) {
|
|
|
|
authCookie := http.Cookie{
|
|
|
|
Name: "s5-auth-token",
|
|
|
|
Value: jwt,
|
|
|
|
Path: "/",
|
|
|
|
HttpOnly: true,
|
|
|
|
MaxAge: int(time.Hour.Seconds() * 24),
|
|
|
|
Secure: true,
|
|
|
|
}
|
|
|
|
|
|
|
|
http.SetCookie(jc.ResponseWriter, &authCookie)
|
|
|
|
}
|