Auth config to limit auth steps

This commit is contained in:
LittleSheep 2024-10-13 01:45:08 +08:00
parent 0f18c6ff16
commit 9287e6c5cc
6 changed files with 60 additions and 9 deletions

9
.idea/workspace.xml generated
View File

@ -4,7 +4,14 @@
<option name="autoReloadType" value="ALL" /> <option name="autoReloadType" value="ALL" />
</component> </component>
<component name="ChangeListManager"> <component name="ChangeListManager">
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Account deletion" /> <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Account deletion">
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/internal/models/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/accounts.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/internal/models/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/auth.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/index.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/preferences_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/preferences_api.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/internal/services/ticket.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/ticket.go" afterDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" /> <option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" /> <option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" /> <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />

View File

@ -20,6 +20,7 @@ type Account struct {
ConfirmedAt *time.Time `json:"confirmed_at"` ConfirmedAt *time.Time `json:"confirmed_at"`
SuspendedAt *time.Time `json:"suspended_at"` SuspendedAt *time.Time `json:"suspended_at"`
PermNodes datatypes.JSONMap `json:"perm_nodes"` PermNodes datatypes.JSONMap `json:"perm_nodes"`
AuthConfig datatypes.JSONType[AuthConfig] `json:"auth_config"`
AutomatedBy *Account `json:"automated_by" gorm:"foreignKey:AutomatedID"` AutomatedBy *Account `json:"automated_by" gorm:"foreignKey:AutomatedID"`
AutomatedID *uint `json:"automated_id"` AutomatedID *uint `json:"automated_id"`

View File

@ -7,6 +7,10 @@ import (
"gorm.io/datatypes" "gorm.io/datatypes"
) )
type AuthConfig struct {
MaximumAuthSteps int `json:"maximum_auth_steps" validate:"required,min=1"`
}
type AuthFactorType = int8 type AuthFactorType = int8
const ( const (

View File

@ -26,6 +26,8 @@ func MapAPIs(app *fiber.App, baseURL string) {
preferences := api.Group("/preferences").Name("Preferences API") preferences := api.Group("/preferences").Name("Preferences API")
{ {
preferences.Get("/auth", getAuthConfig)
preferences.Put("/auth", updateAuthConfig)
preferences.Get("/notifications", getNotificationPreference) preferences.Get("/notifications", getNotificationPreference)
preferences.Put("/notifications", updateNotificationPreference) preferences.Put("/notifications", updateNotificationPreference)
} }

View File

@ -1,12 +1,45 @@
package api package api
import ( import (
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
"git.solsynth.dev/hydrogen/passport/pkg/internal/models" "git.solsynth.dev/hydrogen/passport/pkg/internal/models"
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts" "git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
"git.solsynth.dev/hydrogen/passport/pkg/internal/services" "git.solsynth.dev/hydrogen/passport/pkg/internal/services"
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
"gorm.io/datatypes"
) )
func getAuthConfig(c *fiber.Ctx) error {
if err := exts.EnsureAuthenticated(c); err != nil {
return err
}
user := c.Locals("user").(models.Account)
return c.JSON(user.AuthConfig)
}
func updateAuthConfig(c *fiber.Ctx) error {
if err := exts.EnsureAuthenticated(c); err != nil {
return err
}
user := c.Locals("user").(models.Account)
var data models.AuthConfig
if err := exts.BindAndValidate(c, &data); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
user.AuthConfig = datatypes.NewJSONType(data)
if err := database.C.Save(&user).Error; err != nil {
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
} else {
services.InvalidAuthCacheWithUser(user.ID)
}
return c.JSON(user.AuthConfig)
}
func getNotificationPreference(c *fiber.Ctx) error { func getNotificationPreference(c *fiber.Ctx) error {
if err := exts.EnsureAuthenticated(c); err != nil { if err := exts.EnsureAuthenticated(c); err != nil {
return err return err

View File

@ -54,7 +54,11 @@ func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
if count := CountUserFactor(user.ID); count <= 0 { if count := CountUserFactor(user.ID); count <= 0 {
return ticket, fmt.Errorf("specified user didn't enable sign in") return ticket, fmt.Errorf("specified user didn't enable sign in")
} else { } else {
cfg := user.AuthConfig.Data()
steps = min(steps, int(count)) steps = min(steps, int(count))
if cfg.MaximumAuthSteps >= 1 {
steps = min(steps, cfg.MaximumAuthSteps)
}
} }
ticket = models.AuthTicket{ ticket = models.AuthTicket{