Passport/pkg/security/challanges.go
2024-01-07 01:56:32 +08:00

83 lines
2.1 KiB
Go

package security
import (
"fmt"
"math"
"time"
"code.smartsheep.studio/hydrogen/passport/pkg/database"
"code.smartsheep.studio/hydrogen/passport/pkg/models"
"github.com/samber/lo"
"gorm.io/datatypes"
)
func NewChallenge(account models.Account, factors []models.AuthFactor, ip, ua string) (models.AuthChallenge, error) {
risk := 3
var challenge models.AuthChallenge
// Pickup any challenge if possible
if err := database.C.Where(models.AuthChallenge{
AccountID: account.ID,
State: models.ActiveChallengeState,
}).First(&challenge).Error; err == nil {
return challenge, nil
}
// Reduce the risk level
var secureFactor int64
if err := database.C.Where(models.AuthChallenge{
AccountID: account.ID,
IpAddress: ip,
}).Model(models.AuthChallenge{}).Count(&secureFactor).Error; err != nil {
return challenge, err
}
if secureFactor >= 3 {
risk -= 2
} else if secureFactor >= 1 {
risk -= 1
}
// Thinking of the requirements factors
requirements := int(math.Max(float64(len(factors)), math.Min(float64(risk), 1)))
challenge = models.AuthChallenge{
IpAddress: ip,
UserAgent: ua,
RiskLevel: risk,
Requirements: requirements,
BlacklistFactors: datatypes.NewJSONType([]uint{}),
State: models.ActiveChallengeState,
ExpiredAt: time.Now().Add(2 * time.Hour),
AccountID: account.ID,
}
err := database.C.Save(&challenge).Error
return challenge, err
}
func DoChallenge(challenge models.AuthChallenge, factor models.AuthFactor, code string) error {
if err := challenge.IsAvailable(); err != nil {
return err
}
if challenge.Progress >= challenge.Requirements {
return fmt.Errorf("challenge already passed")
}
blacklist := challenge.BlacklistFactors.Data()
if lo.Contains(blacklist, factor.ID) {
return fmt.Errorf("factor in blacklist, please change another factor to challenge")
}
if err := VerifyFactor(factor, code); err != nil {
return err
}
challenge.Progress++
challenge.BlacklistFactors = datatypes.NewJSONType(append(blacklist, factor.ID))
if err := database.C.Save(&challenge).Error; err != nil {
return err
}
return nil
}