Hypernet/Passport
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
769ce23897
Passport/pkg/server/challanges_api.go
LittleSheep 2a32c8b2f6 Better Dashboard
2024-01-30 17:57:23 +08:00

143 lines
3.8 KiB
Go
Raw Blame History

package server
import (
"github.com/gofiber/fiber/v2"
"time"
"code.smartsheep.studio/hydrogen/passport/pkg/security"
"code.smartsheep.studio/hydrogen/passport/pkg/services"
"github.com/samber/lo"
)
func startChallenge(c *fiber.Ctx) error {
var data struct {
ID string `json:"id"`
}
if err := BindAndValidate(c, &data); err != nil {
return err
}
user, err := services.LookupAccount(data.ID)
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
factors, err := services.LookupFactorsByUser(user.ID)
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
challenge, err := security.NewChallenge(user, factors, c.IP(), c.Get(fiber.HeaderUserAgent))
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
services.AddEvent(user, "challenges.start", data.ID, c.IP(), c.Get(fiber.HeaderUserAgent))
return c.JSON(fiber.Map{
"display_name": user.Nick,
"challenge": challenge,
"factors": factors,
})
}
func doChallenge(c *fiber.Ctx) error {
var data struct {
ChallengeID uint `json:"challenge_id"`
FactorID uint `json:"factor_id"`
Secret string `json:"secret"`
}
if err := BindAndValidate(c, &data); err != nil {
return err
}
challenge, err := services.LookupChallengeWithFingerprint(data.ChallengeID, c.IP(), c.Get(fiber.HeaderUserAgent))
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
factor, err := services.LookupFactor(data.FactorID)
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
if err := security.DoChallenge(challenge, factor, data.Secret); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
challenge, err = services.LookupChallenge(data.ChallengeID)
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
} else if challenge.Progress >= challenge.Requirements {
session, err := security.GrantSession(challenge, []string{"*"}, []string{"Hydrogen.Passport"}, nil, lo.ToPtr(time.Now()))
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.JSON(fiber.Map{
"is_finished": true,
"challenge": challenge,
"session": session,
})
}
return c.JSON(fiber.Map{
"is_finished": false,
"challenge": challenge,
"session": nil,
})
}
func exchangeToken(c *fiber.Ctx) error {
var data struct {
Code string `json:"code" form:"code"`
RefreshToken string `json:"refresh_token" form:"refresh_token"`
ClientID string `json:"client_id" form:"client_id"`
ClientSecret string `json:"client_secret" form:"client_secret"`
RedirectUri string `json:"redirect_uri" form:"redirect_uri"`
GrantType string `json:"grant_type" form:"grant_type"`
}
if err := BindAndValidate(c, &data); err != nil {
return err
}
switch data.GrantType {
case "authorization_code":
// Authorization Code Mode
access, refresh, err := security.ExchangeOauthToken(data.ClientID, data.ClientSecret, data.RedirectUri, data.Code)
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.JSON(fiber.Map{
"access_token": access,
"refresh_token": refresh,
})
case "grant_token":
// Internal Usage
access, refresh, err := security.ExchangeToken(data.Code)
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.JSON(fiber.Map{
"access_token": access,
"refresh_token": refresh,
})
case "refresh_token":
// Refresh Token
access, refresh, err := security.RefreshToken(data.RefreshToken)
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.JSON(fiber.Map{
"access_token": access,
"refresh_token": refresh,
})
default:
return fiber.NewError(fiber.StatusBadRequest, "unsupported exchange token type")
}
}
Reference in New Issue View Git Blame Copy Permalink