telodendria/src/User.c

357 lines
7.7 KiB
C
Raw Normal View History

2023-01-07 15:51:56 +00:00
/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <User.h>
2023-01-09 19:22:09 +00:00
#include <Util.h>
#include <Memory.h>
#include <Str.h>
#include <Sha2.h>
#include <Json.h>
2023-01-07 15:51:56 +00:00
#include <string.h>
2023-01-07 16:15:11 +00:00
struct User
{
Db *db;
DbRef *ref;
2023-01-09 19:22:09 +00:00
char *name;
2023-01-07 16:15:11 +00:00
};
2023-01-07 15:51:56 +00:00
int
UserValidate(char *localpart, char *domain)
{
size_t maxLen = 255 - strlen(domain) - 1;
size_t i = 0;
while (localpart[i])
{
char c = localpart[i];
if (i > maxLen)
{
return 0;
}
if (!((c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') ||
(c == '.') || (c == '_') || (c == '=') || (c == '-') ||
(c == '/')))
{
return 0;
}
i++;
}
return 1;
}
int
UserHistoricalValidate(char *localpart, char *domain)
{
size_t maxLen = 255 - strlen(domain) - 1;
size_t i = 0;
while (localpart[i])
{
char c = localpart[i];
if (i > maxLen)
{
return 0;
}
if (!(c >= 0x21 && c <= 0x39) || (c >= 0x3B && c <= 0x7E))
{
return 0;
}
i++;
}
return 1;
}
int
UserExists(Db * db, char *name)
{
return DbExists(db, 2, "users", name);
}
2023-01-09 19:22:09 +00:00
User *
UserLock(Db * db, char *name)
{
User *user = NULL;
DbRef *ref = NULL;
if (!UserExists(db, name))
{
return NULL;
}
ref = DbLock(db, 2, "users", name);
user = Malloc(sizeof(User));
user->db = db;
user->ref = ref;
user->name = StrDuplicate(name);
return user;
}
int
UserUnlock(User * user)
{
2023-01-10 00:38:47 +00:00
int ret;
2023-01-09 19:22:09 +00:00
if (!user)
{
return 0;
}
2023-01-10 00:38:47 +00:00
2023-01-09 19:22:09 +00:00
Free(user->name);
2023-01-10 00:38:47 +00:00
ret = DbUnlock(user->db, user->ref);
2023-01-09 19:22:09 +00:00
Free(user);
2023-01-10 00:38:47 +00:00
return ret;
2023-01-09 19:22:09 +00:00
}
User *
UserCreate(Db * db, char *name, char *password)
{
User *user = NULL;
HashMap *json = NULL;
char *hash = NULL;
char *salt = NULL;
char *tmpstr = NULL;
unsigned long ts = UtilServerTs();
/* TODO: Put some sort of password policy(like for example at least
* 8 chars, or maybe check it's entropy)? */
if (!db || (name && UserExists(db, name)) || !password || !strlen(password))
{
/* User exists or cannot be registered, therefore, do NOT
* bother */
return NULL;
}
user = Malloc(sizeof(User));
user->db = db;
if (!name)
{
user->name = StrRandom(12);
}
else
{
user->name = StrDuplicate(name);
}
user->ref = DbCreate(db, 2, "users", user->name);
if (!user->ref)
{
/* The only scenario where I can see that occur is if for some
* strange reason, Db fails to create a file(e.g fs is full) */
Free(user->name);
Free(user);
return NULL;
}
json = DbJson(user->ref);
/* Generate stored password using a salt and SHA256 */
salt = StrRandom(16);
tmpstr = StrConcat(2, password, salt);
hash = Sha256(tmpstr);
Free(tmpstr);
HashMapSet(json, "salt", JsonValueString(salt));
2023-01-16 21:17:44 +00:00
HashMapSet(json, "password", JsonValueString(hash));
2023-01-09 19:22:09 +00:00
2023-01-16 21:17:44 +00:00
HashMapSet(json, "createdOn", JsonValueInteger(ts));
HashMapSet(json, "deactivated", JsonValueBoolean(0));
2023-01-09 19:22:09 +00:00
return user;
}
2023-01-16 21:17:44 +00:00
UserLoginInfo *
UserLogin(User * user, char *password, char *deviceId, char *deviceDisplayName,
int withRefresh)
2023-01-09 19:22:09 +00:00
{
2023-01-16 21:17:44 +00:00
DbRef *atRef;
DbRef *rtRef = NULL;
HashMap *devices;
HashMap *device;
UserLoginInfo *result;
if (!user || !password)
{
return NULL;
}
if (!UserCheckPassword(user, password))
{
return NULL;
}
result = Malloc(sizeof(UserLoginInfo));
if (!result)
{
return NULL;
}
result->refreshToken = NULL;
result->tokenLifetime = 0;
/* Generate an access token */
result->accessToken = StrRandom(64);
atRef = DbCreate(user->db, 3, "tokens", "access", result->accessToken);
HashMapSet(DbJson(atRef), "user", JsonValueString(StrDuplicate(user->name)));
if (withRefresh)
{
unsigned long ts = UtilServerTs();
result->tokenLifetime = 1000 * 60 * 60 * 24 * 7; /* 1 Week */
result->refreshToken = StrRandom(64);
rtRef = DbCreate(user->db, 3, "tokens", "refresh", result->refreshToken);
HashMapSet(DbJson(rtRef), "refreshes",
JsonValueString(StrDuplicate(result->accessToken)));
HashMapSet(DbJson(atRef), "expires", JsonValueInteger(ts + result->tokenLifetime));
DbUnlock(user->db, rtRef);
}
if (!deviceId)
{
result->deviceId = StrRandom(10);
}
else
{
result->deviceId = StrDuplicate(deviceId);
}
devices = JsonValueAsObject(HashMapGet(DbJson(user->ref), "devices"));
if (!devices)
{
devices = HashMapCreate();
HashMapSet(DbJson(user->ref), "devices", JsonValueObject(devices));
}
device = JsonValueAsObject(HashMapGet(devices, result->deviceId));
if (device)
{
JsonValue *val;
val = HashMapDelete(device, "accessToken");
if (val)
{
DbDelete(user->db, 3, "tokens", "access", JsonValueAsString(val));
JsonValueFree(val);
}
val = HashMapDelete(device, "refreshToken");
if (val)
{
DbDelete(user->db, 3, "tokens", "refresh", JsonValueAsString(val));
JsonValueFree(val);
}
}
else
{
device = HashMapCreate();
HashMapSet(devices, StrDuplicate(result->deviceId), JsonValueObject(device));
if (deviceDisplayName)
{
HashMapSet(device, "displayName",
JsonValueString(StrDuplicate(deviceDisplayName)));
}
}
if (result->refreshToken)
{
HashMapSet(device, "refreshToken",
JsonValueString(StrDuplicate(result->refreshToken)));
}
HashMapSet(device, "accessToken",
JsonValueString(StrDuplicate(result->accessToken)));
HashMapSet(DbJson(atRef), "device", JsonValueString(StrDuplicate(result->deviceId)));
DbUnlock(user->db, atRef);
return result;
2023-01-09 19:22:09 +00:00
}
char *
UserGetName(User * user)
{
return user ? user->name : NULL;
}
2023-01-16 21:17:44 +00:00
int
UserCheckPassword(User * user, char *password)
{
HashMap *json;
char *storedHash;
char *salt;
char *hashedPwd;
char *tmp;
int result;
if (!user || !password)
{
return 0;
}
json = DbJson(user->ref);
storedHash = JsonValueAsString(HashMapGet(json, "password"));
salt = JsonValueAsString(HashMapGet(json, "salt"));
if (!storedHash || !salt)
{
return 0;
}
tmp = StrConcat(2, password, salt);
hashedPwd = Sha256(tmp);
Free(tmp);
result = strcmp(hashedPwd, storedHash) == 0;
Free(hashedPwd);
return result;
}