2023-03-14 00:37:24 +00:00
|
|
|
/*
|
2024-01-05 00:32:03 +00:00
|
|
|
* Copyright (C) 2022-2024 Jordan Bancino <@jordan:bancino.net>
|
2023-03-14 00:37:24 +00:00
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person
|
|
|
|
* obtaining a copy of this software and associated documentation files
|
|
|
|
* (the "Software"), to deal in the Software without restriction,
|
|
|
|
* including without limitation the rights to use, copy, modify, merge,
|
|
|
|
* publish, distribute, sublicense, and/or sell copies of the Software,
|
|
|
|
* and to permit persons to whom the Software is furnished to do so,
|
|
|
|
* subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
* included in all copies or portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
* SOFTWARE.
|
|
|
|
*/
|
|
|
|
#include <RegToken.h>
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
|
Use `Makefile`s instead of a custom script (#38)
This pull request also requires the use of the external [Cytoplasm](/Telodendria/Cytoplasm) repository by removing the in-tree copy of Cytoplasm. The increased modularity requires a little more complex build process, but is overall better. Closes #19
The appropriate documentation has been updated. Closes #18
---
Please review the developer certificate of origin:
1. The contribution was created in whole or in part by me, and I have
the right to submit it under the open source licenses of the
Telodendria project; or
1. The contribution is based upon a previous work that, to the best of
my knowledge, is covered under an appropriate open source license and
I have the right under that license to submit that work with
modifications, whether created in whole or in part by me, under the
Telodendria project license; or
1. The contribution was provided directly to me by some other person
who certified (1), (2), or (3), and I have not modified it.
1. I understand and agree that this project and the contribution are
made public and that a record of the contribution—including all
personal information I submit with it—is maintained indefinitely
and may be redistributed consistent with this project or the open
source licenses involved.
- [x] I have read the Telodendria Project development certificate of
origin, and I certify that I have permission to submit this patch
under the conditions specified in it.
Reviewed-on: https://git.telodendria.io/Telodendria/Telodendria/pulls/38
2023-11-01 16:27:45 +00:00
|
|
|
#include <Cytoplasm/Memory.h>
|
|
|
|
#include <Cytoplasm/Json.h>
|
|
|
|
#include <Cytoplasm/Util.h>
|
|
|
|
#include <Cytoplasm/Str.h>
|
|
|
|
#include <Cytoplasm/Int64.h>
|
2023-11-10 14:30:53 +00:00
|
|
|
#include <Cytoplasm/Log.h>
|
|
|
|
|
|
|
|
#include <User.h>
|
2023-03-14 00:37:24 +00:00
|
|
|
|
|
|
|
int
|
|
|
|
RegTokenValid(RegTokenInfo * token)
|
|
|
|
{
|
|
|
|
HashMap *tokenJson;
|
2023-08-13 03:11:40 +00:00
|
|
|
Int64 uses, used;
|
2023-03-14 00:37:24 +00:00
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
UInt64 expiration;
|
2023-03-14 00:37:24 +00:00
|
|
|
|
|
|
|
if (!token || !RegTokenExists(token->db, token->name))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
tokenJson = DbJson(token->ref);
|
|
|
|
uses = JsonValueAsInteger(HashMapGet(tokenJson, "uses"));
|
|
|
|
used = JsonValueAsInteger(HashMapGet(tokenJson, "used"));
|
|
|
|
expiration = JsonValueAsInteger(HashMapGet(tokenJson, "expires_on"));
|
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
return (UInt64Eq(expiration, UInt64Create(0, 0)) ||
|
|
|
|
UInt64Geq(UtilServerTs(), expiration)) &&
|
|
|
|
(Int64Eq(uses, Int64Neg(Int64Create(0, 1))) || Int64Lt(used, uses));
|
2023-03-14 00:37:24 +00:00
|
|
|
}
|
|
|
|
void
|
|
|
|
RegTokenUse(RegTokenInfo * token)
|
|
|
|
{
|
|
|
|
HashMap *tokenJson;
|
|
|
|
|
|
|
|
if (!token || !RegTokenExists(token->db, token->name))
|
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
if (Int64Geq(token->uses, Int64Create(0, 0)) &&
|
|
|
|
Int64Geq(token->used, token->uses))
|
2023-03-14 00:37:24 +00:00
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
token->used = Int64Add(token->used, Int64Create(0, 1));
|
2023-03-14 00:37:24 +00:00
|
|
|
|
|
|
|
/* Write the information to the hashmap */
|
|
|
|
tokenJson = DbJson(token->ref);
|
|
|
|
JsonValueFree(HashMapSet(tokenJson, "used", JsonValueInteger(token->used)));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
RegTokenExists(Db * db, char *token)
|
|
|
|
{
|
|
|
|
if (!token || !db)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return DbExists(db, 3, "tokens", "registration", token);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
RegTokenDelete(RegTokenInfo * token)
|
|
|
|
{
|
|
|
|
if (!token || !RegTokenClose(token))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (!DbDelete(token->db, 3, "tokens", "registration", token->name))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2023-11-10 14:30:53 +00:00
|
|
|
RegTokenInfoFree(token);
|
2023-03-14 00:37:24 +00:00
|
|
|
Free(token);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
RegTokenInfo *
|
|
|
|
RegTokenGetInfo(Db * db, char *token)
|
|
|
|
{
|
|
|
|
RegTokenInfo *ret;
|
|
|
|
|
|
|
|
DbRef *tokenRef;
|
|
|
|
HashMap *tokenJson;
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
char *errp = NULL;
|
|
|
|
|
2023-03-14 00:37:24 +00:00
|
|
|
if (!RegTokenExists(db, token))
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
tokenRef = DbLock(db, 3, "tokens", "registration", token);
|
|
|
|
if (!tokenRef)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
tokenJson = DbJson(tokenRef);
|
|
|
|
ret = Malloc(sizeof(RegTokenInfo));
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
if (!RegTokenInfoFromJson(tokenJson, ret, &errp))
|
|
|
|
{
|
|
|
|
Log(LOG_ERR, "RegTokenGetInfo(): Database decoding error: %s", errp);
|
|
|
|
RegTokenFree(ret);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2023-03-14 00:37:24 +00:00
|
|
|
ret->db = db;
|
|
|
|
ret->ref = tokenRef;
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2023-11-10 14:30:53 +00:00
|
|
|
RegTokenFree(RegTokenInfo *tokeninfo)
|
2023-03-14 00:37:24 +00:00
|
|
|
{
|
|
|
|
if (tokeninfo)
|
|
|
|
{
|
2023-11-10 14:30:53 +00:00
|
|
|
RegTokenInfoFree(tokeninfo);
|
2023-03-14 00:37:24 +00:00
|
|
|
Free(tokeninfo);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
int
|
|
|
|
RegTokenClose(RegTokenInfo * tokeninfo)
|
|
|
|
{
|
2023-11-10 14:30:53 +00:00
|
|
|
HashMap *json;
|
|
|
|
|
2023-03-14 00:37:24 +00:00
|
|
|
if (!tokeninfo)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2023-11-10 14:30:53 +00:00
|
|
|
/* Write object to database. */
|
|
|
|
json = RegTokenInfoToJson(tokeninfo);
|
|
|
|
DbJsonSet(tokeninfo->ref, json); /* Copies json into internal structure. */
|
|
|
|
JsonFree(json);
|
|
|
|
|
2023-03-14 00:37:24 +00:00
|
|
|
return DbUnlock(tokeninfo->db, tokeninfo->ref);
|
|
|
|
}
|
|
|
|
static int
|
|
|
|
RegTokenVerify(char *token)
|
|
|
|
{
|
|
|
|
size_t i, size;
|
|
|
|
char c;
|
|
|
|
|
|
|
|
if (!token)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
/* The spec says the following: "The token required for this
|
|
|
|
* authentication [...] is an opaque string with maximum length of
|
|
|
|
* 64 characters in the range [A-Za-z0-9._~-]." */
|
|
|
|
if ((size = strlen(token)) > 64)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
for (i = 0; i < size; i++)
|
|
|
|
{
|
|
|
|
c = token[i];
|
|
|
|
if (!(isalnum(c) || c == '0' || c == '_' || c == '~' || c == '-'))
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
RegTokenInfo *
|
2023-08-13 03:11:40 +00:00
|
|
|
RegTokenCreate(Db * db, char *name, char *owner, UInt64 expires, Int64 uses, int privileges)
|
2023-03-14 00:37:24 +00:00
|
|
|
{
|
|
|
|
RegTokenInfo *ret;
|
|
|
|
|
2023-08-13 03:11:40 +00:00
|
|
|
UInt64 timestamp = UtilServerTs();
|
2023-03-14 00:37:24 +00:00
|
|
|
|
2023-04-19 00:33:38 +00:00
|
|
|
if (!db || !name)
|
2023-03-14 00:37:24 +00:00
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2023-03-16 12:29:38 +00:00
|
|
|
/* -1 indicates infinite uses; zero and all positive values are a
|
|
|
|
* valid number of uses; althought zero would be rather useless.
|
|
|
|
* Anything less than -1 doesn't make sense. */
|
2023-08-13 03:11:40 +00:00
|
|
|
if (Int64Lt(uses, Int64Neg(Int64Create(0, 1))))
|
2023-03-14 00:37:24 +00:00
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Verify the token */
|
2023-08-13 03:11:40 +00:00
|
|
|
if (!RegTokenVerify(name) || (UInt64Gt(expires, UInt64Create(0, 0)) && UInt64Lt(expires, timestamp)))
|
2023-03-14 00:37:24 +00:00
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
ret = Malloc(sizeof(RegTokenInfo));
|
|
|
|
/* Set the token's properties */
|
|
|
|
ret->db = db;
|
|
|
|
ret->ref = DbCreate(db, 3, "tokens", "registration", name);
|
|
|
|
if (!ret->ref)
|
|
|
|
{
|
|
|
|
/* RegToken already exists or some weird fs error */
|
|
|
|
Free(ret);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
ret->name = StrDuplicate(name);
|
2023-11-10 14:30:53 +00:00
|
|
|
ret->created_by = StrDuplicate(owner);
|
2023-08-13 03:11:40 +00:00
|
|
|
ret->used = Int64Create(0, 0);
|
2023-03-14 00:37:24 +00:00
|
|
|
ret->uses = uses;
|
2023-11-10 14:30:53 +00:00
|
|
|
ret->created_on = timestamp;
|
|
|
|
ret->expires_on = expires;
|
|
|
|
ret->grants = UserEncodePrivileges(privileges);
|
2023-03-14 00:37:24 +00:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|