forked from lda/telodendria
Document Uia API.
This commit is contained in:
parent
17734c90e8
commit
04bf8ca1a1
4 changed files with 128 additions and 5 deletions
4
TODO.txt
4
TODO.txt
|
@ -22,11 +22,11 @@ Milestone: v0.2.0
|
||||||
[x] User login
|
[x] User login
|
||||||
[x] Logout all
|
[x] Logout all
|
||||||
|
|
||||||
[~] Documentation
|
[x] Documentation
|
||||||
[x] User functions
|
[x] User functions
|
||||||
[x] Json functions
|
[x] Json functions
|
||||||
[x] Db functions
|
[x] Db functions
|
||||||
[ ] Uia (move docs from Matrix)
|
[x] Uia (move docs from Matrix)
|
||||||
|
|
||||||
[x] Convert proposals to man pages
|
[x] Convert proposals to man pages
|
||||||
|
|
||||||
|
|
123
man/man3/Uia.3
Normal file
123
man/man3/Uia.3
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
.Dd $Mdocdate: March 7 2023 $
|
||||||
|
.Dt UIA 3
|
||||||
|
.Os Telodendria Project
|
||||||
|
.Sh NAME
|
||||||
|
.Nm Uia
|
||||||
|
.Nd User Interactive Authentication API.
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.In Uia.h
|
||||||
|
.Ft UiaStage *
|
||||||
|
.Fn UiaStageBuild "char *" "HashMap *"
|
||||||
|
.Ft Array *
|
||||||
|
.Fn UiaDummyFlow "void"
|
||||||
|
.Ft void
|
||||||
|
.Fn UiaCleanup "MatrixHttpHandlerArgs *"
|
||||||
|
.Ft int
|
||||||
|
.Fn UiaComplete "Array *" "HttpServerContext *" "Db *" "HashMap *" "HashMap **" "TelodendriaConfig *"
|
||||||
|
.Ft void
|
||||||
|
.Fn UiaFlowsFree "Array *"
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
.Nm
|
||||||
|
takes care of all the logic for performing user interactive
|
||||||
|
authentication as defined by the Matrix specification. API endpoints
|
||||||
|
that require authentication via user interactive authentication
|
||||||
|
build up flows and any necessary parameters, and pass them into
|
||||||
|
.Fn UiaComplete ,
|
||||||
|
which validates
|
||||||
|
.Dv auth
|
||||||
|
objects and maintains session state to track the progress of a
|
||||||
|
client through the user interactive authentication flows. The idea
|
||||||
|
is that an API endpoint will not progress until user interactive
|
||||||
|
authentication has succeeded.
|
||||||
|
.Nm
|
||||||
|
makes it easy for the numerous API endpoints that utilize this
|
||||||
|
authentication mechanism to implement it.
|
||||||
|
.Pp
|
||||||
|
.Fn UiaStageBuild
|
||||||
|
builds a single stage. A stage consists of a string identifying its
|
||||||
|
type, which is used to instruct the client as to what should be
|
||||||
|
done, and parameters, which is a JSON object that contains
|
||||||
|
implementation-specific parameters for completing the stage. This
|
||||||
|
function takes those two parameters in that order.
|
||||||
|
.Pp
|
||||||
|
.Fn UiaDummyFlow
|
||||||
|
builds a flow that consists only of a dummy stage. This is useful
|
||||||
|
when an endpoint is required to use user interactive authentication,
|
||||||
|
but doesn't actually want to require the user to do anything. Since
|
||||||
|
the dummy flow is a pretty common flow, it seemed sensible to have
|
||||||
|
a function for it. Other flows are built by the caller that wishes
|
||||||
|
to perform user interactive authentication.
|
||||||
|
.Pp
|
||||||
|
.Fn UiaCleanup
|
||||||
|
should be called periodically to purge old sessions. Session are
|
||||||
|
only valid for a few minutes after their last access. After that, they
|
||||||
|
should be purged so the database doesn't fill up with session files.
|
||||||
|
This function is specifically designed to be called via
|
||||||
|
.Xr Cron 3 .
|
||||||
|
.Pp
|
||||||
|
.Fn UiaComplete
|
||||||
|
does the bulk of the work for user interactive authentication. It
|
||||||
|
takes many paramters:
|
||||||
|
.Bl -bullet
|
||||||
|
.It
|
||||||
|
An array of arrays of stages. Stages should be created with
|
||||||
|
.Fn UiaStageBuild ,
|
||||||
|
and then put into an array to create a flow. Those flows should then
|
||||||
|
be put into an array and passed as this paramter. Do note that
|
||||||
|
because of the loose typing of Telodendria's Array API, it is very
|
||||||
|
easy to make mistakes here; if you are implementing a new route that
|
||||||
|
requires user interactive authentication, then refer to an existing
|
||||||
|
route so you can see how it works.
|
||||||
|
.It
|
||||||
|
An HTTP server context. This is required to set the response headers
|
||||||
|
in the event of an error.
|
||||||
|
.It
|
||||||
|
The database where user interactive authentication sessons are
|
||||||
|
persisted.
|
||||||
|
.It
|
||||||
|
The JSON request body that contains the client's
|
||||||
|
.Dv auth
|
||||||
|
object, which will be read, parsed, and handled as appropriate.
|
||||||
|
.It
|
||||||
|
A pointer to a pointer where a JSON response can be placed if
|
||||||
|
necessary. If
|
||||||
|
.Fn UiaComplete
|
||||||
|
encounters a client error, such as a failure to authenticate, or
|
||||||
|
outstanding stages that have not been completed, it will place a
|
||||||
|
JSON response here that is expected to be returned to the client.
|
||||||
|
This response will include a description of all the flows, stages,
|
||||||
|
and their parameters.
|
||||||
|
.It
|
||||||
|
A valid Telodendria configuration structure, because a few values
|
||||||
|
are read from the configuration during certain stages of the
|
||||||
|
authentication.
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
|
.Fn UiaFlowsFree
|
||||||
|
frees an array of flows, as described above. Even though the
|
||||||
|
caller constructs this array, it is convenient to free it in its
|
||||||
|
entirety in a single function call.
|
||||||
|
.Sh RETURN VALUES
|
||||||
|
.Pp
|
||||||
|
.Fn UiaStageBuild
|
||||||
|
returns an opaque structure that represents a user interactive
|
||||||
|
authentication stage, and any parameters the client needs to complete
|
||||||
|
it. It may return NULL if there is an error allocating memory.
|
||||||
|
.Pp
|
||||||
|
.Fn UiaDummyFlow
|
||||||
|
returns an array that represents a dummy authentication flow, or
|
||||||
|
NULL if it could not allocate memory for it.
|
||||||
|
.Pp
|
||||||
|
.Fn UiaComplete
|
||||||
|
returns an integer less than zero if it experiences an internal
|
||||||
|
failure, such as a failure to allocate memory, or a corrupted
|
||||||
|
database. It returns 0 if the client has remaining stages to
|
||||||
|
complete. In this case, it will have set the response headers
|
||||||
|
and the passed response pointer, so the caller should immediately
|
||||||
|
return the response to the client. This function returns 1 if the
|
||||||
|
user has successfully completed all stages. Only in this case shall
|
||||||
|
the caller proceed with its logic.
|
||||||
|
.Sh SEE ALSO
|
||||||
|
.Xr User 3 ,
|
||||||
|
.Xr Db 3 ,
|
||||||
|
.Xr Cron 3
|
|
@ -181,13 +181,13 @@ UiaDummyFlow(void)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
ArrayAdd(response, UiaBuildStage("m.login.dummy", NULL));
|
ArrayAdd(response, UiaStageBuild("m.login.dummy", NULL));
|
||||||
|
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
UiaStage *
|
UiaStage *
|
||||||
UiaBuildStage(char *type, HashMap * params)
|
UiaStageBuild(char *type, HashMap * params)
|
||||||
{
|
{
|
||||||
UiaStage *stage = Malloc(sizeof(UiaStage));
|
UiaStage *stage = Malloc(sizeof(UiaStage));
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
typedef struct UiaStage UiaStage;
|
typedef struct UiaStage UiaStage;
|
||||||
|
|
||||||
extern UiaStage *
|
extern UiaStage *
|
||||||
UiaBuildStage(char *, HashMap *);
|
UiaStageBuild(char *, HashMap *);
|
||||||
|
|
||||||
extern Array *
|
extern Array *
|
||||||
UiaDummyFlow(void);
|
UiaDummyFlow(void);
|
||||||
|
|
Loading…
Reference in a new issue