go-pkg/ident/source/mercury.go
2024-04-19 10:56:27 -06:00

276 lines
5.9 KiB
Go

package source
import (
"context"
"fmt"
"net/http"
"strings"
"time"
"go.sour.is/pkg/ident"
"go.sour.is/pkg/lg"
"go.sour.is/pkg/mercury"
)
const identNS = "ident."
const identSFX = ".credentials"
type registry interface {
GetIndex(ctx context.Context, search mercury.Search) (c mercury.Config, err error)
GetConfig(ctx context.Context, search mercury.Search) (mercury.Config, error)
WriteConfig(ctx context.Context, spaces mercury.Config) error
}
type mercuryIdent struct {
identity string
display string
passwd []byte
ed25519 []byte
ident.SessionInfo
}
func (id *mercuryIdent) Identity() string { return id.identity }
func (id *mercuryIdent) DisplayName() string { return id.display }
func (id *mercuryIdent) Space() string { return identNS + "@" + id.identity }
func (id *mercuryIdent) FromConfig(cfg mercury.Config) error {
if id == nil {
return fmt.Errorf("nil ident")
}
for _, s := range cfg {
if !strings.HasPrefix(s.Space, identNS) {
continue
}
if id.identity == "" {
_, id.identity, _ = strings.Cut(s.Space, ".@")
id.identity, _, _ = strings.Cut(id.identity, ".")
}
switch {
case strings.HasSuffix(s.Space, ".credentials"):
id.passwd = []byte(s.FirstValue("passwd").First())
id.ed25519 = []byte(s.FirstValue("ed25519").First())
default:
id.display = s.FirstValue("displayName").First()
}
}
return nil
}
func (id *mercuryIdent) ToConfig() mercury.Config {
space := id.Space()
list := func(values ...mercury.Value) []mercury.Value { return values }
value := func(space string, seq uint64, name string, values ...string) mercury.Value {
return mercury.Value{
Space: space,
Seq: seq,
Name: name,
Values: values,
}
}
return mercury.Config{
&mercury.Space{
Space: space,
List: list(
value(space, 1, "displayName", id.display),
value(space, 2, "lastLogin", time.UnixMilli(int64(id.Session().SessionID.Time())).Format(time.RFC3339)),
),
},
&mercury.Space{
Space: space + identSFX,
List: list(
value(space+identSFX, 1, "passwd", string(id.passwd)),
value(space+identSFX, 1, "ed25519", string(id.ed25519)),
),
},
}
}
func (id *mercuryIdent) String() string {
return "id: " + id.identity + " sp: " + id.Space() + " dn: " + id.display // + " ps: " + string(id.passwd)
}
func (id *mercuryIdent) HasRole(r ...string) bool {
return false
}
type mercurySource struct {
r registry
idm *ident.IDM
}
func NewMercury(r registry, pwd *ident.IDM) *mercurySource {
return &mercurySource{r, pwd}
}
func (s *mercurySource) ReadIdent(r *http.Request) (ident.Ident, error) {
if id, err := s.readIdentBasic(r); id != nil {
return id, err
}
if id, err := s.readIdentURL(r); id != nil {
return id, err
}
if id, err := s.readIdentHTTP(r); id != nil {
return id, err
}
return nil, fmt.Errorf("no auth")
}
func (s *mercurySource) readIdentURL(r *http.Request) (ident.Ident, error) {
ctx, span := lg.Span(r.Context())
defer span.End()
pass, ok := r.URL.User.Password()
if !ok {
return nil, nil
}
id := &mercuryIdent{
identity: r.URL.User.Username(),
passwd: []byte(pass),
}
space := id.Space()
c, err := s.r.GetConfig(ctx, mercury.ParseSearch("trace:"+space+identSFX))
if err != nil {
span.RecordError(err)
return id, err
}
var current mercuryIdent
current.FromConfig(c)
if len(current.passwd) == 0 {
return nil, fmt.Errorf("not registered")
}
_, err = s.idm.Passwd(id.passwd, current.passwd)
if err != nil {
return id, err
}
current.SessionInfo, err = s.idm.NewSessionInfo()
if err != nil {
return id, err
}
err = s.r.WriteConfig(ctx, current.ToConfig())
if err != nil {
return &current, err
}
return &current, nil
}
func (s *mercurySource) readIdentBasic(r *http.Request) (ident.Ident, error) {
ctx, span := lg.Span(r.Context())
defer span.End()
user, pass, ok := r.BasicAuth()
if !ok {
return nil, nil
}
id := &mercuryIdent{
identity: user,
passwd: []byte(pass),
}
space := id.Space()
c, err := s.r.GetConfig(ctx, mercury.ParseSearch("trace:"+space+identSFX))
if err != nil {
span.RecordError(err)
return id, err
}
var current mercuryIdent
current.FromConfig(c)
if len(current.passwd) == 0 {
return nil, fmt.Errorf("not registered")
}
_, err = s.idm.Passwd(id.passwd, current.passwd)
if err != nil {
return id, err
}
current.SessionInfo, err = s.idm.NewSessionInfo()
if err != nil {
return id, err
}
err = s.r.WriteConfig(ctx, current.ToConfig())
if err != nil {
return &current, err
}
return &current, nil
}
func (s *mercurySource) readIdentHTTP(r *http.Request) (ident.Ident, error) {
ctx, span := lg.Span(r.Context())
defer span.End()
if r.Method != http.MethodPost {
return nil, fmt.Errorf("method not allowed")
}
r.ParseForm()
id := &mercuryIdent{
identity: r.Form.Get("identity"),
passwd: []byte(r.Form.Get("passwd")),
}
if id.identity == "" {
return nil, nil
}
space := id.Space()
c, err := s.r.GetConfig(ctx, mercury.ParseSearch("trace:"+space+identSFX))
if err != nil {
span.RecordError(err)
return id, err
}
var current mercuryIdent
current.FromConfig(c)
if len(current.passwd) == 0 {
return nil, fmt.Errorf("not registered")
}
_, err = s.idm.Passwd(id.passwd, current.passwd)
if err != nil {
return id, err
}
current.SessionInfo, err = s.idm.NewSessionInfo()
if err != nil {
return id, err
}
err = s.r.WriteConfig(ctx, current.ToConfig())
if err != nil {
return &current, err
}
return &current, nil
}
func (s *mercurySource) RegisterIdent(ctx context.Context, identity, display string, passwd []byte) (ident.Ident, error) {
ctx, span := lg.Span(ctx)
defer span.End()
id := &mercuryIdent{identity: identity, display: display, passwd: passwd}
_, err := s.r.GetIndex(ctx, mercury.ParseSearch( id.Space()))
if err != nil {
return nil, err
}
id.SessionInfo, err = s.idm.NewSessionInfo()
if err != nil {
return id, err
}
err = s.r.WriteConfig(ctx, id.ToConfig())
if err != nil {
return nil, err
}
return id, nil
}