Improve rpc authentication methods

2018-02-14 13:19:43 +00:00 · 2018-02-14 13:19:43 +00:00 · 2249086887
commit 2249086887
parent c47fe55ffb
3 changed files with 149 additions and 38 deletions
--- a/web/rpc.go
+++ b/web/rpc.go
@ -25,26 +25,38 @@ import (
 type rpc struct{}
 // --------------------------------------------------
 // Methods for authentication
 // --------------------------------------------------
 func (r *rpc) Uniq(c *fibre.Context) (interface{}, error) {
-	return rand.String(128), nil
+	return rand.String(64), nil
 }
 func (r *rpc) Info(c *fibre.Context) (interface{}, error) {
 	return c.Get("auth").(*cnf.Auth).Data, nil
 }
-func (r *rpc) Auth(c *fibre.Context, auth string) (interface{}, error) {
+func (r *rpc) Signup(c *fibre.Context, vars map[string]interface{}) (interface{}, error) {
-	return c.Get("auth").(*cnf.Auth).Data, checkBearer(c, auth, ignore)
+	return signupRpc(c, vars)
 }
-func (r *rpc) Let(c *fibre.Context, key string, val interface{}) (interface{}, error) {
+func (r *rpc) Signin(c *fibre.Context, vars map[string]interface{}) (interface{}, error) {
-	return c.Get("keep").(*data.Doc).Set(val, key)
+	return signinRpc(c, vars)
 }
-func (r *rpc) Query(c *fibre.Context, sql string, vars map[string]interface{}) (interface{}, error) {
+func (r *rpc) Invalidate(c *fibre.Context) (interface{}, error) {
-	return db.Execute(c, sql, vars)
+	return c.Get("auth").(*cnf.Auth).Reset().Data, nil
 }
 func (r *rpc) Authenticate(c *fibre.Context, auth string) (interface{}, error) {
 	return c.Get("auth").(*cnf.Auth).Reset().Data, checkBearer(c, auth, ignore)
 }
 // --------------------------------------------------
 // Methods for live queries
 // --------------------------------------------------
 func (r *rpc) Kill(c *fibre.Context, query string) (interface{}, error) {
 	return db.Execute(c, "KILL $query", map[string]interface{}{
 		"query": query,
@ -57,6 +69,18 @@ func (r *rpc) Live(c *fibre.Context, class string) (interface{}, error) {
 	})
 }
 // --------------------------------------------------
 // Methods for static queries
 // --------------------------------------------------
 func (r *rpc) Let(c *fibre.Context, key string, val interface{}) (interface{}, error) {
 	return c.Get("keep").(*data.Doc).Set(val, key)
 }
 func (r *rpc) Query(c *fibre.Context, sql string, vars map[string]interface{}) (interface{}, error) {
 	return db.Execute(c, sql, vars)
 }
 func (r *rpc) Select(c *fibre.Context, class string, thing interface{}) (interface{}, error) {
 	switch thing := thing.(type) {
 	case *fibre.RPCNull:
--- a/web/signin.go
+++ b/web/signin.go
@ -34,6 +34,37 @@ func signin(c *fibre.Context) (err error) {
 	c.Bind(&vars)
 	str, err := signinInternal(c, vars)
 	switch err {
 	case nil:
 		return c.Send(200, str)
 	default:
 		return err
 	}
 }
 func signinRpc(c *fibre.Context, vars map[string]interface{}) (res interface{}, err error) {
 	var str string
 	str, err = signinInternal(c, vars)
 	if err != nil {
 		return nil, err
 	}
 	err = checkBearer(c, str, ignore)
 	if err != nil {
 		return nil, err
 	}
 	return str, nil
 }
 func signinInternal(c *fibre.Context, vars map[string]interface{}) (str string, err error) {
 	n, nok := vars[varKeyNs].(string)
 	d, dok := vars[varKeyDb].(string)
 	s, sok := vars[varKeySc].(string)
@ -58,7 +89,6 @@ func signin(c *fibre.Context) (err error) {
 		var ok bool
 		var txn kvs.TX
 		var str string
 		var doc *sql.Thing
 		var res []*db.Response
 		var exp *sql.SubExpression
@ -67,7 +97,7 @@ func signin(c *fibre.Context) (err error) {
 		// Start a new read transaction.
 		if txn, err = db.Begin(false); err != nil {
-			return fibre.NewHTTPError(500)
+			return str, fibre.NewHTTPError(500)
 		}
 		// Ensure the transaction closes.
@ -82,14 +112,14 @@ func signin(c *fibre.Context) (err error) {
 		if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil {
 			m := "Authentication scope does not exist"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// Check that the scope allows signin.
 		if exp, ok = scp.Signin.(*sql.SubExpression); !ok {
 			m := "Authentication scope does not allow signin"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// Process the scope signin statement.
@ -102,35 +132,35 @@ func signin(c *fibre.Context) (err error) {
 		if res, err = db.Process(c, query, vars); err != nil {
 			m := "Authentication scope signin was unsuccessful: Query failed"
-			return fibre.NewHTTPError(501).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(501).WithFields(f).WithMessage(m)
 		}
 		// If the response is not 1 record then return a 403 error.
 		if len(res) != 1 {
 			m := "Authentication scope signin was unsuccessful: Query failed"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// If the response has an error set then return a 403 error.
 		if res[0].Status != "OK" {
 			m := "Authentication scope signin was unsuccessful: " + res[0].Detail
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// If the response has no record set then return a 403 error.
 		if len(res[0].Result) != 1 {
 			m := "Authentication scope signin was unsuccessful: No record returned"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// If the query does not return an id field then return a 403 error.
 		if doc, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok {
 			m := "Authentication scope signin was unsuccessful: No id field found"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// Create a new token signer with the default claims.
@ -152,10 +182,10 @@ func signin(c *fibre.Context) (err error) {
 		if str, err = signr.SignedString(scp.Code); err != nil {
 			m := "Problem with signing method: " + err.Error()
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
-		return c.Send(200, str)
+		return str, err
 	}
@ -181,13 +211,13 @@ func signin(c *fibre.Context) (err error) {
 		if !uok || !pok {
 			m := "Username or password is missing"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// Start a new read transaction.
 		if usr, err = signinDB(n, d, u, p); err != nil {
-			return err
+			return str, err
 		}
 		// Create a new token signer with the default claims.
@ -207,10 +237,10 @@ func signin(c *fibre.Context) (err error) {
 		if str, err = signr.SignedString(usr.Code); err != nil {
 			m := "Problem with signing method: " + err.Error()
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
-		return c.Send(200, str)
+		return str, err
 	}
@ -236,11 +266,11 @@ func signin(c *fibre.Context) (err error) {
 		if !uok || !pok {
 			m := "Username or password is missing"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		if usr, err = signinNS(n, u, p); err != nil {
-			return err
+			return str, err
 		}
 		// Create a new token signer with the default claims.
@ -259,14 +289,14 @@ func signin(c *fibre.Context) (err error) {
 		if str, err = signr.SignedString(usr.Code); err != nil {
 			m := "Problem with signing method: " + err.Error()
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
-		return c.Send(200, str)
+		return str, err
 	}
-	return fibre.NewHTTPError(403)
+	return str, fibre.NewHTTPError(403)
 }
--- a/web/signup.go
+++ b/web/signup.go
@ -15,6 +15,8 @@
 package web
 import (
 	"time"
 	"github.com/abcum/fibre"
 	"github.com/abcum/surreal/cnf"
 	"github.com/abcum/surreal/db"
@ -22,6 +24,7 @@ import (
 	"github.com/abcum/surreal/mem"
 	"github.com/abcum/surreal/sql"
 	"github.com/abcum/surreal/util/data"
 	"github.com/dgrijalva/jwt-go"
 )
 func signup(c *fibre.Context) (err error) {
@ -30,6 +33,37 @@ func signup(c *fibre.Context) (err error) {
 	c.Bind(&vars)
 	str, err := signinInternal(c, vars)
 	switch err {
 	case nil:
 		return c.Send(200, str)
 	default:
 		return err
 	}
 }
 func signupRpc(c *fibre.Context, vars map[string]interface{}) (res interface{}, err error) {
 	var str string
 	str, err = signupInternal(c, vars)
 	if err != nil {
 		return nil, err
 	}
 	err = checkBearer(c, str, ignore)
 	if err != nil {
 		return nil, err
 	}
 	return str, nil
 }
 func signupInternal(c *fibre.Context, vars map[string]interface{}) (str string, err error) {
 	n, nok := vars[varKeyNs].(string)
 	d, dok := vars[varKeyDb].(string)
 	s, sok := vars[varKeySc].(string)
@ -54,6 +88,7 @@ func signup(c *fibre.Context) (err error) {
 		var ok bool
 		var txn kvs.TX
 		var doc *sql.Thing
 		var res []*db.Response
 		var exp *sql.SubExpression
 		var scp *sql.DefineScopeStatement
@ -61,7 +96,7 @@ func signup(c *fibre.Context) (err error) {
 		// Start a new read transaction.
 		if txn, err = db.Begin(false); err != nil {
-			return fibre.NewHTTPError(500)
+			return str, fibre.NewHTTPError(500)
 		}
 		// Ensure the transaction closes.
@ -76,14 +111,14 @@ func signup(c *fibre.Context) (err error) {
 		if scp, err = mem.NewWithTX(txn).GetSC(n, d, s); err != nil {
 			m := "Authentication scope does not exist"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// Check that the scope allows signup.
 		if exp, ok = scp.Signup.(*sql.SubExpression); !ok {
 			m := "Authentication scope does not allow signup"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// Process the scope signup statement.
@ -96,41 +131,63 @@ func signup(c *fibre.Context) (err error) {
 		if res, err = db.Process(c, query, vars); err != nil {
 			m := "Authentication scope signup was unsuccessful: Query failed"
-			return fibre.NewHTTPError(501).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(501).WithFields(f).WithMessage(m)
 		}
 		// If the response is not 1 record then return a 403 error.
 		if len(res) != 1 {
 			m := "Authentication scope signup was unsuccessful: Query failed"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// If the response has an error set then return a 403 error.
 		if res[0].Status != "OK" {
 			m := "Authentication scope signin was unsuccessful: " + res[0].Detail
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// If the response has no record set then return a 403 error.
 		if len(res[0].Result) != 1 {
 			m := "Authentication scope signup was unsuccessful: No record created"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		// If the query does not return an id field then return a 403 error.
-		if _, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok {
+		if doc, ok = data.Consume(res[0].Result[0]).Get("id").Data().(*sql.Thing); !ok {
 			m := "Authentication scope signup was unsuccessful: No id field found"
-			return fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
+			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
-		return c.Code(204)
+		// Create a new token signer with the default claims.
 		signr := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
 			"NS":  n,
 			"DB":  d,
 			"SC":  s,
 			"TK":  "default",
 			"iss": "Surreal",
 			"iat": time.Now().Unix(),
 			"nbf": time.Now().Unix(),
 			"exp": time.Now().Add(scp.Time).Unix(),
 			"TB":  doc.TB,
 			"ID":  doc.ID,
 		})
 		// Try to create the final signed token as a string.
 		if str, err = signr.SignedString(scp.Code); err != nil {
 			m := "Problem with signing method: " + err.Error()
 			return str, fibre.NewHTTPError(403).WithFields(f).WithMessage(m)
 		}
 		return str, err
 	}
-	return fibre.NewHTTPError(403)
+	return str, fibre.NewHTTPError(403)
 }