noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Generate token keys in SQL and store as binary

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2016-11-22 13:51:21 +00:00
parent bb752eb124
commit 8cdae77483
12 changed files with 55 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
mem/db.go
View file

@ -49,11 +49,11 @@ func (this *DB) GetTK(name string) *TK {
func (this *DB) AddTK(ast *sql.DefineTokenStatement) {
if tk, ok := this.TK[ast.Name]; ok {
tk.Name = ast.Name
tk.Text = ast.Text
tk.Code = ast.Code
} else {
this.TK[ast.Name] = &TK{
Name: ast.Name,
Text: ast.Text,
Code: ast.Code,
}
}
}

6
mem/mem.go
View file

@ -45,20 +45,20 @@ type TB struct {
type AC struct {
User string
Uniq string
Pass []byte
Code []byte
}
type TK struct {
Name string
Type string
Text string
Code []byte
}
type SC struct {
TK map[string]*TK
Name string
Uniq string
Code []byte
Time time.Duration
Signup sql.Expr
Signin sql.Expr

4
mem/ns.go
View file

@ -49,11 +49,11 @@ func (this *NS) GetTK(name string) *TK {
func (this *NS) AddTK(ast *sql.DefineTokenStatement) {
if tk, ok := this.TK[ast.Name]; ok {
tk.Name = ast.Name
tk.Text = ast.Text
tk.Code = ast.Code
} else {
this.TK[ast.Name] = &TK{
Name: ast.Name,
Text: ast.Text,
Code: ast.Code,
}
}
}

4
mem/sc.go
View file

@ -28,11 +28,11 @@ func (this *SC) GetTK(name string) *TK {
func (this *SC) AddTK(ast *sql.DefineTokenStatement) {
if tk, ok := this.TK[ast.Name]; ok {
tk.Name = ast.Name
tk.Text = ast.Text
tk.Code = ast.Code
} else {
this.TK[ast.Name] = &TK{
Name: ast.Name,
Text: ast.Text,
Code: ast.Code,
}
}
}

4
sql/ast.go
View file

@ -215,6 +215,7 @@ type DefineLoginStatement struct {
Kind Token `cork:"kind" codec:"kind"`
User string `cork:"user" codec:"user"`
Pass []byte `cork:"pass" codec:"pass"`
Code []byte `cork:"code" codec:"code"`
}
// RemoveLoginStatement represents an SQL REMOVE LOGIN statement.
@ -238,7 +239,7 @@ type DefineTokenStatement struct {
Kind Token `cork:"kind" codec:"kind"`
Name string `cork:"name" codec:"name"`
Type string `cork:"type" codec:"type"`
Text string `cork:"text" codec:"text"`
Code []byte `cork:"code" codec:"code"`
}
// RemoveTokenStatement represents an SQL REMOVE TOKEN statement.
@ -261,6 +262,7 @@ type DefineScopeStatement struct {
DB string `cork:"-" codec:"-"`
Name string `cork:"name" codec:"name"`
Time time.Duration `cork:"time" codec:"time"`
Code []byte `cork:"code" codec:"code"`
Signup Expr `cork:"signup" codec:"signup"`
Signin Expr `cork:"signin" codec:"signin"`
}

8
sql/cork.go
View file

@ -1082,6 +1082,7 @@ func (this *DefineLoginStatement) MarshalCORK() (dst []byte, err error) {
e.Encode(this.Kind)
e.Encode(this.User)
e.Encode(this.Pass)
e.Encode(this.Code)
return b.Bytes(), nil
}
@ -1091,6 +1092,7 @@ func (this *DefineLoginStatement) UnmarshalCORK(src []byte) (err error) {
d.Decode(&this.Kind)
d.Decode(&this.User)
d.Decode(&this.Pass)
d.Decode(&this.Code)
return
}
@ -1140,7 +1142,7 @@ func (this *DefineTokenStatement) MarshalCORK() (dst []byte, err error) {
e.Encode(this.Kind)
e.Encode(this.Name)
e.Encode(this.Type)
e.Encode(this.Text)
e.Encode(this.Code)
return b.Bytes(), nil
}
@ -1150,7 +1152,7 @@ func (this *DefineTokenStatement) UnmarshalCORK(src []byte) (err error) {
d.Decode(&this.Kind)
d.Decode(&this.Name)
d.Decode(&this.Type)
d.Decode(&this.Text)
d.Decode(&this.Code)
return
}
@ -1199,6 +1201,7 @@ func (this *DefineScopeStatement) MarshalCORK() (dst []byte, err error) {
e := cork.NewEncoder(b)
e.Encode(this.Name)
e.Encode(this.Time)
e.Encode(this.Code)
e.Encode(this.Signup)
e.Encode(this.Signin)
return b.Bytes(), nil
@ -1209,6 +1212,7 @@ func (this *DefineScopeStatement) UnmarshalCORK(src []byte) (err error) {
d := cork.NewDecoder(b)
d.Decode(&this.Name)
d.Decode(&this.Time)
d.Decode(&this.Code)
d.Decode(&this.Signup)
d.Decode(&this.Signin)
return

14
sql/exprs.go
View file

@ -20,6 +20,8 @@ import (
"time"
"golang.org/x/crypto/bcrypt"
"github.com/abcum/surreal/util/rand"
)
func (p *parser) parseWhat() (mul []Expr, err error) {
@ -120,6 +122,18 @@ func (p *parser) parseCond() (exp Expr, err error) {
//
// --------------------------------------------------
func (p *parser) parseRand() (exp []byte, err error) {
exp = rand.New(64)
return
}
// --------------------------------------------------
//
// --------------------------------------------------
func (p *parser) parseIdent() (*Ident, error) {
_, lit, err := p.shouldBe(IDENT)

4
sql/login.go
View file

@ -54,6 +54,10 @@ func (p *parser) parseDefineLoginStatement() (stmt *DefineLoginStatement, err er
return nil, err
}
if stmt.Code, err = p.parseRand(); err != nil {
return nil, err
}
if _, _, err = p.shouldBe(EOF, SEMICOLON); err != nil {
return nil, err
}

4
sql/scope.go
View file

@ -55,6 +55,10 @@ func (p *parser) parseDefineScopeStatement() (stmt *DefineScopeStatement, err er
}
if stmt.Code, err = p.parseRand(); err != nil {
return nil, err
}
if _, _, err = p.shouldBe(EOF, SEMICOLON); err != nil {
return nil, err
}

4
sql/token.go
View file

@ -44,6 +44,10 @@ func (p *parser) parseDefineTokenStatement() (stmt *DefineTokenStatement, err er
}
}
if stmt.Code, err = p.parseRand(); err != nil {
return nil, err
}
if _, _, err = p.shouldBe(EOF, SEMICOLON); err != nil {
return nil, err
}

12
web/auth.go
View file

@ -142,11 +142,11 @@ func auth() fibre.MiddlewareFunc {
return nil, fmt.Errorf("Unexpected signing method")
}
auth.Kind = sql.AuthSC
return []byte(key.Text), nil
return key.Code, nil
} else {
scp := mem.GetNS(nsv).GetDB(dbv).GetSC(scv)
auth.Kind = sql.AuthSC
return []byte(scp.Uniq), nil
return scp.Code, nil
}
} else if nok && dok && tok {
@ -157,11 +157,11 @@ func auth() fibre.MiddlewareFunc {
return nil, fmt.Errorf("Unexpected signing method")
}
auth.Kind = sql.AuthDB
return []byte(key.Text), nil
return key.Code, nil
} else if uok {
usr := mem.GetNS(nsv).GetDB(dbv).GetAC(usv)
auth.Kind = sql.AuthDB
return []byte(usr.Uniq), nil
return usr.Code, nil
}
} else if nok && tok {
@ -172,11 +172,11 @@ func auth() fibre.MiddlewareFunc {
return nil, fmt.Errorf("Unexpected signing method")
}
auth.Kind = sql.AuthNS
return []byte(key.Text), nil
return key.Code, nil
} else if uok {
usr := mem.GetNS(nsv).GetAC(usv)
auth.Kind = sql.AuthNS
return []byte(usr.Uniq), nil
return usr.Code, nil
}
}

10
web/signin.go
View file

@ -85,7 +85,7 @@ func signin(c *fibre.Context) (err error) {
// Try to create the final signed token as a string.
str, err = signr.SignedString([]byte(scp.Uniq))
str, err = signr.SignedString(scp.Code)
if err != nil {
return fibre.NewHTTPError(403)
}
@ -120,7 +120,7 @@ func signin(c *fibre.Context) (err error) {
// Compare the hashed and stored passwords.
err = bcrypt.CompareHashAndPassword([]byte(usr.Pass), []byte(p))
err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p))
if err != nil {
return fibre.NewHTTPError(403)
}
@ -140,7 +140,7 @@ func signin(c *fibre.Context) (err error) {
// Try to create the final signed token as a string.
str, err = signr.SignedString([]byte(usr.Uniq))
str, err = signr.SignedString(usr.Code)
if err != nil {
return fibre.NewHTTPError(403)
}
@ -175,7 +175,7 @@ func signin(c *fibre.Context) (err error) {
// Compare the hashed and stored passwords.
err = bcrypt.CompareHashAndPassword([]byte(usr.Pass), []byte(p))
err = bcrypt.CompareHashAndPassword(usr.Pass, []byte(p))
if err != nil {
return fibre.NewHTTPError(403)
}
@ -194,7 +194,7 @@ func signin(c *fibre.Context) (err error) {
// Try to create the final signed token as a string.
str, err = signr.SignedString([]byte(usr.Uniq))
str, err = signr.SignedString(usr.Code)
if err != nil {
return fibre.NewHTTPError(403)
}