Store the user's key in the session store so that login/unlock is automatic if cookie is still there
This commit is contained in:
parent
669c2c1c28
commit
3bb8a78d07
2 changed files with 21 additions and 12 deletions
5
main.go
5
main.go
|
@ -23,6 +23,7 @@ type ConfigFile struct {
|
||||||
DbType string `json:"db_type"`
|
DbType string `json:"db_type"`
|
||||||
DbPath string `json:"db_path"`
|
DbPath string `json:"db_path"`
|
||||||
MatrixDomain string `json:"matrix_domain"`
|
MatrixDomain string `json:"matrix_domain"`
|
||||||
|
SessionKey string `json:"web_session_key"`
|
||||||
}
|
}
|
||||||
|
|
||||||
var configFlag = flag.String("config", "./config.json", "Configuration file path")
|
var configFlag = flag.String("config", "./config.json", "Configuration file path")
|
||||||
|
@ -31,6 +32,9 @@ var config *ConfigFile
|
||||||
var registration *mxlib.Registration
|
var registration *mxlib.Registration
|
||||||
|
|
||||||
func readConfig() ConfigFile {
|
func readConfig() ConfigFile {
|
||||||
|
defaultKey := make([]byte, 32)
|
||||||
|
rand.Read(defaultKey)
|
||||||
|
|
||||||
config_file := ConfigFile{
|
config_file := ConfigFile{
|
||||||
LogLevel: "info",
|
LogLevel: "info",
|
||||||
ASBindAddr: "0.0.0.0:8321",
|
ASBindAddr: "0.0.0.0:8321",
|
||||||
|
@ -39,6 +43,7 @@ func readConfig() ConfigFile {
|
||||||
Server: "http://localhost:8008",
|
Server: "http://localhost:8008",
|
||||||
DbType: "sqlite3",
|
DbType: "sqlite3",
|
||||||
DbPath: "easybridge.db",
|
DbPath: "easybridge.db",
|
||||||
|
SessionKey: hex.EncodeToString(defaultKey),
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err := os.Stat(*configFlag)
|
_, err := os.Stat(*configFlag)
|
||||||
|
|
28
web.go
28
web.go
|
@ -1,7 +1,6 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
|
||||||
"html/template"
|
"html/template"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
@ -11,6 +10,7 @@ import (
|
||||||
"github.com/gorilla/sessions"
|
"github.com/gorilla/sessions"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"golang.org/x/crypto/argon2"
|
"golang.org/x/crypto/argon2"
|
||||||
|
"golang.org/x/crypto/blake2b"
|
||||||
|
|
||||||
"git.deuxfleurs.fr/Deuxfleurs/easybridge/connector"
|
"git.deuxfleurs.fr/Deuxfleurs/easybridge/connector"
|
||||||
"git.deuxfleurs.fr/Deuxfleurs/easybridge/mxlib"
|
"git.deuxfleurs.fr/Deuxfleurs/easybridge/mxlib"
|
||||||
|
@ -22,12 +22,8 @@ var sessionsStore sessions.Store = nil
|
||||||
var userKeys = map[string]*[32]byte{}
|
var userKeys = map[string]*[32]byte{}
|
||||||
|
|
||||||
func StartWeb() {
|
func StartWeb() {
|
||||||
session_key := make([]byte, 32)
|
session_key := blake2b.Sum256([]byte(config.SessionKey))
|
||||||
n, err := rand.Read(session_key)
|
sessionsStore = sessions.NewCookieStore(session_key[:])
|
||||||
if err != nil || n != 32 {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
sessionsStore = sessions.NewCookieStore(session_key)
|
|
||||||
|
|
||||||
r := mux.NewRouter()
|
r := mux.NewRouter()
|
||||||
r.HandleFunc("/", handleHome)
|
r.HandleFunc("/", handleHome)
|
||||||
|
@ -41,7 +37,7 @@ func StartWeb() {
|
||||||
|
|
||||||
log.Printf("Starting web UI HTTP server on %s", config.WebBindAddr)
|
log.Printf("Starting web UI HTTP server on %s", config.WebBindAddr)
|
||||||
go func() {
|
go func() {
|
||||||
err = http.ListenAndServe(config.WebBindAddr, logRequest(r))
|
err := http.ListenAndServe(config.WebBindAddr, logRequest(r))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("Cannot start http server: ", err)
|
log.Fatal("Cannot start http server: ", err)
|
||||||
}
|
}
|
||||||
|
@ -66,10 +62,17 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
|
||||||
|
|
||||||
session, err := sessionsStore.Get(r, SESSION_NAME)
|
session, err := sessionsStore.Get(r, SESSION_NAME)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
mxid, ok := session.Values["login_mxid"]
|
mxid, ok := session.Values["login_mxid"].(string)
|
||||||
if ok {
|
user_key, ok2 := session.Values["login_user_key"].([]byte)
|
||||||
|
if ok && ok2 {
|
||||||
|
if _, had_key := userKeys[mxid]; !had_key && len(user_key) == 32 {
|
||||||
|
key := new([32]byte)
|
||||||
|
copy(key[:], user_key)
|
||||||
|
userKeys[mxid] = key
|
||||||
|
LoadDbAccounts(mxid, key)
|
||||||
|
}
|
||||||
login_info = &LoginInfo{
|
login_info = &LoginInfo{
|
||||||
MxId: mxid.(string),
|
MxId: mxid,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -154,7 +157,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
|
||||||
|
|
||||||
key := new([32]byte)
|
key := new([32]byte)
|
||||||
key_slice := argon2.IDKey([]byte(password), []byte("EZBRIDGE account store"), 3, 64*1024, 4, 32)
|
key_slice := argon2.IDKey([]byte(password), []byte("EZBRIDGE account store"), 3, 64*1024, 4, 32)
|
||||||
copy(key[:], key_slice[:])
|
copy(key[:], key_slice)
|
||||||
userKeys[mxid] = key
|
userKeys[mxid] = key
|
||||||
|
|
||||||
SaveDbAccounts(mxid, key)
|
SaveDbAccounts(mxid, key)
|
||||||
|
@ -167,6 +170,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
|
||||||
}
|
}
|
||||||
|
|
||||||
session.Values["login_mxid"] = mxid
|
session.Values["login_mxid"] = mxid
|
||||||
|
session.Values["login_user_key"] = key_slice
|
||||||
|
|
||||||
err = session.Save(r, w)
|
err = session.Save(r, w)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue