From e3999c4906348dadcc85eec1df9a48e776deccd5 Mon Sep 17 00:00:00 2001 From: "Kali Kaneko (leap communications)" Date: Thu, 23 Feb 2017 00:35:33 +0100 Subject: [feature] require authentication token for api implements a global auth token for the app. this token is written to .config/leap/authtoken, and passed to the anchor part of the landing URI when opening the index resource by the browser. - Resolves: #8765 --- src/leap/bitmask/core/service.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'src/leap/bitmask/core/service.py') diff --git a/src/leap/bitmask/core/service.py b/src/leap/bitmask/core/service.py index 902bfa6b..c06a5343 100644 --- a/src/leap/bitmask/core/service.py +++ b/src/leap/bitmask/core/service.py @@ -18,6 +18,8 @@ Bitmask-core Service. """ import json +import os +import uuid try: import resource except ImportError: @@ -62,6 +64,16 @@ class BitmaskBackend(configurable.ConfigurableService): configurable.ConfigurableService.__init__(self, basedir) self.core_commands = BackendCommands(self) + + # The global token is used for authenticating some of the channels that + # expose the dispatcher. For the moment being, this is the REST API. + self.global_tokens = [uuid.uuid4().hex] + logger.info('Global token: {0}'.format(self.global_tokens[0])) + self._touch_token_file() + + # These tokens are user-session tokens. Implemented and rolled back, + # unused for now. If we don't move forward with user-session tokens on + # top of the global app token, this should be removed. self.tokens = {} def enabled(service): @@ -89,6 +101,12 @@ class BitmaskBackend(configurable.ConfigurableService): if enabled('websockets'): on_start(self._init_websockets) + def _touch_token_file(self): + path = os.path.join(self.basedir, 'authtoken') + with open(path, 'w') as f: + f.write(self.global_tokens[0]) + os.chmod(path, 0600) + def init_events(self): event_server.ensure_server() -- cgit v1.2.3