diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2020-01-30 19:08:14 -0600 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2020-01-30 19:16:19 -0600 |
commit | 819adbbb708076bcf9d3ee6443c704303aad5a80 (patch) | |
tree | 53081f249aade5edc17f6a9a72f449414d881fdd /pkg/auth/sip2/auth.go | |
parent | 6ba23c4e3de16181857d5703198d2e817928f1ba (diff) |
refactor auth middleware
Diffstat (limited to 'pkg/auth/sip2/auth.go')
-rw-r--r-- | pkg/auth/sip2/auth.go | 115 |
1 files changed, 54 insertions, 61 deletions
diff --git a/pkg/auth/sip2/auth.go b/pkg/auth/sip2/auth.go index 9c01c28..47733c2 100644 --- a/pkg/auth/sip2/auth.go +++ b/pkg/auth/sip2/auth.go @@ -1,33 +1,46 @@ +// Copyright (C) 2019 LEAP +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + package sip2 import ( - "encoding/json" - "github.com/dgrijalva/jwt-go" + "errors" "log" - "net/http" "os" - "time" "0xacab.org/leap/vpnweb/pkg/config" ) -const sipUserVar string = "VPNWEB_SIP_USER" -const sipPassVar string = "VPNWEB_SIP_PASS" -const sipPortVar string = "VPNWEB_SIP_PORT" -const sipHostVar string = "VPNWEB_SIP_HOST" -const sipLibrLocVar string = "VPNWEB_SIP_LIBR_LOCATION" -const sipTerminatorVar string = "VPNWEB_SIP_TERMINATOR" -const sipDefaultTerminator string = "\r\n" - -type Credentials struct { - User string - Password string -} +const ( + sipUserVar string = "VPNWEB_SIP_USER" + sipPassVar string = "VPNWEB_SIP_PASS" + sipPortVar string = "VPNWEB_SIP_PORT" + sipHostVar string = "VPNWEB_SIP_HOST" + sipLibrLocVar string = "VPNWEB_SIP_LIBR_LOCATION" + sipTerminatorVar string = "VPNWEB_SIP_TERMINATOR" + sipDefaultTerminator string = "\r\n" +) -func getConfigFromEnv(envVar string) string { +func getConfigFromEnv(envVar, defaultVar string) string { val, exists := os.LookupEnv(envVar) if !exists { - log.Fatal("Need to set required env var:", envVar) + if defaultVar == "" { + log.Fatal("Need to set required env var: ", envVar) + } else { + return defaultVar + } } return val } @@ -41,60 +54,40 @@ func setupTerminatorFromEnv() { } } -func SipAuthenticator(opts *config.Opts) http.HandlerFunc { - +func initializeSipConnection(skipConnect bool) (sipClient, error) { log.Println("Initializing SIP2 authenticator") - SipUser := getConfigFromEnv(sipUserVar) - SipPass := getConfigFromEnv(sipPassVar) - SipHost := getConfigFromEnv(sipHostVar) - SipPort := getConfigFromEnv(sipPortVar) - SipLibrLoc := getConfigFromEnv(sipLibrLocVar) + user := getConfigFromEnv(sipUserVar, "") + pass := getConfigFromEnv(sipPassVar, "") + host := getConfigFromEnv(sipHostVar, "localhost") + port := getConfigFromEnv(sipPortVar, "6001") + loc := getConfigFromEnv(sipLibrLocVar, "") setupTerminatorFromEnv() - sip := NewClient(SipHost, SipPort, SipLibrLoc) + sip := newClient(host, port, loc) + + if skipConnect { + // mainly for testing purposes at the moment + return sip, nil + } ok, err := sip.Connect() if err != nil { - log.Fatal("Cannot connect sip client") + return sip, err } - ok = sip.Login(SipUser, SipPass) + ok = sip.Login(user, pass) if !ok { - log.Fatal("Error on SIP login") - } else { - log.Println("SIP login ok") + return sip, errors.New("SIP login error") } + return sip, nil +} - var authTokenHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - var c Credentials - - err := json.NewDecoder(r.Body).Decode(&c) - if err != nil { - log.Println("Auth request did not send valid json") - http.Error(w, err.Error(), http.StatusBadRequest) - return - } - - if c.User == "" || c.Password == "" { - log.Println("Auth request did not include user or password") - http.Error(w, "missing user and/or password", http.StatusBadRequest) - return - } - - valid := sip.CheckCredentials(c.User, c.Password) - if !valid { - log.Println("Wrong auth for user", c.User) - http.Error(w, "wrong user and/or password", http.StatusUnauthorized) - return - } +func GetAuthenticator(opts *config.Opts, skipConnect bool) *sipClient { - log.Println("Valid auth for user", c.User) - token := jwt.New(jwt.SigningMethodHS256) - claims := token.Claims.(jwt.MapClaims) - claims["exp"] = time.Now().Add(time.Hour * 24).Unix() - tokenString, _ := token.SignedString([]byte(opts.AuthSecret)) - w.Write([]byte(tokenString)) - }) - return authTokenHandler + sip, err := initializeSipConnection(skipConnect) + if err != nil { + log.Fatal("Cannot initialize sip:", err) + } + return &sip } |