absc
/
dudeswave2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for multi-host to the authentication module.

main
absc 2024-09-15 13:23:38 +00:00
parent f51847fe97
commit b1c4ab8e16
1 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
dudeswave_users/src/dudeswave_users_auth.erl
View File

@ -23,7 +23,7 @@ Here lives all the functions for the APIs needed to handle users authentication.
-include_lib("dudeswave_backend/include/defines.hrl").
-include_lib("storage/include/storage.hrl").
-export([authenticate/3, logout/2]).
-export([authenticate/4, logout/3]).
-doc """
Verify a session with an existing cookie.
@ -31,9 +31,10 @@ Verify a session with an existing cookie.
Spec:
```
-spec authenticate(Type, User, Auth) -> true | false | {true, Cookie, Validity} | {error, Reason} when
-spec authenticate(Type, User, Host, Auth) -> true | false | {true, Cookie, Validity} | {error, Reason} when
Type :: cookie | password,
User :: binary(),
Host :: binary(),
Auth :: {cookie, binary()} | {password, binary()},
Cookie :: binary(),
Validity :: pos_integer(),
@ -46,15 +47,18 @@ after authenticating with `Password`.
If `Cookie` is valid, the function returns `true`. If the authentication is denied
returns `false`
""".
-spec authenticate(Type, User, Auth) -> true | false | {true, Cookie, Validity} | {error, Reason} when
-spec authenticate(Type, User, Host, Auth) -> true | false | {true, Cookie, Validity} | {error, Reason} when
Type :: cookie | password,
User :: binary(),
Host :: binary(),
Auth :: {cookie, binary()} | {password, binary()},
Cookie :: binary(),
Validity :: pos_integer(),
Reason :: term().
authenticate(cookie, User, Cookie) ->
authenticate(cookie, User, Host, Cookie) ->
ComplUser = <<User/binary, "@", Host/binary>>,
case storage:read(?COOKIESBUCK, Cookie) of
{ok, [R]} ->
CurTime = calendar:now_to_universal_time(erlang:timestamp()),
@ -64,7 +68,7 @@ authenticate(cookie, User, Cookie) ->
if
CookieTime >= CurTime ->
if
User =:= CookieUser -> true;
ComplUser =:= CookieUser -> true;
true -> false
end;
true -> false
@ -73,8 +77,10 @@ authenticate(cookie, User, Cookie) ->
{error, _} -> {error, service_unavailable}
end;
authenticate(password, User, Password) ->
case storage:read(?USERSBUCK, User) of
authenticate(password, User, Host, Password) ->
ComplUser = <<User/binary, "@", Host/binary>>,
case storage:read(?USERSBUCK, ComplUser) of
{ok, [R]} ->
Validity = case application:get_env(cookie_validity) of
{ok, Value} ->
@ -83,8 +89,8 @@ authenticate(password, User, Password) ->
erlang:system_time(seconds) + ?DEFVALIDITY * 86400
end,
{hash, Hash} = proplists:lookup(hash, R#object.metadata),
{salt, Salt} = proplists:lookup(salt, R#object.metadata),
{hash, Hash} = proplists:lookup(hash, R#object.value),
{salt, Salt} = proplists:lookup(salt, R#object.value),
{approved, Appr} = proplists:lookup(approved, R#object.metadata),
Auth = crypto:hash(sha256, <<Password/binary, Salt/binary>>),
@ -94,7 +100,7 @@ authenticate(password, User, Password) ->
Auth =:= Hash ->
Cookie = base64:encode(rand:bytes(64)),
case storage:write(?COOKIESBUCK, <<Cookie/binary>>,
Validity, [{user, User}]) of
Validity, [{user, ComplUser}]) of
ok -> {true, Cookie, Validity};
{error, Reason} -> {error, Reason}
end;
@ -110,23 +116,27 @@ Close an existing session
Spec:
```
-spec logout(User, Cookie) -> ok | {error, Reason} when
-spec logout(User, Host, Cookie) -> ok | {error, Reason} when
User :: binary(),
Host :: binary(),
Cookie :: binary(),
Reason :: term().
```
Invalidate and delete `Cookie` associated with `User` from the system.
""".
-spec logout(User, Cookie) -> ok | {error, Reason} when
-spec logout(User, Host, Cookie) -> ok | {error, Reason} when
User :: binary(),
Host :: binary(),
Cookie :: binary(),
Reason :: term().
logout(User, Cookie) ->
logout(User, Host, Cookie) ->
ComplUser = <<User/binary, "@", Host/binary>>,
case storage:read(?COOKIESBUCK, Cookie) of
{ok, [R]} ->
{user, User} = proplists:lookup(user, R#object.metadata),
{user, ComplUser} = proplists:lookup(user, R#object.metadata),
storage:delete(?COOKIESBUCK, Cookie);
{ok, []} ->
{error, not_found};