iAuth

2025-06-27 07:13:12 +00:00 · 2024-06-23 14:10:30 +03:00
parent 408d2237f4
commit 5bd69baa71
11 changed files with 325 additions and 138 deletions
--- a/demo/chat/chat.js
+++ b/demo/chat/chat.js
@ -4,6 +4,7 @@ import { createRequire } from 'module'
 import AsyncReply from "../../src/Core/AsyncReply.js";
 import DistributedServer from "../../src/Net/IIP/DistributedServer.js";
 import IMembership from "../../src/Security/Membership/IMembership.js";
+import AuthorizationResults from "../../src/Security/Membership/AuthorizationResults.js";
 import WSocket from "../../src/Net/Sockets/WSocket.js";
 import MemoryStore from "../../src/Stores/MemoryStore.js";
 import DC from "../../src/Data/DC.js";
@ -13,6 +14,12 @@ import TypedMap from "../../src/Data/TypedMap.js";
 import { Arg, Evt, Func, Prop, TemplateDescriber } from "../../src/Resource/Template/TemplateDescriber.js";
 import { Int32 } from "../../src/Data/ExtendedTypes.js";

+import AuthorizationResultsResponse from "../../src/Security/Membership/AuthorizationResultsResponse.js";
+import IIPAuthPacketIAuthDestination from '../../src/Net/Packets/IIPAuthPacketIAuthDestination.js';
+import IIPAuthPacketIAuthFormat from '../../src/Net/Packets/IIPAuthPacketIAuthFormat.js';
+import IIPAuthPacketHeader from '../../src/Net/Packets/IIPAuthPacketHeader.js';
+import Codec from '../../src/Data/Codec.js';
+
 const require = createRequire(import.meta.url);


@ -31,6 +38,64 @@ class MyMembership extends IMembership {
  getPassword(username, domain) {
    return new AsyncReply(DC.stringToBytes("1234"));
  }
+
+  authorize(session){
+
+    let results = new AuthorizationResults();
+
+    if (session.authorizedAccount == "admin")
+    {
+      results.clue = "What is 5 + 2 ?";
+      results.destination = IIPAuthPacketIAuthDestination.Self;
+      results.requiredFormat = IIPAuthPacketIAuthFormat.Number;
+      results.response = AuthorizationResultsResponse.IAuthHashed;
+      results.expire = new Date(new Date().getTime() + 30000);
+      results.reference = Math.round(Math.random() * 100000);
+    }
+    else if (session.authorizedAccount == "demo")
+    {
+      results.clue = "What is 10 * 2 ?";
+      results.destination = IIPAuthPacketIAuthDestination.Self;
+      results.requiredFormat = IIPAuthPacketIAuthFormat.Number;
+      results.response = AuthorizationResultsResponse.IAuthPlain;
+      results.expire = new Date(new Date().getTime() + 30000);
+      results.reference = Math.round(Math.random() * 100000);
+    }
+    else {
+      results.response = AuthorizationResultsResponse.Success;
+    }
+
+    return new AsyncReply(results);
+  }
+
+  authorizeHashed(session, reference, algorithm, value){
+
+      // compute hash
+      let remoteNonce = session.remoteHeaders.get(IIPAuthPacketHeader.Nonce);
+      let localNonce = session.localHeaders.get(IIPAuthPacketHeader.Nonce);
+
+      var hashFunc = SHA256.Create();
+      // local nonce + password or token + remote nonce
+      var challenge = hashFunc.ComputeHash(new BinaryList()
+                                          .addUint8Array(remoteNonce)
+                                          .addUint8Array(Codec.compose(7, null)) // answer is 7
+                                          .addUint8Array(localNonce)
+                                          .toArray());
+
+      if (challenge.sequenceEqual(value))
+          return new AsyncReply(new AuthorizationResults(AuthorizationResultsResponse.Success));
+      else
+          return new AsyncReply(new AuthorizationResults(AuthorizationResultsResponse.Failed));
+
+  }
+
+  authorizePlain(session, reference, value) {
+      if (value == 20)
+        return new AsyncReply(new AuthorizationResults(AuthorizationResultsResponse.Success));
+      else
+        return new AsyncReply(new AuthorizationResults(AuthorizationResultsResponse.Failed));
+  }
+
 };

 var server;
@ -53,12 +118,12 @@ class MyChat extends IResource {
    }

    get users() {
-        return server.connections.map(x=>x.session.remoteAuthentication.username);
+        return server.connections.map(x=>x.session.authorizedAccount);
    }

    send(msg, sender)
    {
-      let s = new TypedMap({ msg, usr: sender.session.remoteAuthentication.username, date: new Date()});
+      let s = new TypedMap({ msg, usr: sender.session.authorizedAccount, date: new Date()});
      this.messages.push(s);
      this._emit("message", s);
    }
--- a/demo/chat/index.html
+++ b/demo/chat/index.html
@ -6,6 +6,15 @@
            var service;
            let $ = document.querySelector;

+            function authenticator(x)
+            {
+                debugger;
+                let challenge = prompt(x.clue);
+                if (challenge != null) {
+                    return new Esiur.Core.AsyncReply(parseInt(challenge));
+                }
+            }
+
            async function connect(){

                let status = document.getElementById("status");
@ -15,7 +24,7 @@

                try {
                    status.innerHTML = "Connecting...";
-                    service = await wh.get("iip://localhost:8001/chat", {username, password: "1234", autoReconnect: true});
+                    service = await wh.get("iip://localhost:8001/sys/chat", {username, password: "1234", autoReconnect: true, authenticator: authenticator});
                    login.style.display = "none";
                    service.on("message", appendMessage)
                           .on(":title", updateTitle)