mirror of
https://github.com/monero-project/monero.git
synced 2024-12-30 15:16:14 -05:00
174 lines
5.7 KiB
C++
174 lines
5.7 KiB
C++
// Copyright (c) 2014-2022, The Monero Project
|
|
//
|
|
// All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without modification, are
|
|
// permitted provided that the following conditions are met:
|
|
//
|
|
// 1. Redistributions of source code must retain the above copyright notice, this list of
|
|
// conditions and the following disclaimer.
|
|
//
|
|
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
|
|
// of conditions and the following disclaimer in the documentation and/or other
|
|
// materials provided with the distribution.
|
|
//
|
|
// 3. Neither the name of the copyright holder nor the names of its contributors may be
|
|
// used to endorse or promote products derived from this software without specific
|
|
// prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
|
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
|
|
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
|
|
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
#pragma once
|
|
|
|
#include <boost/optional/optional.hpp>
|
|
#include <boost/utility/string_ref.hpp>
|
|
#include <cstdint>
|
|
#include <functional>
|
|
#include <string>
|
|
#include <utility>
|
|
#include "wipeable_string.h"
|
|
#include "http_base.h"
|
|
|
|
#undef MONERO_DEFAULT_LOG_CATEGORY
|
|
#define MONERO_DEFAULT_LOG_CATEGORY "net.http"
|
|
|
|
namespace epee
|
|
{
|
|
namespace net_utils
|
|
{
|
|
namespace http
|
|
{
|
|
struct login
|
|
{
|
|
login() : username(), password() {}
|
|
login(std::string username_, wipeable_string password_)
|
|
: username(std::move(username_)), password(std::move(password_))
|
|
{}
|
|
|
|
std::string username;
|
|
wipeable_string password;
|
|
};
|
|
|
|
//! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
|
|
class http_server_auth
|
|
{
|
|
public:
|
|
struct session
|
|
{
|
|
session(login credentials_)
|
|
: credentials(std::move(credentials_)), nonce(), counter(0)
|
|
{}
|
|
|
|
login credentials;
|
|
std::string nonce;
|
|
std::uint32_t counter;
|
|
};
|
|
|
|
http_server_auth() : user(), rng() {}
|
|
http_server_auth(login credentials, std::function<void(size_t, uint8_t*)> r);
|
|
|
|
//! \return Auth response, or `boost::none` iff `request` had valid auth.
|
|
boost::optional<http_response_info> get_response(const http_request_info& request)
|
|
{
|
|
if (user)
|
|
return do_get_response(request);
|
|
return boost::none;
|
|
}
|
|
|
|
private:
|
|
boost::optional<http_response_info> do_get_response(const http_request_info& request);
|
|
|
|
boost::optional<session> user;
|
|
|
|
std::function<void(size_t, uint8_t*)> rng;
|
|
};
|
|
|
|
//! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
|
|
class http_client_auth
|
|
{
|
|
public:
|
|
enum status : std::uint8_t { kSuccess = 0, kBadPassword, kParseFailure };
|
|
|
|
struct session
|
|
{
|
|
session(login credentials_)
|
|
: credentials(std::move(credentials_)), server(), counter(0)
|
|
{}
|
|
|
|
struct keys
|
|
{
|
|
using algorithm =
|
|
std::function<std::string(const session&, boost::string_ref, boost::string_ref)>;
|
|
|
|
keys() : nonce(), opaque(), realm(), generator() {}
|
|
keys(std::string nonce_, std::string opaque_, std::string realm_, algorithm generator_)
|
|
: nonce(std::move(nonce_))
|
|
, opaque(std::move(opaque_))
|
|
, realm(std::move(realm_))
|
|
, generator(std::move(generator_))
|
|
{}
|
|
|
|
std::string nonce;
|
|
std::string opaque;
|
|
std::string realm;
|
|
algorithm generator;
|
|
};
|
|
|
|
login credentials;
|
|
keys server;
|
|
std::uint32_t counter;
|
|
};
|
|
|
|
http_client_auth() : user() {}
|
|
http_client_auth(login credentials);
|
|
|
|
/*!
|
|
Clients receiving a 401 response code from the server should call this
|
|
function to process the server auth. Then, before every client request,
|
|
`get_auth_field()` should be called to retrieve the newest
|
|
authorization request.
|
|
|
|
\return `kBadPassword` if client will never be able to authenticate,
|
|
`kParseFailure` if all server authentication responses were invalid,
|
|
and `kSuccess` if `get_auth_field` is ready to generate authorization
|
|
fields.
|
|
*/
|
|
status handle_401(const http_response_info& response)
|
|
{
|
|
if (user)
|
|
return do_handle_401(response);
|
|
return kBadPassword;
|
|
}
|
|
|
|
/*!
|
|
After calling `handle_401`, clients should call this function to
|
|
generate an authentication field for every request.
|
|
|
|
\return A HTTP "Authorization" field if `handle_401(...)` previously
|
|
returned `kSuccess`.
|
|
*/
|
|
boost::optional<std::pair<std::string, std::string>> get_auth_field(
|
|
const boost::string_ref method, const boost::string_ref uri)
|
|
{
|
|
if (user)
|
|
return do_get_auth_field(method, uri);
|
|
return boost::none;
|
|
}
|
|
|
|
private:
|
|
status do_handle_401(const http_response_info&);
|
|
boost::optional<std::pair<std::string, std::string>> do_get_auth_field(boost::string_ref, boost::string_ref);
|
|
|
|
boost::optional<session> user;
|
|
};
|
|
}
|
|
}
|
|
}
|