From ec22e5eba7c57cb32ecbda6a6f2e3e8139ed2cf4 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Fri, 2 Nov 2018 15:16:30 +0200 Subject: [PATCH] Add /auth/ping and prepare for frontend dev --- maubot/management/api/auth.py | 21 ++++++++++++++++-- maubot/management/api/middleware.py | 2 +- maubot/management/api/spec.yaml | 19 +++++++++++++++- maubot/management/frontend/package.json | 3 ++- maubot/management/frontend/public/favicon.ico | Bin 14846 -> 0 bytes maubot/management/frontend/public/index.html | 2 +- 6 files changed, 41 insertions(+), 6 deletions(-) delete mode 100644 maubot/management/frontend/public/favicon.ico diff --git a/maubot/management/api/auth.py b/maubot/management/api/auth.py index b813a7c..fe3fe40 100644 --- a/maubot/management/api/auth.py +++ b/maubot/management/api/auth.py @@ -22,7 +22,7 @@ from mautrix.types import UserID from mautrix.util.signed_token import sign_token, verify_token from .base import routes, get_config -from .responses import ErrBadAuth, ErrBodyNotJSON +from .responses import ErrBadAuth, ErrBodyNotJSON, ErrNoToken, ErrInvalidToken def is_valid_token(token: str) -> bool: @@ -38,7 +38,24 @@ def create_token(user: UserID) -> str: }) -@routes.post("/login") +@routes.post("/auth/ping") +async def ping(request: web.Request) -> web.Response: + token = request.headers.get("Authorization", "") + if not token or not token.startswith("Bearer "): + return ErrNoToken + + data = verify_token(get_config()["server.unshared_secret"], token[len("Bearer "):]) + if not data: + return ErrInvalidToken + user = data.get("user_id", None) + if not get_config().is_admin(user): + return ErrInvalidToken + return web.json_response({ + "username": user, + }) + + +@routes.post("/auth/login") async def login(request: web.Request) -> web.Response: try: data = await request.json() diff --git a/maubot/management/api/middleware.py b/maubot/management/api/middleware.py index fa5b93a..27185c0 100644 --- a/maubot/management/api/middleware.py +++ b/maubot/management/api/middleware.py @@ -24,7 +24,7 @@ Handler = Callable[[web.Request], Awaitable[web.Response]] @web.middleware async def auth(request: web.Request, handler: Handler) -> web.Response: - if request.path.endswith("/login"): + if "/auth/" in request.path: return await handler(request) token = request.headers.get("Authorization", "") if not token or not token.startswith("Bearer "): diff --git a/maubot/management/api/spec.yaml b/maubot/management/api/spec.yaml index e89f18b..75ec865 100644 --- a/maubot/management/api/spec.yaml +++ b/maubot/management/api/spec.yaml @@ -12,7 +12,7 @@ servers: - url: /_matrix/maubot/v1 paths: - /login: + /auth/login: post: operationId: login summary: Log in with the unshared secret or username+password @@ -45,6 +45,23 @@ paths: type: string 401: description: Invalid credentials + /auth/ping: + post: + operationId: ping + summary: Check if the given token is valid + tags: [Authentication] + responses: + 200: + description: Token is OK + content: + application/json: + schema: + type: object + properties: + username: + type: string + 401: + description: Token is not OK /plugins: get: diff --git a/maubot/management/frontend/package.json b/maubot/management/frontend/package.json index e02b7a0..c5cf653 100644 --- a/maubot/management/frontend/package.json +++ b/maubot/management/frontend/package.json @@ -21,5 +21,6 @@ "last 3 and_chr versions", "last 2 safari versions", "last 2 ios_saf versions" - ] + ], + "proxy": "http://localhost:29316" } diff --git a/maubot/management/frontend/public/favicon.ico b/maubot/management/frontend/public/favicon.ico deleted file mode 100644 index c74a967fe3a1a6d629541e1db50e062f9c7edbc3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14846 zcmeHN2Ut{B_W!9Uf?}l%7DUB{9RU>;X%0xh(Lq5<24TPi6dN$kP==25K4M1^EGSqI z1qB;+F&b;4l2{T;G}$D^B)i|Y$^YEBxwaz55m z*ck4KjS*fbjt#-u*iclZFGE$va+Ib;pdvFIRavXBKRX-;bHXW&!2X;F9N`ENnK$CJDMwRH8HIA3Jzk4*T&TnO6Lq+7@)$0hI)=-Q4QM)Z9JkNb;r6*Y+&Om? zcg`QfCls!pKaJDZ?%>q5PjLGBr)a!>7mYXW;S7bdHz~b&A7^jf$2l%EM*u zaI~K}-DaxwXxmxBxeJq0GjcQ5B(IL}63t0*n(Y}WQ$)*UvK3-?tNGc^zA`m@7MPDq zPn#4LwM-TszA93_e1iV_MR|6XZr&^3b8(&LF|=!MNs%h9Z!gpFL(B#b>e*4Z50w*) z^q|#6yK{$5I^9?~zF!X=HQJVSiPpW3AMp}{3UTv~>WduwpGI3CrTGEu)N8C$oNpn~SphV8j%C@(;1 zSs6-q?!t~ed$F@>KepE#N5#P!>^X82)fL-OTeTDQ2lwF6(R!5aYs8MqOW0Z0h`ls7 zR-L$j1IN$eV8dk`t-FPNCokYo<7L#JK7+b*S5SZX2F~o=h?9r+;nE?R^XhAG;Y2My zK7IgA2fjno>0`Kd?gTeyUA}f5mv7(4Cs!}v+VvaUoYZvpAwK@>OWb(yl$(=2d;S-E z{^C14x^opzzIuu0PafmZ*RSy8yC3oF`=9Xa)z5hS{a^6vhad3c>%Y;Q^h=wI@hW6jOSjF~uj`t;c|rV}QP9W!Rs$f2{RPO`OiahWsE%g4vZd!fhN zIj(bDTx>0^XX#puww&hT;yP#UToI87(=4rRt>2$wX>G$5HIcRTj1kjpB{N2I1Xm5& zW`=FQzHY8Wx8=n(6)q-y416UEW(=ApW=*%iq^p6cuf)&Q%v@weL>t@Dww5j~Gx~Sx z%;*w{y`G7{%GP$^w1GAQZA`j%)FQecqxb2o)kUwLp^1@kH|>sE9G&CW@2RELK})M6 zL5o47$AIWXbtJksBPFE0{l8%`CEu7!L`wRT!p;I0F=Z^Q63kBG-U&}$2>qzN-Rne!>~DN1vaP2u`}@l>`J8d zZA}>VrY%F+npN15wu<}+TIcd(ae(}Y>O2{03ZrPfi$!8e3bNP4BR3-%dFe?g%t^<_ z+*IV}<)EM-A9-unL$!WA64#a@bwfFFN_Hc+v=aGc`>?UJ92?7aW6Q3+Q0+Vb)vju6 z*;k8_{YSC0C zd-h@1-b!rSdl1_XHDLDTo44*H+-%v4gnA*2`11XuNV0 zXRqDn_V*XB-@&Cj&A9Z*=eT*P5x1{j!~N!Fur>43v#)90`~shS{s1>0K1K7xNBH#1 z7ifO|4L+y6{KH#U@Zj!kJpSSfJb6z0`Dah@;^j+zE&cX2x0XJqwe(xs+kgM^IbOZ| zJ6^q_HT9>T@zc*g+0a(U^jDG8_cw`vvY8L@BPKH4+I8=hDJt4{fvwZ4Gk&o$8tvfjHzU3sBb?{;7u#q z?_r?dxZ!=L@R(|CGi{oU&D5z=r&!xq+f1Hn-Cxi@R_G~Wm^*(_fHW{5Kq{36NCOtl z7l}n87op>F?rlqb= zN|-Uk)5t{ ztFzW4Dt9B41to}!uWH%96w{e!ez>37C-*^#!VlSzLCB0+iZwCeNKwj>7QGUAF|==q zU5pKJOHdl^kL^k+G9`DBC;k$tiLpqdP?(~iJ8d!Ud@cC=po~NG9NKcn#<4i>{E>^9_mBZz@Qnv?}_I{5m zCy(Gt<1ySgeHe|6XK?v)6Hb406DKd-!$~>=WoMl1T$Am8ZhdqKH*Va-^-r5|_wGGz z4|Id}KWy)F=kaqiKYD_@PhO(=8NdH|`uSbFc-)MKkH5gfC(rQZ^A~vb^eJA_9_aBm zuke)46P|znBVK>^4Y%+4iS|8z{qYC<{KMbh?RzxO+JA9c{9lZsq9RpcVGct!7Z>Cg zs#HXM!{(xb?BuwZ$jFF@2ybt0J@6v%ivbZLA|fMW<1%szm|Rizs(B(8XXjbYvk1;Y z=k^dX3elZ~LTAz31u;2sb9xvG+QPVPfy*-rPwipoQ8>?-ouK|Pxb<8aG)}N|*&oFy z({!7uy-i2Dxs7ylAK~UU!rgs@tGoMq?@@4fcXKDYtNSQdcd8xb>Nd(uu&mfN*lr>n zicFk1ew?MHrIm%1HEkEIr&%))!P3ggf&93>A84VBB~GDUn+>YA)I z47s^$)?}qpnwk=?pgKA6gak{(_6bUd&?p84Au2v4uRU^;qKVA?6;aU&sa0#h+Eqq9jDvVw$|RCuZd4cN=Z#!ladr4ui<5Bu)V!F zSP|?{yrM(D)gMTtp}`Izt@WIFZHjWSt&|m`ZHtTF_m|o_*xOT=qnN2}!1sy>!FEn^ zg}<#sRIWpDagbC(nk5oeOCp3QIUn;W)!C79@#vvJi&BVRCie4Fj{r5m1ZcRJgt{@g zlYMBE!goLqvkV9E2gSw74i5IgY#=x;V&X(7R+|$nCgI>Qri0B?$x6DVlc$J7xY6XS zkn>#ayAl;T$<%zfnTmUE7WvsrCDHNmYIR&g6t#uiw)Y4(HGhscRXW8!B{xZ-;94Ou zYDjH6FC=&9Eil*cE5%Vk6K163CMqP3T(#OF8Y|wYs8HKJ-Fmk0XE`{`G?^Hm8y{-R z>z7Grto@_p_Ecmx22bj(r^on*^Y$0yrwtkylAv(#<v_lm(Hj0ogVm3sfPGh?3 z>FKoUr#{CGGPMbD)TXPzVBa}JK3Q8Hsy$V%kV_`@=|&q%;%^zB;^MSHgZg&rW72n; zAG64&OQ>vemr#YawnVJmmy|PsHu{THX{JL=P1$>uUSp;?`c2mUFhaYtMAAh|OJ7Gv zy=x_YGxhiv7pD&zX+D?<=nT^7rQdh-z%Bzj(!n| z9z1{h{-zBwH|Go@7FMs}W$pc@e&bPYBh(eYo#?b)UmDMJ;vfFojB2WGkCyAJ=GW+F z_P-6?-_`%y{CZ5k`hMW;c~d_pr>l|v|Mhcbwer7Zzox$$7D{#LVlXk5d&~Y&f*u+O z^ytS$Jp_7c;-ELj$8A)5xVm!Xks7L-=K12r(>?4>xV}MJx^zU#{Z?Q$c;qk+BPpf7 z8U4*zrUfI04KrR!s(GX@rxl3>4$CRKTwS6>on0PYpkeK@V#PB}COzvT+#bvCV{1H}9Y{rVfO7cZ zq^}M|hGHp_qa%r&q}XQK$^Vrf4a)MoF+eE*PnCb;$Gh67lg$WXDG!D=CJ1 zC!LohM_GI@b|i&jSJDUEd+F_2G1!;2lKbX|`L;(??A>%M;uGSLuqFeUsfmcsU5E7C z0wfo0MjrXG2{~kM@(Co-Iep6da-?tE!TGYh4_n3iue*8wbyHOxwj4N$^87^XqI3GH z4Vm1xLCj~ZFUi2Rs>3Ly^Y{9y?WnFkgxcC8XlS5v@n2BB{Uh>EPhv;yDO4PzZ+FNy zJyg}q`KML%uDXVu!=Gv5&fwYkJLik;%*WZ?g*dyfgnZHsXsRy3xoYxDtGD9vk=60i_5qQ8^XSAx=uF=pIJ?Xi6MTGpeSQ7>=r8f39K(EHBKnAD&vuzT+u6lg z=;&xSeTwe9Sk*iinUcPBW1vK?Ow7p1%gf<@6y?$J4vW}XKu&6ck{Facb7UmFS(@#b zneN!~eH>q*OvvKSgt#cLHJ=)%mgL!}EqSC^n6Hxeah1xrDouSG4Xk|*$#F87R3pi! zQXj`25|wJ1Ru?;GAL^~IUkigWE+s2VZ9a)J!wDMwEHCvDIyn0HI?7dE9XfUzKFiU; z$;r`P7{KZ{DB}{784?pTJ=WBa<&k0sM=|lr#X?ouh>o4#m(yrSWm0FS786>z-^wZd z9Uc866$+}5+No68GZ)JIog5vVXdwTHxYX6bHBu=H@Ci^RCz5=Ti@(&tRT|)G|HhSg zt6`2Hb#e-jDW$W!&2W_FB$K>qp0Cu0s+7Lozb(;@>T6GzOBN}dY!ntD%v$Y8^1iMC zV*j>-+fJZeL8>-VsBJ6=%Ww=3N=bh8Ebm#f{z%VdGFPVnIslWq>KI!Hma10H3S`r2 zrlXIutMBg{puWAy5UIbE-Q@n=23uN_yn0fO@8v}AN!!`^I|cq$kWL?HA+k0mc^i{21U-&HneOjFY!rL`u4I{ z(tS=n^p^f3B~qo-S=&g!e}_vkIl$w`nY#ZIj)QSMD$N~x2Mkw9R@+Sl}d zk;5#o(%G%U;%{d{r?$qH)@|A^l&{VR)rWU-qAb#B zwx;<=dm&w@9?mkkj~=@_3GztSo&)GiSD&-LrF}MxVFm-8WD42r*5}W^hdtdV-R)%x zaaTu9TIOf3-B(~B5EvM9d z+;051_KhbDuyN4sZ_?9=W+8S+E2LKCE+nc5(9;Wu^mWoTG14c~1@v{5!Q1izD>I}1 zq~2(N?sO*~8at=1Lb=?zd+z{+w0Bp>={f_9m@tDGFW;{JO9j?e+TGdNp{I^Xe?zWqPTs)4?Ct&=TZ=>%tOdqrXxO)ZKY9nPqob{DV$#1a zeW1tpoTVE3-)x`BtH+1w(5FB9qJcWhwW^6&9e4k<+<*M|tJ^0r#?T5*7tvS;Sj6GC z?VrSnax7{-wLK)m^tM>{_WcuTY;7$fc{P|g1wNrxc}dAue4z5)ev4)xX43w%zk7Hr>o3)cS{tY8}ktOYZIS?z?FkfmH8?wj8jLo0Mn)#pW zKf8X`mXjt;vY2FH!BQ5eWMRo?S}2T4-EXsgFnQKKX=p`DVUB1H{h2^(CCjzW-@JTq zD8DnN-7dHBWf5V?T#ME%Gf(2. - +