auth.old

command module

v0.0.0-...-457594c Latest Latest Go to latest Published: Mar 26, 2023 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mbivert/auth.old

Links

Open Source Insights

README ¶

Warning

This is an old prototype, written a while ago; do not use: passwords hashes aren't compared in constant time, IIRC the token update code is broken and could be simplified, etc.

General description

Auth is an authentication server for HTTP services. It works without password, using one-time tokens only.

One time-token reduces replay attacks. Note however that services using the auth are not required to chain the token each time.

You can see a demo at auth.awesom.eu. tags.awesom.eu may serve as a service example.

It's possible to use a password to connect to Auth, but not mandatory. However, connection through services must use token-authentification : this avoid the password being known to potentially malicious services.

Options

Here are the supported options:

(earth)% ./auth -help
Usage of ./auth:
  -conf="config.json": Configuration file

Configuration is detailled later.

Files description

Sample deployment : INSTALL

INSTALL describes how to completely setup a working AAS along with the example service.

API Description : API

This file contains description of the HTTP API provided by the AAS under /api/, plus some implementation details

Next steps : TODO

Contains what should/shall be done soon or later.

Certificates generation : genkey.sh

The genkey.sh use OpenSSL to generate a x509 certificate (default: cert.pem) and an associated private key (default: key.pem). It also copies those to example, and add the certificate in example/conf/.

The key is NOT password protected; Go seems to have trouble with that.

Configuration : config.json

Configuration file is in JSON. Bad configuration file results in undefined behavior(s). Fields are:

URL : URL for the auth server
Port : HTTP listening port for service
Name : Name of the auth service
AdminEmail : Email of the first administrator
DBConnect : Connection string for PostgreSQL
Mode : Service registration mode (either Automatic, Manual, Disable)
Timeout : Lifetime of a token, (seconds)
LenToken : Length of a token (bytes)
LenKey : Length of a service key (bytes)
VerifyCaptcha : Check captcha validity
SSL : Service accessible via HTTPs
Certificate : x509 certificate
PKey : Key associated to Certificate
SMTPServer : Server from which tokens are sent to users
SMTPPort : Port to use for SMTPServer
AuthEmail : Email for SMTPServer
AuthPasswd : Password for AuthEmail

The service registration mode can be either

Automatic : every services can register and get a key from /api/discover
Manual : every services can register. Getting key and activate done by an administrator.
Disable : no services can register

Sources

webauth.go

Main file. Contains the HTTP handlers.

auth.go

Contains the various function used for authentication. Usually called from webauth.go

database.go

Contains everything related to connecting and querying the database. Also, contains a shaky services cache.

Usually called from auth.go

utils.go

Contains some utility functions, mainly used in webauth.go

token.go

Token management. Action on tokens are represented by interface Msg, which contains a single process() method.

A goroutine ProcessMsg read actions one by one from a goroutine and the execute their process() method. This garantee nice concurrent access. A goroutine Timeouts is in charge of deleting token whose exceeded their lifetime. Both goroutine are launched in webauth.go:/^func main

The message sending is hidden in a few utility functions whithin this files.

config.go

Code to load the configuration file

common.go

Some common data structures and errors.

storexample/main.go

This is a sample service using a single AAS. Configured either in code or through the following options:

(earth)% ./storexample -help
Usage of ./storexample:
  -aas="https://localhost:8080/": AAS to use
  -data="./data/": Data directory
  -key="...": Service's key for the AAS
  -port="8081": Listening HTTP port
  -ssl=true: Use SSL

It's usable through a simple API:

/api/store?token=...&data=...

Check the token : info(token) to the AAS, and associate the user some data.

/api/store?token=...

Check the token : info(token) to the AAS, and retrieve the data associated to the user.

This server is intented to be used through the following one.

Certificate/key names are hardcoded:

cert.pem, key.pem : x509 pair for the service;
auth-cert.pem : certificate for the AAS.

example/main.go

This is a sample service, using multiple AAS configured through a conf/ directory. It starts by loading a set of authentication services from all the conf/*.conf files. Format is:

variable=name

Variables are:

url : URL to the auth server (eg. https://localhost:8080/)
key : key to identify the service to the AAS (eg. retrieved from /api/discover)
cert : name of the certificate of the AAS (will be searched in conf/)

A sample file can be found at example/conf/auth.conf.

It then starts a web server on https://localhost:8082 (-port to change port, SSL is default), from which a user can choose an authentication server and login.

Once login, the server establish a bridge with storexample through the AAS and use it to get/store user data.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cookie
example
storexample

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL