github
/
Cloudreve
mirror of https://github.com/cloudreve/Cloudreve
1
0
Fork 0
Code Issues Releases Wiki Activity

Modify: create Web Authn instance when needed

pull/247/head
HFO4 2020-02-23 15:50:41 +08:00
parent ce2a70df68
commit ef42ec3927
5 changed files with 34 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bootstrap/init.go
View File

@ -4,7 +4,6 @@ import (
model "github.com/HFO4/cloudreve/models" model "github.com/HFO4/cloudreve/models"
"github.com/HFO4/cloudreve/pkg/aria2" "github.com/HFO4/cloudreve/pkg/aria2"
"github.com/HFO4/cloudreve/pkg/auth" "github.com/HFO4/cloudreve/pkg/auth"
"github.com/HFO4/cloudreve/pkg/authn"
"github.com/HFO4/cloudreve/pkg/cache" "github.com/HFO4/cloudreve/pkg/cache"
"github.com/HFO4/cloudreve/pkg/conf" "github.com/HFO4/cloudreve/pkg/conf"
"github.com/HFO4/cloudreve/pkg/crontab" "github.com/HFO4/cloudreve/pkg/crontab"
@ -24,7 +23,6 @@ func Init(path string) {
cache.Init() cache.Init()
if conf.SystemConfig.Mode == "master" { if conf.SystemConfig.Mode == "master" {
model.Init() model.Init()
authn.Init()
task.Init() task.Init()
aria2.Init() aria2.Init()
email.Init() email.Init()

17
pkg/authn/auth.go
View File

@ -2,26 +2,15 @@ package authn
import ( import (
model "github.com/HFO4/cloudreve/models" model "github.com/HFO4/cloudreve/models"
"github.com/HFO4/cloudreve/pkg/util"
"github.com/duo-labs/webauthn/webauthn" "github.com/duo-labs/webauthn/webauthn"
"sync"
) )
var AuthnInstance *webauthn.WebAuthn // NewAuthnInstance 新建Authn实例
var Lock sync.RWMutex func NewAuthnInstance() (*webauthn.WebAuthn, error) {
// Init 初始化webauthn
func Init() {
Lock.Lock()
defer Lock.Unlock()
var err error
base := model.GetSiteURL() base := model.GetSiteURL()
AuthnInstance, err = webauthn.New(&webauthn.Config{ return webauthn.New(&webauthn.Config{
RPDisplayName: model.GetSettingByName("siteName"), // Display Name for your site RPDisplayName: model.GetSettingByName("siteName"), // Display Name for your site
RPID: base.Hostname(), // Generally the FQDN for your site RPID: base.Hostname(), // Generally the FQDN for your site
RPOrigin: base.String(), // The origin URL for WebAuthn requests RPOrigin: base.String(), // The origin URL for WebAuthn requests
}) })
if err != nil {
util.Log().Error("无法初始化WebAuthn, %s", err)
}
} }

7
pkg/authn/auth_test.go
View File

@ -10,8 +10,7 @@ func TestInit(t *testing.T) {
asserts := assert.New(t) asserts := assert.New(t)
cache.Set("setting_siteURL", "http://cloudreve.org", 0) cache.Set("setting_siteURL", "http://cloudreve.org", 0)
cache.Set("setting_siteName", "Cloudreve", 0) cache.Set("setting_siteName", "Cloudreve", 0)
asserts.NotPanics(func() { res, err := NewAuthnInstance()
Init() asserts.NotNil(res)
}) asserts.NoError(err)
asserts.NotNil(AuthnInstance)
} }

3
routers/controllers/admin.go
View File

@ -1,7 +1,6 @@
package controllers package controllers
import ( import (
"github.com/HFO4/cloudreve/pkg/authn"
"github.com/HFO4/cloudreve/pkg/request" "github.com/HFO4/cloudreve/pkg/request"
"github.com/HFO4/cloudreve/pkg/serializer" "github.com/HFO4/cloudreve/pkg/serializer"
"github.com/HFO4/cloudreve/service/admin" "github.com/HFO4/cloudreve/service/admin"
@ -64,8 +63,6 @@ func AdminGetGroups(c *gin.Context) {
func AdminReloadService(c *gin.Context) { func AdminReloadService(c *gin.Context) {
service := c.Param("service") service := c.Param("service")
switch service { switch service {
case "authn":
authn.Init()
} }
c.JSON(200, serializer.Response{}) c.JSON(200, serializer.Response{})

40
routers/controllers/user.go
View File

@ -23,9 +23,13 @@ func StartLoginAuthn(c *gin.Context) {
return return
} }
authn.Lock.RLock() instance, err := authn.NewAuthnInstance()
options, sessionData, err := authn.AuthnInstance.BeginLogin(expectedUser) if err != nil {
authn.Lock.RUnlock() c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
return
}
options, sessionData, err := instance.BeginLogin(expectedUser)
if err != nil { if err != nil {
c.JSON(200, ErrorResponse(err)) c.JSON(200, ErrorResponse(err))
@ -58,9 +62,13 @@ func FinishLoginAuthn(c *gin.Context) {
var sessionData webauthn.SessionData var sessionData webauthn.SessionData
err = json.Unmarshal(sessionDataJSON, &sessionData) err = json.Unmarshal(sessionDataJSON, &sessionData)
authn.Lock.RLock() instance, err := authn.NewAuthnInstance()
_, err = authn.AuthnInstance.FinishLogin(expectedUser, sessionData, c.Request) if err != nil {
authn.Lock.RUnlock() c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
return
}
_, err = instance.FinishLogin(expectedUser, sessionData, c.Request)
if err != nil { if err != nil {
c.JSON(200, serializer.Err(401, "登录验证失败", err)) c.JSON(200, serializer.Err(401, "登录验证失败", err))
@ -77,9 +85,13 @@ func FinishLoginAuthn(c *gin.Context) {
func StartRegAuthn(c *gin.Context) { func StartRegAuthn(c *gin.Context) {
currUser := CurrentUser(c) currUser := CurrentUser(c)
authn.Lock.RLock() instance, err := authn.NewAuthnInstance()
options, sessionData, err := authn.AuthnInstance.BeginRegistration(currUser) if err != nil {
authn.Lock.RUnlock() c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
return
}
options, sessionData, err := instance.BeginRegistration(currUser)
if err != nil { if err != nil {
c.JSON(200, ErrorResponse(err)) c.JSON(200, ErrorResponse(err))
@ -106,9 +118,13 @@ func FinishRegAuthn(c *gin.Context) {
var sessionData webauthn.SessionData var sessionData webauthn.SessionData
err := json.Unmarshal(sessionDataJSON, &sessionData) err := json.Unmarshal(sessionDataJSON, &sessionData)
authn.Lock.RLock() instance, err := authn.NewAuthnInstance()
credential, err := authn.AuthnInstance.FinishRegistration(currUser, sessionData, c.Request) if err != nil {
authn.Lock.RUnlock() c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
return
}
credential, err := instance.FinishRegistration(currUser, sessionData, c.Request)
if err != nil { if err != nil {
c.JSON(200, ErrorResponse(err)) c.JSON(200, ErrorResponse(err))