diff options
Diffstat (limited to 'contrib/epee/include/net/http_auth.h')
| -rw-r--r-- | contrib/epee/include/net/http_auth.h | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/contrib/epee/include/net/http_auth.h b/contrib/epee/include/net/http_auth.h new file mode 100644 index 000000000..bf368e6f4 --- /dev/null +++ b/contrib/epee/include/net/http_auth.h @@ -0,0 +1,170 @@ +// Copyright (c) 2014-2017, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +#pragma once + +#include <boost/optional/optional.hpp> +#include <boost/utility/string_ref.hpp> +#include <cstdint> +#include <functional> +#include <string> +#include <utility> + +#include "http_base.h" + +#undef MONERO_DEFAULT_LOG_CATEGORY +#define MONERO_DEFAULT_LOG_CATEGORY "net.http" + +namespace epee +{ +namespace net_utils +{ + namespace http + { + struct login + { + login() : username(), password() {} + login(std::string username_, std::string password_) + : username(std::move(username_)), password(std::move(password_)) + {} + + std::string username; + std::string password; + }; + + //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added. + class http_server_auth + { + public: + struct session + { + session(login credentials_) + : credentials(std::move(credentials_)), nonce(), counter(0) + {} + + login credentials; + std::string nonce; + std::uint32_t counter; + }; + + http_server_auth() : user() {} + http_server_auth(login credentials); + + //! \return Auth response, or `boost::none` iff `request` had valid auth. + boost::optional<http_response_info> get_response(const http_request_info& request) + { + if (user) + return do_get_response(request); + return boost::none; + } + private: + boost::optional<http_response_info> do_get_response(const http_request_info& request); + + boost::optional<session> user; + }; + + //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added. + class http_client_auth + { + public: + enum status : std::uint8_t { kSuccess = 0, kBadPassword, kParseFailure }; + + struct session + { + session(login credentials_) + : credentials(std::move(credentials_)), server(), counter(0) + {} + + struct keys + { + using algorithm = + std::function<std::string(const session&, boost::string_ref, boost::string_ref)>; + + keys() : nonce(), opaque(), realm(), generator() {} + keys(std::string nonce_, std::string opaque_, std::string realm_, algorithm generator_) + : nonce(std::move(nonce_)) + , opaque(std::move(opaque_)) + , realm(std::move(realm_)) + , generator(std::move(generator_)) + {} + + std::string nonce; + std::string opaque; + std::string realm; + algorithm generator; + }; + + login credentials; + keys server; + std::uint32_t counter; + }; + + http_client_auth() : user() {} + http_client_auth(login credentials); + + /*! + Clients receiving a 401 response code from the server should call this + function to process the server auth. Then, before every client request, + `get_auth_field()` should be called to retrieve the newest + authorization request. + + \return `kBadPassword` if client will never be able to authenticate, + `kParseFailure` if all server authentication responses were invalid, + and `kSuccess` if `get_auth_field` is ready to generate authorization + fields. + */ + status handle_401(const http_response_info& response) + { + if (user) + return do_handle_401(response); + return kBadPassword; + } + + /*! + After calling `handle_401`, clients should call this function to + generate an authentication field for every request. + + \return A HTTP "Authorization" field if `handle_401(...)` previously + returned `kSuccess`. + */ + boost::optional<std::pair<std::string, std::string>> get_auth_field( + const boost::string_ref method, const boost::string_ref uri) + { + if (user) + return do_get_auth_field(method, uri); + return boost::none; + } + + private: + status do_handle_401(const http_response_info&); + boost::optional<std::pair<std::string, std::string>> do_get_auth_field(boost::string_ref, boost::string_ref); + + boost::optional<session> user; + }; + } +} +} |