From 09417b5147cbb770907798036ffbfca8648d0da5 Mon Sep 17 00:00:00 2001 From: cheddar Date: Mon, 17 Feb 2025 21:03:31 -0500 Subject: [PATCH] Generate a random key ID on registration --- go.mod | 1 + go.sum | 2 ++ main.go | 31 +++++++++++++++++++++++----- server/server.go | 15 ++++++++++---- sqlite_directory/sqlite_directory.go | 8 ++++++- 5 files changed, 47 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 609cdf6..d20d041 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.23.4 require ( github.com/common-fate/httpsig v0.2.1 + github.com/google/uuid v1.6.0 github.com/opencontainers/go-digest v1.0.0 golang.org/x/crypto v0.33.0 ) diff --git a/go.sum b/go.sum index eb48b0d..9aae5ae 100644 --- a/go.sum +++ b/go.sum @@ -4,6 +4,8 @@ github.com/dunglas/httpsfv v1.0.2 h1:iERDp/YAfnojSDJ7PW3dj1AReJz4MrwbECSSE59JWL0 github.com/dunglas/httpsfv v1.0.2/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= diff --git a/main.go b/main.go index 5b11a21..6c8773c 100644 --- a/main.go +++ b/main.go @@ -21,6 +21,8 @@ import ( func main() { useClient := flag.Bool("c", false, "Run client") + keyId := flag.String("id", "", "The key id to pass") + register := flag.Bool("r", false, "Register a key") user := flag.String("user", "", "Username to register") @@ -32,12 +34,12 @@ func main() { flag.Parse() if *useClient { - if *keyPath == "" || *user == "" { + if *keyPath == "" || *keyId == "" { flag.PrintDefaults() return } - runClient(*keyPath, *user, *simulateCaddy) + runClient(*keyPath, *keyId, *simulateCaddy) } else if *register { if *keyPath == "" || *user == "" { flag.PrintDefaults() @@ -50,7 +52,7 @@ func main() { } } -func runClient(keyFile string, user string, simulateCaddy bool) { +func runClient(keyFile string, keyId string, simulateCaddy bool) { testData := map[string]string{"hello": "world"} json_data, _ := json.Marshal(testData) @@ -60,7 +62,7 @@ func runClient(keyFile string, user string, simulateCaddy bool) { log.Fatal(err) } - client, err := client.GetSigningClient(key, user) + client, err := client.GetSigningClient(key, keyId) if err != nil { log.Fatal(err) @@ -135,5 +137,24 @@ func registerKey(keyFile string, userId string) { json_data, _ := json.Marshal(request) - http.DefaultClient.Post("http://localhost:8080/register", "application/json", bytes.NewBuffer(json_data)) + resp, err := http.DefaultClient.Post( + "http://localhost:8080/register", + "application/json", + bytes.NewBuffer(json_data)) + + if err != nil { + log.Fatal(err) + } + + defer resp.Body.Close() + + out, err := io.ReadAll(resp.Body) + + if err != nil { + log.Fatal(err) + } + + fmt.Println(resp.StatusCode) + fmt.Println(resp.Header) + fmt.Println(string(out[:])) } diff --git a/server/server.go b/server/server.go index 6d3e558..cbd367a 100644 --- a/server/server.go +++ b/server/server.go @@ -56,10 +56,10 @@ func getDefaultHandler(isCaddyAuth bool) http.Handler { if isCaddyAuth { w.Header().Add("Remote-User", attr) - } else { - msg := fmt.Sprintf("hello, %s!", attr) - w.Write([]byte(msg)) } + + msg := fmt.Sprintf("hello, %s!", attr) + w.Write([]byte(msg)) } return http.HandlerFunc(handler) @@ -90,7 +90,14 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand fmt.Printf("Registering %s key for %s\n", alg, request.UserId) - keyDir.RegisterKey(key, alg, request.UserId) + keyId, err := keyDir.RegisterKey(key, alg, request.UserId) + + if err != nil { + http.Error(w, fmt.Sprintf("Server error - %s", err), 500) + return + } + + w.Write([]byte(keyId)) } return http.HandlerFunc(handler) diff --git a/sqlite_directory/sqlite_directory.go b/sqlite_directory/sqlite_directory.go index a1a362a..0b8f625 100644 --- a/sqlite_directory/sqlite_directory.go +++ b/sqlite_directory/sqlite_directory.go @@ -9,6 +9,7 @@ import ( "github.com/common-fate/httpsig/alg_ed25519" "github.com/common-fate/httpsig/verifier" + "github.com/google/uuid" "crispbyte.dev/sig-auth/keydirectory" ) @@ -41,7 +42,12 @@ func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string) } func (dir InMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) { - keyId := userId + uuid, err := uuid.NewRandom() + keyId := uuid.String() + + if err != nil { + return "", err + } dir.records[keyId] = keydirectory.KeyEntry{ Alg: alg,