cheddar/sig-auth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Generate a random key ID on registration

Browse source
This commit is contained in:
cheddar 2025-02-17 21:03:31 -05:00
parent 949d1fc2ad
commit 09417b5147
No known key found for this signature in database
5 changed files with 47 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

1
go.mod
View file

@ -4,6 +4,7 @@ go 1.23.4
require ( require (
github.com/common-fate/httpsig v0.2.1 github.com/common-fate/httpsig v0.2.1
github.com/google/uuid v1.6.0
github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/go-digest v1.0.0
golang.org/x/crypto v0.33.0 golang.org/x/crypto v0.33.0
) )

2
go.sum
View file

@ -4,6 +4,8 @@ github.com/dunglas/httpsfv v1.0.2 h1:iERDp/YAfnojSDJ7PW3dj1AReJz4MrwbECSSE59JWL0
github.com/dunglas/httpsfv v1.0.2/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg= github.com/dunglas/httpsfv v1.0.2/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=

31
main.go
View file

@ -21,6 +21,8 @@ import (
func main() { func main() {
useClient := flag.Bool("c", false, "Run client") useClient := flag.Bool("c", false, "Run client")
keyId := flag.String("id", "", "The key id to pass")
register := flag.Bool("r", false, "Register a key") register := flag.Bool("r", false, "Register a key")
user := flag.String("user", "", "Username to register") user := flag.String("user", "", "Username to register")
@ -32,12 +34,12 @@ func main() {
flag.Parse() flag.Parse()
if *useClient { if *useClient {
if *keyPath == "" || *user == "" { if *keyPath == "" || *keyId == "" {
flag.PrintDefaults() flag.PrintDefaults()
return return
} }
runClient(*keyPath, *user, *simulateCaddy) runClient(*keyPath, *keyId, *simulateCaddy)
} else if *register { } else if *register {
if *keyPath == "" || *user == "" { if *keyPath == "" || *user == "" {
flag.PrintDefaults() flag.PrintDefaults()
@ -50,7 +52,7 @@ func main() {
} }
} }
func runClient(keyFile string, user string, simulateCaddy bool) { func runClient(keyFile string, keyId string, simulateCaddy bool) {
testData := map[string]string{"hello": "world"} testData := map[string]string{"hello": "world"}
json_data, _ := json.Marshal(testData) json_data, _ := json.Marshal(testData)
@ -60,7 +62,7 @@ func runClient(keyFile string, user string, simulateCaddy bool) {
log.Fatal(err) log.Fatal(err)
} }
client, err := client.GetSigningClient(key, user) client, err := client.GetSigningClient(key, keyId)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -135,5 +137,24 @@ func registerKey(keyFile string, userId string) {
json_data, _ := json.Marshal(request) json_data, _ := json.Marshal(request)
http.DefaultClient.Post("http://localhost:8080/register", "application/json", bytes.NewBuffer(json_data)) resp, err := http.DefaultClient.Post(
"http://localhost:8080/register",
"application/json",
bytes.NewBuffer(json_data))
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
out, err := io.ReadAll(resp.Body)
if err != nil {
log.Fatal(err)
}
fmt.Println(resp.StatusCode)
fmt.Println(resp.Header)
fmt.Println(string(out[:]))
} }

15
server/server.go
View file

@ -56,10 +56,10 @@ func getDefaultHandler(isCaddyAuth bool) http.Handler {
if isCaddyAuth { if isCaddyAuth {
w.Header().Add("Remote-User", attr) w.Header().Add("Remote-User", attr)
} else {
msg := fmt.Sprintf("hello, %s!", attr)
w.Write([]byte(msg))
} }
msg := fmt.Sprintf("hello, %s!", attr)
w.Write([]byte(msg))
} }
return http.HandlerFunc(handler) return http.HandlerFunc(handler)
@ -90,7 +90,14 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand
fmt.Printf("Registering %s key for %s\n", alg, request.UserId) fmt.Printf("Registering %s key for %s\n", alg, request.UserId)
keyDir.RegisterKey(key, alg, request.UserId) keyId, err := keyDir.RegisterKey(key, alg, request.UserId)
if err != nil {
http.Error(w, fmt.Sprintf("Server error - %s", err), 500)
return
}
w.Write([]byte(keyId))
} }
return http.HandlerFunc(handler) return http.HandlerFunc(handler)

8
sqlite_directory/sqlite_directory.go
View file

@ -9,6 +9,7 @@ import (
"github.com/common-fate/httpsig/alg_ed25519" "github.com/common-fate/httpsig/alg_ed25519"
"github.com/common-fate/httpsig/verifier" "github.com/common-fate/httpsig/verifier"
"github.com/google/uuid"
"crispbyte.dev/sig-auth/keydirectory" "crispbyte.dev/sig-auth/keydirectory"
) )
@ -41,7 +42,12 @@ func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string)
} }
func (dir InMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) { func (dir InMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) {
keyId := userId uuid, err := uuid.NewRandom()
keyId := uuid.String()
if err != nil {
return "", err
}
dir.records[keyId] = keydirectory.KeyEntry{ dir.records[keyId] = keydirectory.KeyEntry{
Alg: alg, Alg: alg,