Generate a random key ID on registration
This commit is contained in:
parent
949d1fc2ad
commit
09417b5147
5 changed files with 47 additions and 10 deletions
1
go.mod
1
go.mod
|
|
@ -4,6 +4,7 @@ go 1.23.4
|
|||
|
||||
require (
|
||||
github.com/common-fate/httpsig v0.2.1
|
||||
github.com/google/uuid v1.6.0
|
||||
github.com/opencontainers/go-digest v1.0.0
|
||||
golang.org/x/crypto v0.33.0
|
||||
)
|
||||
|
|
|
|||
2
go.sum
2
go.sum
|
|
@ -4,6 +4,8 @@ github.com/dunglas/httpsfv v1.0.2 h1:iERDp/YAfnojSDJ7PW3dj1AReJz4MrwbECSSE59JWL0
|
|||
github.com/dunglas/httpsfv v1.0.2/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
|
||||
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
|
||||
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
|
||||
golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
|
||||
|
|
|
|||
31
main.go
31
main.go
|
|
@ -21,6 +21,8 @@ import (
|
|||
func main() {
|
||||
useClient := flag.Bool("c", false, "Run client")
|
||||
|
||||
keyId := flag.String("id", "", "The key id to pass")
|
||||
|
||||
register := flag.Bool("r", false, "Register a key")
|
||||
|
||||
user := flag.String("user", "", "Username to register")
|
||||
|
|
@ -32,12 +34,12 @@ func main() {
|
|||
flag.Parse()
|
||||
|
||||
if *useClient {
|
||||
if *keyPath == "" || *user == "" {
|
||||
if *keyPath == "" || *keyId == "" {
|
||||
flag.PrintDefaults()
|
||||
return
|
||||
}
|
||||
|
||||
runClient(*keyPath, *user, *simulateCaddy)
|
||||
runClient(*keyPath, *keyId, *simulateCaddy)
|
||||
} else if *register {
|
||||
if *keyPath == "" || *user == "" {
|
||||
flag.PrintDefaults()
|
||||
|
|
@ -50,7 +52,7 @@ func main() {
|
|||
}
|
||||
}
|
||||
|
||||
func runClient(keyFile string, user string, simulateCaddy bool) {
|
||||
func runClient(keyFile string, keyId string, simulateCaddy bool) {
|
||||
testData := map[string]string{"hello": "world"}
|
||||
json_data, _ := json.Marshal(testData)
|
||||
|
||||
|
|
@ -60,7 +62,7 @@ func runClient(keyFile string, user string, simulateCaddy bool) {
|
|||
log.Fatal(err)
|
||||
}
|
||||
|
||||
client, err := client.GetSigningClient(key, user)
|
||||
client, err := client.GetSigningClient(key, keyId)
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
|
|
@ -135,5 +137,24 @@ func registerKey(keyFile string, userId string) {
|
|||
|
||||
json_data, _ := json.Marshal(request)
|
||||
|
||||
http.DefaultClient.Post("http://localhost:8080/register", "application/json", bytes.NewBuffer(json_data))
|
||||
resp, err := http.DefaultClient.Post(
|
||||
"http://localhost:8080/register",
|
||||
"application/json",
|
||||
bytes.NewBuffer(json_data))
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
defer resp.Body.Close()
|
||||
|
||||
out, err := io.ReadAll(resp.Body)
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
fmt.Println(resp.StatusCode)
|
||||
fmt.Println(resp.Header)
|
||||
fmt.Println(string(out[:]))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,10 +56,10 @@ func getDefaultHandler(isCaddyAuth bool) http.Handler {
|
|||
|
||||
if isCaddyAuth {
|
||||
w.Header().Add("Remote-User", attr)
|
||||
} else {
|
||||
msg := fmt.Sprintf("hello, %s!", attr)
|
||||
w.Write([]byte(msg))
|
||||
}
|
||||
|
||||
msg := fmt.Sprintf("hello, %s!", attr)
|
||||
w.Write([]byte(msg))
|
||||
}
|
||||
|
||||
return http.HandlerFunc(handler)
|
||||
|
|
@ -90,7 +90,14 @@ func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Hand
|
|||
|
||||
fmt.Printf("Registering %s key for %s\n", alg, request.UserId)
|
||||
|
||||
keyDir.RegisterKey(key, alg, request.UserId)
|
||||
keyId, err := keyDir.RegisterKey(key, alg, request.UserId)
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("Server error - %s", err), 500)
|
||||
return
|
||||
}
|
||||
|
||||
w.Write([]byte(keyId))
|
||||
}
|
||||
|
||||
return http.HandlerFunc(handler)
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"github.com/common-fate/httpsig/alg_ed25519"
|
||||
"github.com/common-fate/httpsig/verifier"
|
||||
"github.com/google/uuid"
|
||||
|
||||
"crispbyte.dev/sig-auth/keydirectory"
|
||||
)
|
||||
|
|
@ -41,7 +42,12 @@ func (dir InMemoryDirectory) GetKey(ctx context.Context, keyId string, _ string)
|
|||
}
|
||||
|
||||
func (dir InMemoryDirectory) RegisterKey(key crypto.PublicKey, alg string, userId string) (string, error) {
|
||||
keyId := userId
|
||||
uuid, err := uuid.NewRandom()
|
||||
keyId := uuid.String()
|
||||
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
dir.records[keyId] = keydirectory.KeyEntry{
|
||||
Alg: alg,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue