Add basic key registration

2025-02-17 20:50:48 -05:00 · 2025-02-17 20:50:48 -05:00 · 949d1fc2ad
commit 949d1fc2ad
parent 3dfe5b8558
6 changed files with 138 additions and 55 deletions
--- a/server/register_request.go
+++ b/server/register_request.go
@ -0,0 +1,6 @@
+package server
+
+type RegisterRequest struct {
+	UserId string
+	Key    string
+}
--- a/server/server.go
+++ b/server/server.go
@ -2,15 +2,18 @@ package server

 import (
 	"context"
+	"crypto"
+	"encoding/json"
 	"fmt"
 	"net/http"

+	"crispbyte.dev/sig-auth/keydirectory"
 	"github.com/common-fate/httpsig"
 	"github.com/common-fate/httpsig/inmemory"
-	"github.com/common-fate/httpsig/verifier"
+	"golang.org/x/crypto/ssh"
 )

-func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error {
+func Start(isCaddyAuth bool, keyDir keydirectory.RegistrationDirectory) error {
 	mux := http.NewServeMux()

 	verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
@ -29,16 +32,7 @@ func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error {
 		},
 	})

-	verifyHandler := verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		attr := httpsig.AttributesFromContext(r.Context()).(string)
-
-		if isCaddyAuth {
-			w.Header().Add("Remote-User", attr)
-		} else {
-			msg := fmt.Sprintf("hello, %s!", attr)
-			w.Write([]byte(msg))
-		}
-	}))
+	verifyHandler := verifier(getDefaultHandler(isCaddyAuth))

 	var handler http.Handler

@ -49,8 +43,68 @@ func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error {
 	}

 	mux.Handle("/", handler)
+	mux.Handle("/register", getRegistrationHandler(keyDir))

 	err := http.ListenAndServe("localhost:8080", mux)

 	return err
 }
+
+func getDefaultHandler(isCaddyAuth bool) http.Handler {
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		attr := httpsig.AttributesFromContext(r.Context()).(string)
+
+		if isCaddyAuth {
+			w.Header().Add("Remote-User", attr)
+		} else {
+			msg := fmt.Sprintf("hello, %s!", attr)
+			w.Write([]byte(msg))
+		}
+	}
+
+	return http.HandlerFunc(handler)
+}
+
+func getRegistrationHandler(keyDir keydirectory.RegistrationDirectory) http.Handler {
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "POST" {
+			http.Error(w, "Bad request", 400)
+			return
+		}
+
+		var request RegisterRequest
+
+		err := json.NewDecoder(r.Body).Decode(&request)
+
+		if err != nil {
+			http.Error(w, fmt.Sprintf("Bad request - %s", err), 400)
+			return
+		}
+
+		key, alg, err := parsePublicKey(request.Key)
+
+		if err != nil {
+			http.Error(w, fmt.Sprintf("Bad request - %s", err), 400)
+			return
+		}
+
+		fmt.Printf("Registering %s key for %s\n", alg, request.UserId)
+
+		keyDir.RegisterKey(key, alg, request.UserId)
+	}
+
+	return http.HandlerFunc(handler)
+}
+
+func parsePublicKey(input string) (crypto.PublicKey, string, error) {
+	pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(input))
+
+	var alg string
+
+	switch pk.Type() {
+	case "ssh-ed25519":
+		alg = "ed25519"
+	}
+
+	return pk.(ssh.CryptoPublicKey).CryptoPublicKey(), alg, err
+}