- commit
- f313a8f
- parent
- 61aa1be
- author
- cheddar
- date
- 2025-02-21 03:49:05 +0100 CET
Reorg client code
4 files changed,
+58,
-37
+36,
-1
1@@ -1,12 +1,14 @@
2 package client
3
4 import (
5+ "bytes"
6 "crypto"
7 "crypto/ecdsa"
8 "crypto/ed25519"
9 "crypto/rsa"
10 "fmt"
11 "net/http"
12+ "net/url"
13 "reflect"
14
15 "github.com/common-fate/httpsig"
16@@ -14,9 +16,42 @@ import (
17 "github.com/common-fate/httpsig/alg_ed25519"
18 "github.com/common-fate/httpsig/alg_rsa"
19 "github.com/common-fate/httpsig/signer"
20+ "github.com/opencontainers/go-digest"
21 )
22
23-func GetSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error) {
24+func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte, simulateCaddy bool) (*http.Response, error) {
25+ client, err := getSigningClient(key, keyId)
26+
27+ if err != nil {
28+ return nil, err
29+ }
30+
31+ id := digest.FromBytes(data)
32+
33+ authUrl := baseUrl.JoinPath("auth")
34+
35+ var req *http.Request
36+
37+ req, err = http.NewRequest("POST", authUrl.String(), bytes.NewBuffer(data))
38+
39+ if err != nil {
40+ return nil, err
41+ }
42+
43+ req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
44+ req.Header.Add("Content-Type", "application/json")
45+
46+ if simulateCaddy {
47+ req.Header.Add("X-Forwarded-Method", req.Method)
48+ req.Header.Add("X-Forwarded-Uri", req.RequestURI)
49+ }
50+
51+ resp, err := client.Do(req)
52+
53+ return resp, err
54+}
55+
56+func getSigningClient(key crypto.PrivateKey, keyId string) (*http.Client, error) {
57 var alg signer.Algorithm
58
59 switch p := key.(type) {
+5,
-2
1@@ -6,11 +6,12 @@ import (
2 "fmt"
3 "io"
4 "net/http"
5+ "net/url"
6
7 "crispbyte.dev/sig-auth/server"
8 )
9
10-func RegisterKey(key string, userId string) error {
11+func RegisterKey(baseUrl *url.URL, key string, userId string) error {
12 request := server.RegisterRequest{
13 UserId: userId,
14 Key: key,
15@@ -18,8 +19,10 @@ func RegisterKey(key string, userId string) error {
16
17 json_data, _ := json.Marshal(request)
18
19+ registerUrl := baseUrl.JoinPath("register")
20+
21 resp, err := http.DefaultClient.Post(
22- "http://localhost:8080/register",
23+ registerUrl.String(),
24 "application/json",
25 bytes.NewBuffer(json_data))
26
M
main.go
+16,
-33
1@@ -1,20 +1,18 @@
2 package main
3
4 import (
5- "bytes"
6 "crypto"
7 "encoding/json"
8 "flag"
9 "fmt"
10 "io"
11 "log"
12- "net/http"
13+ "net/url"
14 "os"
15
16 "crispbyte.dev/sig-auth/client"
17 "crispbyte.dev/sig-auth/keydirectory"
18 "crispbyte.dev/sig-auth/server"
19- "github.com/opencontainers/go-digest"
20 "golang.org/x/crypto/ssh"
21 )
22
23@@ -29,6 +27,8 @@ func main() {
24
25 keyPath := flag.String("key", "", "Path to the private key (client mode) or public key (registration mode) to use")
26
27+ baseUrlString := flag.String("base-url", "http://localhost:8080", "Base URL of the server")
28+
29 simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy")
30
31 useTempDb := flag.Bool("temp-db", false, "Use a temporary in-memory database")
32@@ -37,20 +37,27 @@ func main() {
33
34 flag.Parse()
35
36+ baseUrl, err := url.Parse(*baseUrlString)
37+
38+ if err != nil {
39+ flag.PrintDefaults()
40+ return
41+ }
42+
43 if *useClient {
44 if *keyPath == "" || *keyId == "" {
45 flag.PrintDefaults()
46 return
47 }
48
49- runClient(*keyPath, *keyId, *simulateCaddy)
50+ runClient(baseUrl, *keyPath, *keyId, *simulateCaddy)
51 } else if *register {
52 if *keyPath == "" || *user == "" {
53 flag.PrintDefaults()
54 return
55 }
56
57- registerKey(*keyPath, *user)
58+ registerKey(baseUrl, *keyPath, *user)
59 } else {
60 if !*useTempDb && *dbPath == "" {
61 flag.PrintDefaults()
62@@ -61,7 +68,7 @@ func main() {
63 }
64 }
65
66-func runClient(keyFile string, keyId string, simulateCaddy bool) {
67+func runClient(baseUrl *url.URL, keyFile string, keyId string, simulateCaddy bool) {
68 testData := map[string]string{"hello": "world"}
69 json_data, _ := json.Marshal(testData)
70
71@@ -71,31 +78,7 @@ func runClient(keyFile string, keyId string, simulateCaddy bool) {
72 log.Fatal(err)
73 }
74
75- client, err := client.GetSigningClient(key, keyId)
76-
77- if err != nil {
78- log.Fatal(err)
79- }
80-
81- id := digest.FromBytes(json_data)
82-
83- var req *http.Request
84-
85- req, err = http.NewRequest("POST", "http://localhost:8080/post", bytes.NewBuffer(json_data))
86-
87- if err != nil {
88- log.Fatal(err)
89- }
90-
91- req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
92- req.Header.Add("Content-Type", "application/json")
93-
94- if simulateCaddy {
95- req.Header.Add("X-Forwarded-Method", req.Method)
96- req.Header.Add("X-Forwarded-Uri", req.RequestURI)
97- }
98-
99- resp, err := client.Do(req)
100+ resp, err := client.Post(baseUrl, key, keyId, json_data, simulateCaddy)
101
102 if err != nil {
103 log.Fatal(err)
104@@ -141,7 +124,7 @@ func loadPrivateKey(keyFile string) (crypto.PrivateKey, error) {
105 return ssh.ParseRawPrivateKey(keyBytes)
106 }
107
108-func registerKey(keyFile string, userId string) {
109+func registerKey(baseUrl *url.URL, keyFile string, userId string) {
110 keyBytes, err := os.ReadFile(keyFile)
111
112 if err != nil {
113@@ -150,7 +133,7 @@ func registerKey(keyFile string, userId string) {
114
115 keyText := string(keyBytes)
116
117- err = client.RegisterKey(keyText, userId)
118+ err = client.RegisterKey(baseUrl, keyText, userId)
119
120 if err != nil {
121 log.Fatal(err)
+1,
-1
1@@ -42,7 +42,7 @@ func Start(isCaddyAuth bool, keyDir keydirectory.RegistrationDirectory) error {
2 handler = verifyHandler
3 }
4
5- mux.Handle("/", handler)
6+ mux.Handle("/auth", handler)
7 mux.Handle("/register", getRegistrationHandler(keyDir))
8
9 err := http.ListenAndServe("localhost:8080", mux)