mirror of
https://github.com/coalaura/up.git
synced 2025-07-17 21:44:35 +00:00
cleanup sessions and challenges
This commit is contained in:
Laura
1
go.mod
1
go.mod
@ -5,6 +5,7 @@ go 1.24.2
|
|||||||
require (
|
require (
|
||||||
github.com/coalaura/logger v1.4.5
|
github.com/coalaura/logger v1.4.5
|
||||||
github.com/go-chi/chi/v5 v5.2.2
|
github.com/go-chi/chi/v5 v5.2.2
|
||||||
|
github.com/patrickmn/go-cache v2.1.0+incompatible
|
||||||
github.com/urfave/cli/v3 v3.3.8
|
github.com/urfave/cli/v3 v3.3.8
|
||||||
github.com/vmihailenco/msgpack/v5 v5.4.1
|
github.com/vmihailenco/msgpack/v5 v5.4.1
|
||||||
golang.org/x/crypto v0.39.0
|
golang.org/x/crypto v0.39.0
|
||||||
|
|||||||
2
go.sum
2
go.sum
@ -6,6 +6,8 @@ github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
|
|||||||
github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
|
github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
|
||||||
github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
|
github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
|
||||||
github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
|
github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
|
||||||
|
github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
|
||||||
|
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
|
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
|
||||||
|
|||||||
@ -1,20 +1,16 @@
|
|||||||
package internal
|
package internal
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"time"
|
|
||||||
|
|
||||||
"golang.org/x/crypto/ssh"
|
"golang.org/x/crypto/ssh"
|
||||||
)
|
)
|
||||||
|
|
||||||
type ChallengeEntry struct {
|
type ChallengeEntry struct {
|
||||||
Challenge []byte
|
Challenge []byte
|
||||||
PublicKey ssh.PublicKey
|
PublicKey ssh.PublicKey
|
||||||
Expires time.Time
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type SessionEntry struct {
|
type SessionEntry struct {
|
||||||
PublicKey ssh.PublicKey
|
PublicKey ssh.PublicKey
|
||||||
Expires time.Time
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type AuthRequest struct {
|
type AuthRequest struct {
|
||||||
|
|||||||
@ -1,12 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net"
|
|
||||||
"time"
|
|
||||||
)
|
|
||||||
|
|
||||||
func HandleConnection(conn net.Conn) error {
|
|
||||||
time.Sleep(10 * time.Second)
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
@ -2,10 +2,11 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"sync"
|
"time"
|
||||||
|
|
||||||
"github.com/coalaura/logger"
|
"github.com/coalaura/logger"
|
||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
|
"github.com/patrickmn/go-cache"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -13,8 +14,8 @@ var (
|
|||||||
NoLevel: true,
|
NoLevel: true,
|
||||||
})
|
})
|
||||||
|
|
||||||
challenges sync.Map
|
challenges = cache.New(10*time.Second, time.Minute)
|
||||||
sessions sync.Map
|
sessions = cache.New(10*time.Second, time.Minute)
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|||||||
@ -8,9 +8,9 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/coalaura/up/internal"
|
"github.com/coalaura/up/internal"
|
||||||
|
"github.com/patrickmn/go-cache"
|
||||||
"github.com/vmihailenco/msgpack/v5"
|
"github.com/vmihailenco/msgpack/v5"
|
||||||
"golang.org/x/crypto/ssh"
|
"golang.org/x/crypto/ssh"
|
||||||
)
|
)
|
||||||
@ -65,11 +65,10 @@ func HandleChallengeRequest(w http.ResponseWriter, r *http.Request, authorized m
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
challenges.Store(challenge.Token, internal.ChallengeEntry{
|
challenges.Set(challenge.Token, internal.ChallengeEntry{
|
||||||
Challenge: raw,
|
Challenge: raw,
|
||||||
PublicKey: public,
|
PublicKey: public,
|
||||||
Expires: time.Now().Add(20 * time.Second),
|
}, cache.DefaultExpiration)
|
||||||
})
|
|
||||||
|
|
||||||
log.Printf("request: issued challenge to %s\n", r.RemoteAddr)
|
log.Printf("request: issued challenge to %s\n", r.RemoteAddr)
|
||||||
|
|
||||||
@ -101,7 +100,7 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
entry, ok := challenges.LoadAndDelete(response.Token)
|
entry, ok := challenges.Get(response.Token)
|
||||||
if !ok {
|
if !ok {
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
|
||||||
@ -110,16 +109,10 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
challenges.Delete(response.Token)
|
||||||
|
|
||||||
challenge := entry.(internal.ChallengeEntry)
|
challenge := entry.(internal.ChallengeEntry)
|
||||||
|
|
||||||
if time.Now().After(challenge.Expires) {
|
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
|
||||||
|
|
||||||
log.Warning("complete: challenge expired")
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
publicA := public.Marshal()
|
publicA := public.Marshal()
|
||||||
publicB := challenge.PublicKey.Marshal()
|
publicB := challenge.PublicKey.Marshal()
|
||||||
|
|
||||||
@ -173,10 +166,9 @@ func HandleCompleteRequest(w http.ResponseWriter, r *http.Request, authorized ma
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
sessions.Store(token, internal.SessionEntry{
|
sessions.Set(token, internal.SessionEntry{
|
||||||
PublicKey: public,
|
PublicKey: public,
|
||||||
Expires: time.Now().Add(5 * time.Minute),
|
}, cache.DefaultExpiration)
|
||||||
})
|
|
||||||
|
|
||||||
log.Printf("complete: completed auth for %s\n", r.RemoteAddr)
|
log.Printf("complete: completed auth for %s\n", r.RemoteAddr)
|
||||||
|
|
||||||
@ -198,8 +190,7 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
entry, ok := sessions.LoadAndDelete(token)
|
if _, ok := sessions.Get(token); !ok {
|
||||||
if !ok {
|
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
|
||||||
log.Warning("receive: invalid token")
|
log.Warning("receive: invalid token")
|
||||||
@ -207,15 +198,7 @@ func HandleReceiveRequest(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
session := entry.(internal.SessionEntry)
|
sessions.Delete(token)
|
||||||
|
|
||||||
if time.Now().After(session.Expires) {
|
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
|
||||||
|
|
||||||
log.Warning("receive: session expired")
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
reader, err := r.MultipartReader()
|
reader, err := r.MultipartReader()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user