zrok/controller/util.go
2023-05-23 13:51:33 -04:00

133 lines
3.0 KiB
Go

package controller
import (
"fmt"
"net/http"
"strings"
"unicode"
errors2 "github.com/go-openapi/errors"
"github.com/jaevor/go-nanoid"
"github.com/openziti/zrok/controller/config"
"github.com/openziti/zrok/rest_model_zrok"
"github.com/sirupsen/logrus"
)
type zrokAuthenticator struct {
cfg *config.Config
}
func newZrokAuthenticator(cfg *config.Config) *zrokAuthenticator {
return &zrokAuthenticator{cfg}
}
func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Principal, error) {
tx, err := str.Begin()
if err != nil {
logrus.Errorf("error starting transaction for '%v': %v", token, err)
return nil, err
}
defer func() { _ = tx.Rollback() }()
if a, err := str.FindAccountWithToken(token, tx); err == nil {
principal := &rest_model_zrok.Principal{
ID: int64(a.Id),
Token: a.Token,
Email: a.Email,
Limitless: a.Limitless,
}
return principal, nil
} else {
// check for admin secret
if cfg.Admin != nil {
for _, secret := range cfg.Admin.Secrets {
if token == secret {
principal := &rest_model_zrok.Principal{
ID: int64(-1),
Admin: true,
}
return principal, nil
}
}
}
// no match
logrus.Warnf("invalid api key '%v'", token)
return nil, errors2.New(401, "invalid api key")
}
}
func createShareToken() (string, error) {
gen, err := nanoid.CustomASCII("abcdefghijklmnopqrstuvwxyz0123456789", 12)
if err != nil {
return "", err
}
return gen(), nil
}
func createToken() (string, error) {
gen, err := nanoid.CustomASCII("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 12)
if err != nil {
return "", err
}
return gen(), nil
}
func realRemoteAddress(req *http.Request) string {
ip := strings.Split(req.RemoteAddr, ":")[0]
fwdAddress := req.Header.Get("X-Forwarded-For")
if fwdAddress != "" {
ip = fwdAddress
ips := strings.Split(fwdAddress, ", ")
if len(ips) > 1 {
ip = ips[0]
}
}
return ip
}
func proxyUrl(shrToken, template string) string {
return strings.Replace(template, "{token}", shrToken, -1)
}
func validatePassword(cfg *config.Config, password string) error {
if cfg.Passwords.Length > len(password) {
return fmt.Errorf("password length: expected (%d), got (%d)", cfg.Passwords.Length, len(password))
}
if cfg.Passwords.RequireCapital {
if !hasCapital(password) {
return fmt.Errorf("password requires capital, found none")
}
}
if cfg.Passwords.RequireNumeric {
if !hasNumeric(password) {
return fmt.Errorf("password requires numeric, found none")
}
}
if cfg.Passwords.RequireSpecial {
if !strings.ContainsAny(password, cfg.Passwords.ValidSpecialCharacters) {
return fmt.Errorf("password requires special character, found none")
}
}
return nil
}
func hasCapital(check string) bool {
for _, c := range check {
if unicode.IsUpper(c) {
return true
}
}
return false
}
func hasNumeric(check string) bool {
for _, c := range check {
if unicode.IsDigit(c) {
return true
}
}
return false
}