hash passwords
This commit is contained in:
@@ -59,7 +59,7 @@ inline constexpr std::string_view REPERTORY_DATA_NAME{"repertory2"};
|
||||
inline constexpr std::wstring_view REPERTORY_W{L"repertory"};
|
||||
|
||||
inline constexpr std::uint64_t REPERTORY_CONFIG_VERSION{2ULL};
|
||||
inline constexpr std::string_view REPERTORY_MIN_REMOTE_VERSION{"2.0.0"};
|
||||
inline constexpr std::string_view REPERTORY_MIN_REMOTE_VERSION{"2.1.0"};
|
||||
inline constexpr std::string_view RENTERD_MIN_VERSION{"2.0.0"};
|
||||
|
||||
#define REPERTORY_INVALID_HANDLE INVALID_HANDLE_VALUE
|
||||
|
||||
@@ -23,10 +23,18 @@
|
||||
#define REPERTORY_INCLUDE_RPC_COMMON_HPP_
|
||||
|
||||
#include "utils/base64.hpp"
|
||||
#include "utils/collection.hpp"
|
||||
#include "utils/error_utils.hpp"
|
||||
#include "utils/hash.hpp"
|
||||
#include "utils/string.hpp"
|
||||
|
||||
namespace repertory::rpc {
|
||||
[[nodiscard]] auto create_password_hash(std::string_view password)
|
||||
-> std::string {
|
||||
return utils::collection::to_hex_string(
|
||||
utils::hash::create_hash_blake2b_384(password));
|
||||
}
|
||||
|
||||
[[nodiscard]] auto check_authorization(const auto &cfg,
|
||||
const httplib::Request &req) -> bool {
|
||||
REPERTORY_USES_FUNCTION_NAME();
|
||||
@@ -61,16 +69,15 @@ namespace repertory::rpc {
|
||||
auto auth_str = std::string(data.begin(), data.end());
|
||||
|
||||
auto auth = utils::string::split(auth_str, ':', false);
|
||||
if (auth.size() < 2U) {
|
||||
if (auth.size() != 2U) {
|
||||
utils::error::raise_error(function_name, "authorization data is not valid");
|
||||
return false;
|
||||
}
|
||||
|
||||
auto user = auth.at(0U);
|
||||
auth.erase(auth.begin());
|
||||
|
||||
auto pwd = utils::string::join(auth, ':');
|
||||
if ((user != cfg.get_api_user()) || (pwd != cfg.get_api_password())) {
|
||||
auto pwd = auth.at(1U);
|
||||
if ((user != cfg.get_api_user()) ||
|
||||
(pwd != create_password_hash(cfg.get_api_password()))) {
|
||||
utils::error::raise_error(function_name, "authorization failed");
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -21,7 +21,10 @@
|
||||
*/
|
||||
#include "rpc/client/client.hpp"
|
||||
|
||||
#include "rpc/common.hpp"
|
||||
#include "types/repertory.hpp"
|
||||
#include "utils/collection.hpp"
|
||||
#include "utils/hash.hpp"
|
||||
|
||||
namespace repertory {
|
||||
client::client(rpc_host_info host_info) : host_info_(std::move(host_info)) {}
|
||||
@@ -31,7 +34,8 @@ auto client::get_drive_information() -> rpc_response {
|
||||
"http://" + host_info_.host + ":" + std::to_string(host_info_.port);
|
||||
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Get("/api/v1/" + rpc_method::get_drive_information);
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -58,7 +62,8 @@ auto client::get_config() -> rpc_response {
|
||||
"http://" + host_info_.host + ":" + std::to_string(host_info_.port);
|
||||
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Get("/api/v1/" + rpc_method::get_config);
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -86,7 +91,8 @@ auto client::get_config_value_by_name(const std::string &name) -> rpc_response {
|
||||
|
||||
httplib::Params params{{"name", name}};
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp =
|
||||
cli.Get("/api/v1/" + rpc_method::get_config_value_by_name, params, {});
|
||||
@@ -115,7 +121,8 @@ auto client::get_directory_items(const std::string &api_path) -> rpc_response {
|
||||
|
||||
httplib::Params params{{"api_path", api_path}};
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Get("/api/v1/" + rpc_method::get_directory_items, params, {});
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -142,7 +149,8 @@ auto client::get_open_files() -> rpc_response {
|
||||
"http://" + host_info_.host + ":" + std::to_string(host_info_.port);
|
||||
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Get("/api/v1/" + rpc_method::get_open_files);
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -169,7 +177,8 @@ auto client::get_pinned_files() -> rpc_response {
|
||||
"http://" + host_info_.host + ":" + std::to_string(host_info_.port);
|
||||
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Get("/api/v1/" + rpc_method::get_pinned_files);
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -197,7 +206,8 @@ auto client::pin_file(const std::string &api_path) -> rpc_response {
|
||||
|
||||
httplib::Params params{{"api_path", api_path}};
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Post("/api/v1/" + rpc_method::pin_file, params);
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -225,7 +235,8 @@ auto client::pinned_status(const std::string &api_path) -> rpc_response {
|
||||
|
||||
httplib::Params params{{"api_path", api_path}};
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Get("/api/v1/" + rpc_method::pinned_status, params, {});
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -259,7 +270,8 @@ auto client::set_config_value_by_name(const std::string &name,
|
||||
};
|
||||
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp =
|
||||
cli.Post("/api/v1/" + rpc_method::set_config_value_by_name, params);
|
||||
@@ -287,7 +299,8 @@ auto client::unmount() -> rpc_response {
|
||||
"http://" + host_info_.host + ":" + std::to_string(host_info_.port);
|
||||
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Post("/api/v1/" + rpc_method::unmount);
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
@@ -315,7 +328,8 @@ auto client::unpin_file(const std::string &api_path) -> rpc_response {
|
||||
|
||||
httplib::Params params{{"api_path", api_path}};
|
||||
httplib::Client cli{base_url};
|
||||
cli.set_basic_auth(host_info_.user, host_info_.password);
|
||||
cli.set_basic_auth(host_info_.user,
|
||||
rpc::create_password_hash(host_info_.password));
|
||||
|
||||
auto resp = cli.Post("/api/v1/" + rpc_method::unpin_file, params);
|
||||
if (resp.error() != httplib::Error::Success) {
|
||||
|
||||
Reference in New Issue
Block a user