mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 69 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1710 Commits
21 Branches
Tree: 63029e2ff5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '63029e2ff5'
${ noResults }
oragono/irc/resume.go

resume.go 2.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. // Copyright (c) 2019 Shivaram Lingamneni <slingamn@cs.stanford.edu>

  2. // released under the MIT license

  3. 

  4. package irc

  5. 

  6. import (

  7. 	"sync"

  8. 

  9. 	"github.com/oragono/oragono/irc/utils"

  10. )

  11. 

  12. // implements draft/resume-0.3, in particular the issuing, management, and verification

  13. // of resume tokens with two components: a unique ID and a secret key

  14. 

  15. type resumeTokenPair struct {

  16. 	client *Client

  17. 	secret string

  18. }

  19. 

  20. type ResumeManager struct {

  21. 	sync.RWMutex // level 2

  22. 

  23. 	resumeIDtoCreds map[string]resumeTokenPair

  24. 	server          *Server

  25. }

  26. 

  27. func (rm *ResumeManager) Initialize(server *Server) {

  28. 	rm.resumeIDtoCreds = make(map[string]resumeTokenPair)

  29. 	rm.server = server

  30. }

  31. 

  32. // GenerateToken generates a resume token for a client. If the client has

  33. // already been assigned one, it returns "".

  34. func (rm *ResumeManager) GenerateToken(client *Client) (token string) {

  35. 	id := utils.GenerateSecretToken()

  36. 	secret := utils.GenerateSecretToken()

  37. 

  38. 	rm.Lock()

  39. 	defer rm.Unlock()

  40. 

  41. 	if client.ResumeID() != "" {

  42. 		return

  43. 	}

  44. 

  45. 	client.SetResumeID(id)

  46. 	rm.resumeIDtoCreds[id] = resumeTokenPair{

  47. 		client: client,

  48. 		secret: secret,

  49. 	}

  50. 

  51. 	return id + secret

  52. }

  53. 

  54. // VerifyToken looks up the client corresponding to a resume token, returning

  55. // nil if there is no such client or the token is invalid. If successful,

  56. // the token is consumed and cannot be used to resume again.

  57. func (rm *ResumeManager) VerifyToken(token string) (client *Client) {

  58. 	if len(token) != 2*utils.SecretTokenLength {

  59. 		return

  60. 	}

  61. 

  62. 	rm.RLock()

  63. 	defer rm.RUnlock()

  64. 

  65. 	id := token[:utils.SecretTokenLength]

  66. 	pair, ok := rm.resumeIDtoCreds[id]

  67. 	if ok {

  68. 		if utils.SecretTokensMatch(pair.secret, token[utils.SecretTokenLength:]) {

  69. 			// disallow resume of an unregistered client; this prevents the use of

  70. 			// resume as an auth bypass

  71. 			if pair.client.Registered() {

  72. 				// consume the token, ensuring that at most one resume can succeed

  73. 				delete(rm.resumeIDtoCreds, id)

  74. 				return pair.client

  75. 			}

  76. 		}

  77. 	}

  78. 	return

  79. }

  80. 

  81. // Delete stops tracking a client's resume token.

  82. func (rm *ResumeManager) Delete(client *Client) {

  83. 	rm.Lock()

  84. 	defer rm.Unlock()

  85. 

  86. 	currentID := client.ResumeID()

  87. 	if currentID != "" {

  88. 		delete(rm.resumeIDtoCreds, currentID)

  89. 	}

  90. }