mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 66 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4601 Commits
19 Branches
Tree: df49137aca
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'df49137aca'
${ noResults }
oragono/irc/resume.go

resume.go 2.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104 
  1. // Copyright (c) 2019 Shivaram Lingamneni <slingamn@cs.stanford.edu>

  2. // released under the MIT license

  3. 

  4. package irc

  5. 

  6. import (

  7. 	"sync"

  8. 

  9. 	"github.com/oragono/oragono/irc/utils"

  10. )

  11. 

  12. // implements draft/resume, in particular the issuing, management, and verification

  13. // of resume tokens with two components: a unique ID and a secret key

  14. 

  15. type resumeTokenPair struct {

  16. 	client *Client

  17. 	secret string

  18. }

  19. 

  20. type ResumeManager struct {

  21. 	sync.Mutex // level 2

  22. 

  23. 	resumeIDtoCreds map[string]resumeTokenPair

  24. 	server          *Server

  25. }

  26. 

  27. func (rm *ResumeManager) Initialize(server *Server) {

  28. 	rm.resumeIDtoCreds = make(map[string]resumeTokenPair)

  29. 	rm.server = server

  30. }

  31. 

  32. // GenerateToken generates a resume token for a client. If the client has

  33. // already been assigned one, it returns "".

  34. func (rm *ResumeManager) GenerateToken(client *Client) (token string, id string) {

  35. 	id = utils.GenerateSecretToken()

  36. 	secret := utils.GenerateSecretToken()

  37. 

  38. 	rm.Lock()

  39. 	defer rm.Unlock()

  40. 

  41. 	if client.ResumeID() != "" {

  42. 		return

  43. 	}

  44. 

  45. 	client.SetResumeID(id)

  46. 	rm.resumeIDtoCreds[id] = resumeTokenPair{

  47. 		client: client,

  48. 		secret: secret,

  49. 	}

  50. 

  51. 	return id + secret, id

  52. }

  53. 

  54. // VerifyToken looks up the client corresponding to a resume token, returning

  55. // nil if there is no such client or the token is invalid. If successful,

  56. // the token is consumed and cannot be used to resume again.

  57. func (rm *ResumeManager) VerifyToken(newClient *Client, token string) (oldClient *Client, id string) {

  58. 	if len(token) != 2*utils.SecretTokenLength {

  59. 		return

  60. 	}

  61. 

  62. 	rm.Lock()

  63. 	defer rm.Unlock()

  64. 

  65. 	id = token[:utils.SecretTokenLength]

  66. 	pair, ok := rm.resumeIDtoCreds[id]

  67. 	if !ok {

  68. 		return

  69. 	}

  70. 	// disallow resume of an unregistered client; this prevents the use of

  71. 	// resume as an auth bypass

  72. 	if !pair.client.Registered() {

  73. 		return

  74. 	}

  75. 

  76. 	if utils.SecretTokensMatch(pair.secret, token[utils.SecretTokenLength:]) {

  77. 		oldClient = pair.client // success!

  78. 		// consume the token, ensuring that at most one resume can succeed

  79. 		delete(rm.resumeIDtoCreds, id)

  80. 		// old client is henceforth resumeable under new client's creds (possibly empty)

  81. 		newResumeID := newClient.ResumeID()

  82. 		oldClient.SetResumeID(newResumeID)

  83. 		if newResumeID != "" {

  84. 			if newResumeCreds, ok := rm.resumeIDtoCreds[newResumeID]; ok {

  85. 				newResumeCreds.client = oldClient

  86. 				rm.resumeIDtoCreds[newResumeID] = newResumeCreds

  87. 			}

  88. 		}

  89. 		// new client no longer "owns" newResumeID, remove the association

  90. 		newClient.SetResumeID("")

  91. 	}

  92. 	return

  93. }

  94. 

  95. // Delete stops tracking a client's resume token.

  96. func (rm *ResumeManager) Delete(client *Client) {

  97. 	rm.Lock()

  98. 	defer rm.Unlock()

  99. 

  100. 	currentID := client.ResumeID()

  101. 	if currentID != "" {

  102. 		delete(rm.resumeIDtoCreds, currentID)

  103. 	}

  104. }