Add token authent

2023-11-08 08:08:28 +01:00 · 2023-11-08 08:08:28 +01:00 · 794c265c1d
parent 0216857cf2
commit 794c265c1d
4 changed files with 56 additions and 3 deletions
--- a/fsockets.py
+++ b/fsockets.py
--- a/modules/clients.py
+++ b/modules/clients.py
@ -95,4 +95,4 @@ def main():
 		return True
 	addEventHandler("onConnection",onConnectionEvent)

-main()
+main()
--- a/modules/fstream/main.py
+++ b/modules/fstream/main.py
@ -1,5 +1,9 @@
 global select
 import select
+global time
+import time
+global binascii
+import binascii

 global clientLoopIn
 def clientLoopIn(self):
@ -42,9 +46,54 @@ def clientLoopIn(self):
 		if cmd[0] == "watch":
 			q = queue.Queue()
 			setClientData(self.cID,"queue",q)
+		
+		if cmd[0] == "token":
+			q = queue.Queue()
+			setClientData(self.cID,"queue",q)
+			setClientData(self.cID,"active",False)
+			token = os.urandom(tokenLength)
+			setClientData(self.cID,"token",token)
+	
+	if cmd[0] == "token":
+		if not authenticate(args["user"],args["user-password"]): return
+		with clientDataLock:
+			setClientData(self.cID,"active",True)
+			with clientsLock:
+				for client in clients:
+					if getClientData(client,"type") != "token": continue
+					if getClientData(client,"args")["user"] != args["user"]: continue
+					if getClientData(client,"active") != True: continue
+					setClientData(client,"active",False)
+					getClientData(client,"queue").put(None)
+		
+		ttimeout = time.monotonic()
+		self.connection.sendall(binascii.hexlify(token))
+		self.connection.close()
+		ttimeout = tokenTimeout - (time.monotonic() - ttimeout)
+		if ttimeout <= 0: return
+		try:
+			q.get(True,ttimeout)
+		except Queue.Empty:
+			pass
+		return
 	
 	if cmd[0] == "broadcast":
-		if not authenticate(args["user"],args["user-password"]): return
+		if not "token" in args:
+			if not authenticate(args["user"],args["user-password"]): return
+		else:
+			tokenAuthed = False
+			with clientDataLock:
+				args["token"] = bytes.fromhex(args["token"])
+				with clientsLock:
+					for client in clients:
+						if getClientData(client,"type") != "token": continue
+						if getClientData(client,"args")["user"] != args["user"]: continue
+						if getClientData(client,"active") != True: continue
+						if getClientData(client,"token") != token: return
+						tokenAuthed = True
+						break
+			if not tokenAuthed: return
+		
 		if not "bufsize" in args:
 			bufsize = 0
 		else:
--- a/modules/fstream/settings.py
+++ b/modules/fstream/settings.py
@ -3,4 +3,8 @@ connBuffer = 1024 # How large can a buffer piece be in bytes?
 global bufferCost
 bufferCost = 1024 # Virtually add extra cost to each buffer piece to prevent clients from overloading the server by sending super small pieces.
 global maxBuffer
-maxBuffer = 20*1024*1024 # The maximum buffer size of a stream in bytes. Old buffers are discarded, clients that depend on them get disconnected.
+maxBuffer = 20*1024*1024 # The maximum buffer size of a stream in bytes. Old buffers are discarded, clients that depend on them get disconnected.
+global tokenTimeout
+tokenTimeout = 120.0 # How long it takes, in seconds, for a login token to time out.
+global tokenLength
+tokenLength = 128 # How long the generated token is, in bytes. Note that the the generated token that is received/sent from/to the client is 2x longer, since it's converted from/to hex.