mirror of
https://github.com/matrix-construct/construct
synced 2024-09-29 20:28:52 +02:00
ircd:Ⓜ️:resource: Cleanup; simplify resource::request construction.
This commit is contained in:
parent
3b985043d6
commit
db33bea8dc
2 changed files with 36 additions and 45 deletions
|
@ -44,10 +44,12 @@ struct ircd::m::resource::request
|
|||
{
|
||||
template<class> struct object;
|
||||
|
||||
string_view origin;
|
||||
string_view node_id;
|
||||
string_view access_token;
|
||||
m::user::id::buf user_id;
|
||||
pair<string_view> authorization; // proffering any
|
||||
string_view access_token; // proffering user
|
||||
m::request::x_matrix x_matrix; // proferring server
|
||||
string_view node_id; // authenticated server
|
||||
string_view origin; // authenticated server
|
||||
m::user::id::buf user_id; // authenticated user
|
||||
|
||||
request(const method &, const client &, ircd::resource::request &r);
|
||||
request() = default;
|
||||
|
|
|
@ -137,11 +137,27 @@ ircd::m::resource::request::request(const method &method,
|
|||
{
|
||||
r
|
||||
}
|
||||
,origin
|
||||
,authorization
|
||||
{
|
||||
//NOTE: may be assigned by authenticate_user()
|
||||
split(head.authorization, ' ')
|
||||
}
|
||||
,access_token
|
||||
{
|
||||
iequals(authorization.first, "Bearer"_sv)?
|
||||
authorization.second:
|
||||
query["access_token"]
|
||||
}
|
||||
,x_matrix
|
||||
{
|
||||
!access_token && iequals(authorization.first, "X-Matrix"_sv)?
|
||||
m::request::x_matrix{authorization.first, authorization.second}:
|
||||
m::request::x_matrix{}
|
||||
}
|
||||
,node_id
|
||||
{
|
||||
//NOTE: may be assigned by authenticate_node()
|
||||
}
|
||||
,origin
|
||||
{
|
||||
// Server X-Matrix header verified here. Similar to client auth, origin
|
||||
// which has been authed is referenced in the client.request. If the method
|
||||
|
@ -151,10 +167,6 @@ ircd::m::resource::request::request(const method &method,
|
|||
// apropos for this request (i.e a client request rather than federation).
|
||||
authenticate_node(method, client, *this)
|
||||
}
|
||||
,access_token
|
||||
{
|
||||
//NOTE: may be assigned by authenticate_user()
|
||||
}
|
||||
,user_id
|
||||
{
|
||||
// Client access token verified here. On success, user_id owning the token
|
||||
|
@ -175,39 +187,23 @@ ircd::m::authenticate_user(const resource::method &method,
|
|||
const client &client,
|
||||
resource::request &request)
|
||||
{
|
||||
request.access_token =
|
||||
{
|
||||
request.query["access_token"]
|
||||
};
|
||||
|
||||
if(empty(request.access_token))
|
||||
{
|
||||
const auto authorization
|
||||
{
|
||||
split(request.head.authorization, ' ')
|
||||
};
|
||||
|
||||
if(iequals(authorization.first, "bearer"_sv))
|
||||
request.access_token = authorization.second;
|
||||
}
|
||||
|
||||
assert(method.opts);
|
||||
const auto requires_auth
|
||||
{
|
||||
method.opts->flags & resource::method::REQUIRES_AUTH
|
||||
};
|
||||
|
||||
if(!request.access_token && requires_auth)
|
||||
m::user::id::buf ret;
|
||||
if(!request.access_token && !requires_auth)
|
||||
return ret;
|
||||
|
||||
if(!request.access_token)
|
||||
throw m::error
|
||||
{
|
||||
http::UNAUTHORIZED, "M_MISSING_TOKEN",
|
||||
"Credentials for this method are required but missing."
|
||||
};
|
||||
|
||||
m::user::id::buf ret;
|
||||
if(!request.access_token)
|
||||
return ret;
|
||||
|
||||
static const m::event::fetch::opts fopts
|
||||
{
|
||||
m::event::keys::include {"sender"}
|
||||
|
@ -252,14 +248,9 @@ try
|
|||
method.opts->flags & resource::method::VERIFY_ORIGIN
|
||||
};
|
||||
|
||||
const auto authorization
|
||||
{
|
||||
split(request.head.authorization, ' ')
|
||||
};
|
||||
|
||||
const bool supplied
|
||||
{
|
||||
iequals(authorization.first, "X-Matrix"_sv)
|
||||
!empty(x_matrix.origin)
|
||||
};
|
||||
|
||||
if(!required && !supplied)
|
||||
|
@ -280,14 +271,13 @@ try
|
|||
request.head.host
|
||||
};
|
||||
|
||||
const m::request::x_matrix x_matrix
|
||||
{
|
||||
request.head.authorization
|
||||
};
|
||||
|
||||
const m::request object
|
||||
{
|
||||
x_matrix.origin, request.head.host, method.name, request.head.uri, request.content
|
||||
x_matrix.origin,
|
||||
request.head.host,
|
||||
method.name,
|
||||
request.head.uri,
|
||||
request.content
|
||||
};
|
||||
|
||||
if(x_matrix_verify_origin && !object.verify(x_matrix.key, x_matrix.sig))
|
||||
|
@ -297,9 +287,8 @@ try
|
|||
"The X-Matrix Authorization is invalid."
|
||||
};
|
||||
|
||||
request.origin = x_matrix.origin;
|
||||
request.node_id = request.origin; //TODO: remove request.node_id.
|
||||
return request.origin;
|
||||
return x_matrix.origin;
|
||||
}
|
||||
catch(const m::error &)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue