0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-17 15:30:52 +01:00

ircd:Ⓜ️:resource: Cleanup; simplify resource::request construction.

This commit is contained in:
Jason Volk 2020-04-12 14:27:32 -07:00
parent 3b985043d6
commit db33bea8dc
2 changed files with 36 additions and 45 deletions

View file

@ -44,10 +44,12 @@ struct ircd::m::resource::request
{ {
template<class> struct object; template<class> struct object;
string_view origin; pair<string_view> authorization; // proffering any
string_view node_id; string_view access_token; // proffering user
string_view access_token; m::request::x_matrix x_matrix; // proferring server
m::user::id::buf user_id; string_view node_id; // authenticated server
string_view origin; // authenticated server
m::user::id::buf user_id; // authenticated user
request(const method &, const client &, ircd::resource::request &r); request(const method &, const client &, ircd::resource::request &r);
request() = default; request() = default;

View file

@ -137,11 +137,27 @@ ircd::m::resource::request::request(const method &method,
{ {
r r
} }
,origin ,authorization
{ {
//NOTE: may be assigned by authenticate_user() split(head.authorization, ' ')
}
,access_token
{
iequals(authorization.first, "Bearer"_sv)?
authorization.second:
query["access_token"]
}
,x_matrix
{
!access_token && iequals(authorization.first, "X-Matrix"_sv)?
m::request::x_matrix{authorization.first, authorization.second}:
m::request::x_matrix{}
} }
,node_id ,node_id
{
//NOTE: may be assigned by authenticate_node()
}
,origin
{ {
// Server X-Matrix header verified here. Similar to client auth, origin // Server X-Matrix header verified here. Similar to client auth, origin
// which has been authed is referenced in the client.request. If the method // which has been authed is referenced in the client.request. If the method
@ -151,10 +167,6 @@ ircd::m::resource::request::request(const method &method,
// apropos for this request (i.e a client request rather than federation). // apropos for this request (i.e a client request rather than federation).
authenticate_node(method, client, *this) authenticate_node(method, client, *this)
} }
,access_token
{
//NOTE: may be assigned by authenticate_user()
}
,user_id ,user_id
{ {
// Client access token verified here. On success, user_id owning the token // Client access token verified here. On success, user_id owning the token
@ -175,39 +187,23 @@ ircd::m::authenticate_user(const resource::method &method,
const client &client, const client &client,
resource::request &request) resource::request &request)
{ {
request.access_token =
{
request.query["access_token"]
};
if(empty(request.access_token))
{
const auto authorization
{
split(request.head.authorization, ' ')
};
if(iequals(authorization.first, "bearer"_sv))
request.access_token = authorization.second;
}
assert(method.opts); assert(method.opts);
const auto requires_auth const auto requires_auth
{ {
method.opts->flags & resource::method::REQUIRES_AUTH method.opts->flags & resource::method::REQUIRES_AUTH
}; };
if(!request.access_token && requires_auth) m::user::id::buf ret;
if(!request.access_token && !requires_auth)
return ret;
if(!request.access_token)
throw m::error throw m::error
{ {
http::UNAUTHORIZED, "M_MISSING_TOKEN", http::UNAUTHORIZED, "M_MISSING_TOKEN",
"Credentials for this method are required but missing." "Credentials for this method are required but missing."
}; };
m::user::id::buf ret;
if(!request.access_token)
return ret;
static const m::event::fetch::opts fopts static const m::event::fetch::opts fopts
{ {
m::event::keys::include {"sender"} m::event::keys::include {"sender"}
@ -252,14 +248,9 @@ try
method.opts->flags & resource::method::VERIFY_ORIGIN method.opts->flags & resource::method::VERIFY_ORIGIN
}; };
const auto authorization
{
split(request.head.authorization, ' ')
};
const bool supplied const bool supplied
{ {
iequals(authorization.first, "X-Matrix"_sv) !empty(x_matrix.origin)
}; };
if(!required && !supplied) if(!required && !supplied)
@ -280,14 +271,13 @@ try
request.head.host request.head.host
}; };
const m::request::x_matrix x_matrix
{
request.head.authorization
};
const m::request object const m::request object
{ {
x_matrix.origin, request.head.host, method.name, request.head.uri, request.content x_matrix.origin,
request.head.host,
method.name,
request.head.uri,
request.content
}; };
if(x_matrix_verify_origin && !object.verify(x_matrix.key, x_matrix.sig)) if(x_matrix_verify_origin && !object.verify(x_matrix.key, x_matrix.sig))
@ -297,9 +287,8 @@ try
"The X-Matrix Authorization is invalid." "The X-Matrix Authorization is invalid."
}; };
request.origin = x_matrix.origin;
request.node_id = request.origin; //TODO: remove request.node_id. request.node_id = request.origin; //TODO: remove request.node_id.
return request.origin; return x_matrix.origin;
} }
catch(const m::error &) catch(const m::error &)
{ {