MirrorHub/construct
0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-19 16:30:52 +01:00
Code Issues Releases Wiki Activity

ircd: Simplify the exception flow for request auth even though it separates throw points.

Browse source
This commit is contained in:
Jason Volk 2018-03-11 11:27:21 -07:00
parent bbd2cbc15b
commit f5904dc69d
1 changed files with 29 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
ircd/resource.cc
View file

@ -119,15 +119,14 @@ noexcept
namespace ircd namespace ircd
{ {
static void verify_origin(client &client, resource::method &method, resource::request &request); static bool verify_origin(client &client, resource::method &method, resource::request &request);
static void authenticate(client &client, resource::method &method, resource::request &request); static bool authenticate(client &client, resource::method &method, resource::request &request);
} }
void bool
ircd::authenticate(client &client, ircd::authenticate(client &client,
resource::method &method, resource::method &method,
resource::request &request) resource::request &request)
try
{ {
request.access_token = request.access_token =
{ {
@ -145,36 +144,25 @@ try
request.access_token = authorization.second; request.access_token = authorization.second;
} }
const bool result if(!request.access_token)
{
request.access_token &&
m::user::tokens.get(std::nothrow, "ircd.access_token"_sv, request.access_token, [&request]
(const m::event &event)
{
// The user sent this access token to the tokens room
request.user_id = m::user::id{at<"sender"_>(event)};
})
};
if(!result)
throw m::error throw m::error
{ {
// When credentials are required but missing or invalid, the HTTP call will return with http::UNAUTHORIZED, "M_MISSING_TOKEN",
// a status of 401 and the error code, M_MISSING_TOKEN or M_UNKNOWN_TOKEN respectively. "Credentials for this method are required but missing."
http::UNAUTHORIZED, "M_UNKNOWN_TOKEN", "Credentials for this method are required but invalid."
}; };
}
catch(const std::out_of_range &e) return m::user::tokens.get(std::nothrow, "ircd.access_token", request.access_token, [&request]
{ (const m::event &event)
throw m::error
{ {
// When credentials are required but missing or invalid, the HTTP call will return with // The user sent this access token to the tokens room
// a status of 401 and the error code, M_MISSING_TOKEN or M_UNKNOWN_TOKEN respectively. request.user_id = m::user::id
http::UNAUTHORIZED, "M_MISSING_TOKEN", "Credentials for this method are required but missing." {
}; at<"sender"_>(event)
};
});
} }
void bool
ircd::verify_origin(client &client, ircd::verify_origin(client &client,
resource::method &method, resource::method &method,
resource::request &request) resource::request &request)
@ -195,16 +183,7 @@ try
object.verify(x_matrix.key, x_matrix.sig) object.verify(x_matrix.key, x_matrix.sig)
}; };
if(!verified) return verified;
throw m::error
{
http::UNAUTHORIZED, "M_INVALID_SIGNATURE",
"The X-Matrix Authorization is invalid."
};
}
catch(const m::error &)
{
throw;
} }
catch(const std::exception &e) catch(const std::exception &e)
{ {
@ -298,10 +277,20 @@ ircd::resource::operator()(client &client,
}; };
if(method.opts.flags & method.REQUIRES_AUTH) if(method.opts.flags & method.REQUIRES_AUTH)
authenticate(client, method, client.request); if(!authenticate(client, method, client.request))
throw m::error
{
http::UNAUTHORIZED, "M_UNKNOWN_TOKEN",
"Credentials for this method are required but invalid."
};
if(method.opts.flags & method.VERIFY_ORIGIN) if(method.opts.flags & method.VERIFY_ORIGIN)
verify_origin(client, method, client.request); if(!verify_origin(client, method, client.request))
throw m::error
{
http::UNAUTHORIZED, "M_INVALID_SIGNATURE",
"The X-Matrix Authorization is invalid."
};
handle_request(client, method, client.request); handle_request(client, method, client.request);
} }