bbgo_origin/pkg/interact/auth.go

129 lines
3.2 KiB
Go
Raw Normal View History

package interact
import (
"errors"
"os"
"time"
"github.com/pquerna/otp"
"github.com/pquerna/otp/totp"
log "github.com/sirupsen/logrus"
)
type AuthMode string
const (
AuthModeOTP AuthMode = "OTP"
AuthModeToken AuthMode = "TOKEN"
)
var ErrAuthenticationFailed = errors.New("authentication failed")
2022-01-13 17:58:04 +00:00
type Authorizer interface {
StartAuthorizing()
2022-01-13 17:58:04 +00:00
Authorize() error
}
type AuthInteract struct {
2022-01-13 17:58:04 +00:00
Strict bool `json:"strict,omitempty"`
Mode AuthMode `json:"authMode"`
Token string `json:"authToken,omitempty"`
OneTimePasswordKey *otp.Key `json:"otpKey,omitempty"`
}
func (it *AuthInteract) Commands(interact *Interact) {
2022-01-13 17:58:04 +00:00
if it.Strict {
// generate a one-time-use otp
if it.OneTimePasswordKey == nil {
opts := totp.GenerateOpts{
Issuer: "interact",
AccountName: os.Getenv("USER"),
Period: 30,
}
log.Infof("[interact] one-time password key is not configured, generating one with %+v", opts)
key, err := totp.Generate(opts)
if err != nil {
panic(err)
}
it.OneTimePasswordKey = key
}
interact.Command("/auth", "authorize", func(reply Reply, session Session) error {
reply.Message("Please enter your authentication token")
session.SetAuthorizing(true)
2022-01-13 17:58:04 +00:00
return nil
}).Next(func(token string, reply Reply) error {
if token == it.Token {
reply.Message("Token passed, please enter your one-time password")
code, err := totp.GenerateCode(it.OneTimePasswordKey.Secret(), time.Now())
if err != nil {
return err
}
log.Infof("[interact] ======================================")
log.Infof("[interact] your one-time password code: %s", code)
log.Infof("[interact] ======================================")
return nil
}
2022-01-13 17:58:04 +00:00
return ErrAuthenticationFailed
}).NamedNext(StateAuthenticated, func(code string, reply Reply, session Session) error {
if totp.Validate(code, it.OneTimePasswordKey.Secret()) {
reply.Message("Great! You're authenticated!")
session.SetOriginState(StateAuthenticated)
session.SetAuthorized()
return nil
}
2022-01-13 17:58:04 +00:00
reply.Message("Incorrect authentication code")
return ErrAuthenticationFailed
})
} else {
2022-04-17 04:46:08 +00:00
interact.Command("/auth", "authorize", func(reply Reply, session Session) error {
2022-04-16 13:25:46 +00:00
switch it.Mode {
case AuthModeToken:
2022-04-17 04:46:08 +00:00
session.SetAuthorizing(true)
2022-04-16 13:25:46 +00:00
reply.Message("Enter your authentication token")
case AuthModeOTP:
2022-04-17 04:46:08 +00:00
session.SetAuthorizing(true)
2022-04-16 13:25:46 +00:00
reply.Message("Enter your one-time password")
default:
log.Warnf("unexpected auth mode: %s", it.Mode)
2022-04-16 13:25:46 +00:00
}
2022-01-13 17:58:04 +00:00
return nil
}).NamedNext(StateAuthenticated, func(code string, reply Reply, session Session) error {
2022-01-13 17:58:04 +00:00
switch it.Mode {
case AuthModeToken:
if code == it.Token {
reply.Message("Great! You're authenticated!")
session.SetOriginState(StateAuthenticated)
session.SetAuthorized()
return nil
2022-01-13 17:58:04 +00:00
}
reply.Message("Incorrect authentication token")
2022-01-13 17:58:04 +00:00
case AuthModeOTP:
if totp.Validate(code, it.OneTimePasswordKey.Secret()) {
reply.Message("Great! You're authenticated!")
session.SetOriginState(StateAuthenticated)
session.SetAuthorized()
return nil
2022-01-13 17:58:04 +00:00
}
reply.Message("Incorrect one-time pass code")
default:
log.Warnf("unexpected auth mode: %s", it.Mode)
2022-01-13 17:58:04 +00:00
}
return ErrAuthenticationFailed
})
}
}