Modify: create Web Authn instance when needed
This commit is contained in:
HFO4
parent
ce2a70df68
commit
ef42ec3927
5 changed files with 34 additions and 35 deletions
|
|
@ -4,7 +4,6 @@ import (
|
|||
model "github.com/HFO4/cloudreve/models"
|
||||
"github.com/HFO4/cloudreve/pkg/aria2"
|
||||
"github.com/HFO4/cloudreve/pkg/auth"
|
||||
"github.com/HFO4/cloudreve/pkg/authn"
|
||||
"github.com/HFO4/cloudreve/pkg/cache"
|
||||
"github.com/HFO4/cloudreve/pkg/conf"
|
||||
"github.com/HFO4/cloudreve/pkg/crontab"
|
||||
|
|
@ -24,7 +23,6 @@ func Init(path string) {
|
|||
cache.Init()
|
||||
if conf.SystemConfig.Mode == "master" {
|
||||
model.Init()
|
||||
authn.Init()
|
||||
task.Init()
|
||||
aria2.Init()
|
||||
email.Init()
|
||||
|
|
|
|||
|
|
@ -2,26 +2,15 @@ package authn
|
|||
|
||||
import (
|
||||
model "github.com/HFO4/cloudreve/models"
|
||||
"github.com/HFO4/cloudreve/pkg/util"
|
||||
"github.com/duo-labs/webauthn/webauthn"
|
||||
"sync"
|
||||
)
|
||||
|
||||
var AuthnInstance *webauthn.WebAuthn
|
||||
var Lock sync.RWMutex
|
||||
|
||||
// Init 初始化webauthn
|
||||
func Init() {
|
||||
Lock.Lock()
|
||||
defer Lock.Unlock()
|
||||
var err error
|
||||
// NewAuthnInstance 新建Authn实例
|
||||
func NewAuthnInstance() (*webauthn.WebAuthn, error) {
|
||||
base := model.GetSiteURL()
|
||||
AuthnInstance, err = webauthn.New(&webauthn.Config{
|
||||
return webauthn.New(&webauthn.Config{
|
||||
RPDisplayName: model.GetSettingByName("siteName"), // Display Name for your site
|
||||
RPID: base.Hostname(), // Generally the FQDN for your site
|
||||
RPOrigin: base.String(), // The origin URL for WebAuthn requests
|
||||
})
|
||||
if err != nil {
|
||||
util.Log().Error("无法初始化WebAuthn, %s", err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,8 +10,7 @@ func TestInit(t *testing.T) {
|
|||
asserts := assert.New(t)
|
||||
cache.Set("setting_siteURL", "http://cloudreve.org", 0)
|
||||
cache.Set("setting_siteName", "Cloudreve", 0)
|
||||
asserts.NotPanics(func() {
|
||||
Init()
|
||||
})
|
||||
asserts.NotNil(AuthnInstance)
|
||||
res, err := NewAuthnInstance()
|
||||
asserts.NotNil(res)
|
||||
asserts.NoError(err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
package controllers
|
||||
|
||||
import (
|
||||
"github.com/HFO4/cloudreve/pkg/authn"
|
||||
"github.com/HFO4/cloudreve/pkg/request"
|
||||
"github.com/HFO4/cloudreve/pkg/serializer"
|
||||
"github.com/HFO4/cloudreve/service/admin"
|
||||
|
|
@ -64,8 +63,6 @@ func AdminGetGroups(c *gin.Context) {
|
|||
func AdminReloadService(c *gin.Context) {
|
||||
service := c.Param("service")
|
||||
switch service {
|
||||
case "authn":
|
||||
authn.Init()
|
||||
}
|
||||
|
||||
c.JSON(200, serializer.Response{})
|
||||
|
|
|
|||
|
|
@ -23,9 +23,13 @@ func StartLoginAuthn(c *gin.Context) {
|
|||
return
|
||||
}
|
||||
|
||||
authn.Lock.RLock()
|
||||
options, sessionData, err := authn.AuthnInstance.BeginLogin(expectedUser)
|
||||
authn.Lock.RUnlock()
|
||||
instance, err := authn.NewAuthnInstance()
|
||||
if err != nil {
|
||||
c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
|
||||
return
|
||||
}
|
||||
|
||||
options, sessionData, err := instance.BeginLogin(expectedUser)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(200, ErrorResponse(err))
|
||||
|
|
@ -58,9 +62,13 @@ func FinishLoginAuthn(c *gin.Context) {
|
|||
var sessionData webauthn.SessionData
|
||||
err = json.Unmarshal(sessionDataJSON, &sessionData)
|
||||
|
||||
authn.Lock.RLock()
|
||||
_, err = authn.AuthnInstance.FinishLogin(expectedUser, sessionData, c.Request)
|
||||
authn.Lock.RUnlock()
|
||||
instance, err := authn.NewAuthnInstance()
|
||||
if err != nil {
|
||||
c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
|
||||
return
|
||||
}
|
||||
|
||||
_, err = instance.FinishLogin(expectedUser, sessionData, c.Request)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(200, serializer.Err(401, "登录验证失败", err))
|
||||
|
|
@ -77,9 +85,13 @@ func FinishLoginAuthn(c *gin.Context) {
|
|||
func StartRegAuthn(c *gin.Context) {
|
||||
currUser := CurrentUser(c)
|
||||
|
||||
authn.Lock.RLock()
|
||||
options, sessionData, err := authn.AuthnInstance.BeginRegistration(currUser)
|
||||
authn.Lock.RUnlock()
|
||||
instance, err := authn.NewAuthnInstance()
|
||||
if err != nil {
|
||||
c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
|
||||
return
|
||||
}
|
||||
|
||||
options, sessionData, err := instance.BeginRegistration(currUser)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(200, ErrorResponse(err))
|
||||
|
|
@ -106,9 +118,13 @@ func FinishRegAuthn(c *gin.Context) {
|
|||
var sessionData webauthn.SessionData
|
||||
err := json.Unmarshal(sessionDataJSON, &sessionData)
|
||||
|
||||
authn.Lock.RLock()
|
||||
credential, err := authn.AuthnInstance.FinishRegistration(currUser, sessionData, c.Request)
|
||||
authn.Lock.RUnlock()
|
||||
instance, err := authn.NewAuthnInstance()
|
||||
if err != nil {
|
||||
c.JSON(200, serializer.Err(serializer.CodeInternalSetting, "无法初始化Authn", err))
|
||||
return
|
||||
}
|
||||
|
||||
credential, err := instance.FinishRegistration(currUser, sessionData, c.Request)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(200, ErrorResponse(err))
|
||||
|
|
|
|||
Loading…
Reference in a new issue