package databag
import (
"databag/internal/store"
"encoding/hex"
"github.com/theckman/go-securerandom"
"github.com/pquerna/otp/totp"
"github.com/pquerna/otp"
"gorm.io/gorm"
"net/http"
"errors"
"time"
)
//AddAccountApp with access token, attach an app to an account generating agent token
func AddAccountApp(w http.ResponseWriter, r *http.Request) {
account, res := AccountLogin(r)
if res != nil {
ErrResponse(w, http.StatusUnauthorized, res)
return
}
curTime := time.Now().Unix()
if account.MFAFailedTime + APPMFAFailPeriod > curTime && account.MFAFailedCount > APPMFAFailCount {
ErrResponse(w, http.StatusTooManyRequests, errors.New("temporarily locked"))
return;
}
if account.MFAEnabled && account.MFAConfirmed {
code := r.FormValue("code")
if code == "" {
ErrResponse(w, http.StatusMethodNotAllowed, errors.New("totp code required"))
return;
}
opts := totp.ValidateOpts{Period: 30, Skew: 1, Digits: otp.DigitsSix, Algorithm: otp.AlgorithmSHA256}
if valid, _ := totp.ValidateCustom(code, account.MFASecret, time.Now(), opts); !valid {
err := store.DB.Transaction(func(tx *gorm.DB) error {
if account.MFAFailedTime + APPMFAFailPeriod > curTime {
account.MFAFailedCount += 1;
if res := tx.Model(account).Update("mfa_failed_count", account.MFAFailedCount).Error; res != nil {
return res
}
} else {
account.MFAFailedTime = curTime
if res := tx.Model(account).Update("mfa_failed_time", account.MFAFailedTime).Error; res != nil {
return res
}
account.MFAFailedCount = 1
if res := tx.Model(account).Update("mfa_failed_count", account.MFAFailedCount).Error; res != nil {
return res
}
}
return nil
})
if err != nil {
LogMsg("failed to increment fail count");
}
ErrResponse(w, http.StatusForbidden, errors.New("invalid code"))
return
}
}
// parse authentication token
appName := r.FormValue("appName")
appVersion := r.FormValue("appVersion")
platform := r.FormValue("platform")
deviceToken := r.FormValue("deviceToken")
pushType := r.FormValue("pushType")
// parse requested notifications
var notifications []Notification
if err := ParseRequest(r, w, ¬ifications); err != nil {
ErrMsg(err);
}
// gernate app token
data, err := securerandom.Bytes(APPTokenSize)
if err != nil {
ErrResponse(w, http.StatusInternalServerError, err)
return
}
access := hex.EncodeToString(data)
login := LoginAccess{
GUID: account.GUID,
AppToken: account.GUID + "." + access,
PushSupported: getBoolConfigValue(CNFPushSupported, true),
}
// save app and delete token
err = store.DB.Transaction(func(tx *gorm.DB) error {
// create session
session := &store.Session{}
session.AccountID = account.GUID
session.Token = access
session.AppName = appName
session.AppVersion = appVersion
session.Platform = platform
session.PushToken = deviceToken
session.PushType = pushType
session.PushEnabled = pushType != ""
if res := tx.Save(session).Error; res != nil {
return res
}
login.Created = session.Created
for _, notification := range notifications {
pushEvent := &store.PushEvent{}
pushEvent.SessionID = session.ID
pushEvent.Event = notification.Event
pushEvent.MessageTitle = notification.MessageTitle
pushEvent.MessageBody = notification.MessageBody
if res := tx.Save(pushEvent).Error; res != nil {
return res
}
}
return nil
})
if err != nil {
ErrResponse(w, http.StatusInternalServerError, err)
return
}
WriteResponse(w, login)
}