mirror of
https://github.com/balzack/databag.git
synced 2025-02-12 11:39:17 +00:00
130 lines
3.7 KiB
Go
130 lines
3.7 KiB
Go
package databag
|
|
|
|
import (
|
|
"databag/internal/store"
|
|
"encoding/hex"
|
|
"github.com/theckman/go-securerandom"
|
|
"github.com/pquerna/otp/totp"
|
|
"github.com/pquerna/otp"
|
|
"gorm.io/gorm"
|
|
"net/http"
|
|
"errors"
|
|
"time"
|
|
)
|
|
|
|
//AddAccountApp with access token, attach an app to an account generating agent token
|
|
func AddAccountApp(w http.ResponseWriter, r *http.Request) {
|
|
|
|
account, res := AccountLogin(r)
|
|
if res != nil {
|
|
ErrResponse(w, http.StatusUnauthorized, res)
|
|
return
|
|
}
|
|
|
|
curTime := time.Now().Unix()
|
|
if account.MFAFailedTime + APPMFAFailPeriod > curTime && account.MFAFailedCount > APPMFAFailCount {
|
|
ErrResponse(w, http.StatusTooManyRequests, errors.New("temporarily locked"))
|
|
return;
|
|
}
|
|
|
|
if account.MFAEnabled && account.MFAConfirmed {
|
|
code := r.FormValue("code")
|
|
if code == "" {
|
|
ErrResponse(w, http.StatusMethodNotAllowed, errors.New("totp code required"))
|
|
return;
|
|
}
|
|
|
|
opts := totp.ValidateOpts{Period: 30, Skew: 1, Digits: otp.DigitsSix, Algorithm: otp.AlgorithmSHA256}
|
|
if valid, _ := totp.ValidateCustom(code, account.MFASecret, time.Now(), opts); !valid {
|
|
err := store.DB.Transaction(func(tx *gorm.DB) error {
|
|
if account.MFAFailedTime + APPMFAFailPeriod > curTime {
|
|
account.MFAFailedCount += 1;
|
|
if res := tx.Model(account).Update("mfa_failed_count", account.MFAFailedCount).Error; res != nil {
|
|
return res
|
|
}
|
|
} else {
|
|
account.MFAFailedTime = curTime
|
|
if res := tx.Model(account).Update("mfa_failed_time", account.MFAFailedTime).Error; res != nil {
|
|
return res
|
|
}
|
|
account.MFAFailedCount = 1
|
|
if res := tx.Model(account).Update("mfa_failed_count", account.MFAFailedCount).Error; res != nil {
|
|
return res
|
|
}
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
LogMsg("failed to increment fail count");
|
|
}
|
|
|
|
ErrResponse(w, http.StatusForbidden, errors.New("invalid code"))
|
|
return
|
|
}
|
|
}
|
|
|
|
// parse authentication token
|
|
appName := r.FormValue("appName")
|
|
appVersion := r.FormValue("appVersion")
|
|
platform := r.FormValue("platform")
|
|
deviceToken := r.FormValue("deviceToken")
|
|
pushType := r.FormValue("pushType")
|
|
|
|
// parse requested notifications
|
|
var notifications []Notification
|
|
if err := ParseRequest(r, w, ¬ifications); err != nil {
|
|
ErrMsg(err);
|
|
}
|
|
|
|
// gernate app token
|
|
data, err := securerandom.Bytes(APPTokenSize)
|
|
if err != nil {
|
|
ErrResponse(w, http.StatusInternalServerError, err)
|
|
return
|
|
}
|
|
access := hex.EncodeToString(data)
|
|
|
|
login := LoginAccess{
|
|
GUID: account.GUID,
|
|
AppToken: account.GUID + "." + access,
|
|
PushSupported: getBoolConfigValue(CNFPushSupported, true),
|
|
}
|
|
|
|
// save app and delete token
|
|
err = store.DB.Transaction(func(tx *gorm.DB) error {
|
|
|
|
// create session
|
|
session := &store.Session{}
|
|
session.AccountID = account.GUID
|
|
session.Token = access
|
|
session.AppName = appName
|
|
session.AppVersion = appVersion
|
|
session.Platform = platform
|
|
session.PushToken = deviceToken
|
|
session.PushType = pushType
|
|
session.PushEnabled = pushType != ""
|
|
if res := tx.Save(session).Error; res != nil {
|
|
return res
|
|
}
|
|
login.Created = session.Created
|
|
|
|
for _, notification := range notifications {
|
|
pushEvent := &store.PushEvent{}
|
|
pushEvent.SessionID = session.ID
|
|
pushEvent.Event = notification.Event
|
|
pushEvent.MessageTitle = notification.MessageTitle
|
|
pushEvent.MessageBody = notification.MessageBody
|
|
if res := tx.Save(pushEvent).Error; res != nil {
|
|
return res
|
|
}
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
ErrResponse(w, http.StatusInternalServerError, err)
|
|
return
|
|
}
|
|
|
|
WriteResponse(w, login)
|
|
}
|