git.defcon.no Git - hermes/blob - api/lib/auth_base.php

   1 <?php
   2 require_once('config.php');
   3
   4 $config = get_config();
   5
   6 /*******************************
   7 * Load authentication plugin ..
   8 *******************************/
   9 if ( preg_match('/^\w+$/', $config['auth_backend']))
  10 {
  11         if ( !@include_once ( 'lib/auth_plugins/' . $config['auth_backend'] . ".php" ) )
  12         {  print json_encode( array( 'response' => 'error', 'cause' => 'auth-load' ) ); exit; }
  13 }
  14 else
  15 {  print json_encode( array( 'response' => 'error', 'cause' => 'config-error' ) ); exit; }
  16 /*******************************/
  17
  18 function apikey_verify( $key )
  19 {
  20         if ( $key == "6327c08b70f9" ) return 1;
  21         return false;
  22 }
  23
  24 function new_key( $hex = false )
  25 {
  26         // Basically this is at the moment a slightly modified
  27         // version of generate_password() from user_functiions.php
  28         // The behaviour/output of this function is expected to change
  29         // so using generate_password() directly does not make sense...
  30         $length = 16;
  31         $string = "";
  32          while ( strlen( $string ) < $length )
  33          {
  34                 if ( $hex )
  35                         $string .= substr(md5(rand().rand()), 0, $length);
  36                 else
  37                 {
  38                         $string .= crypt( substr(sha1(rand()), 0, $length) );
  39                         $string = preg_replace( '/\W/', '', $string);
  40                 }
  41          }
  42         return substr( $string, 0, $length );
  43 }
  44
  45 function simple_authfail()
  46 {
  47         print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Not authorized') );
  48         exit;
  49 }
  50
  51 function token_auth( )
  52 {
  53         global $_GET;
  54
  55         // TODO: Part of ping/pong requirement.
  56         // Run a function to clear all authkeys older than 5 minutes.
  57         // expire_authkeys();
  58
  59         if ( array_key_exists('session', $_GET )
  60              && array_key_exists('auth_key', $_GET ) )
  61         {
  62                 if ( ! check_session($_GET['session'] ) ) simple_authfail();
  63                 if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail();
  64         }
  65         else simple_authfail();
  66 }
  67
  68 function get_cookie_path ()
  69 {
  70         $name = $_SERVER["SCRIPT_NAME"];
  71         $file = basename($name);
  72         $path = preg_replace("/".$file."/", "", $name);
  73         return $path;
  74
  75 }
  76
  77 function check_authkey ( $key )
  78 {
  79         // TODO: Make real, actual checks...
  80         if ( $key ) return true;
  81         return false;
  82 }
  83
  84 function update_authkey ( $session, $authid )
  85 {
  86         $key = substr(new_key(), 0, 8);
  87         return $key;
  88 }
  89
  90 function check_session ( $name )
  91 {
  92         session_name( $name );
  93         session_start();
  94         if ( ! $_SESSION['authid'] )
  95         {
  96                 return clear_credentials($name);
  97         }
  98         if ( ! $_COOKIE['client_key'] )
  99         {
 100                 return clear_credentials($name);
 101         }
 102
 103         $authid = $_SESSION['authid'];
 104         $type   = $_SESSION['type'];
 105         $client_key = $_COOKIE['client_key'];
 106
 107         $level = get_authorization( $type, $authid );
 108         if ( $level == false )
 109         {
 110                 return clear_credentials($name);
 111         }
 112
 113         $session_key = md5( $name . $authid );
 114         if ( $client_key != $session_key )
 115         {
 116                 return clear_credentials($name);
 117         }
 118
 119         // TODO: Database checks?
 120
 121         // TODO: Refresh cookie
 122
 123         // If we got this far, things are looking good.
 124         return true;
 125 }
 126
 127 function set_credentials( $authid, $type )
 128 {
 129         $name = new_key(true);
 130         session_name( $name );
 131         session_start();
 132         $_SESSION['authid'] = $authid;
 133         $_SESSION['type']   = $type;
 134
 135         $client_key  = md5( $name . $authid );
 136         setcookie('client_key', $client_key, time()+180*60, get_cookie_path() );
 137
 138         // TODO: Stuff data to database for further checks?
 139         // TODO: Do magic with the KEY
 140
 141         return $name;
 142 }
 143
 144 function clear_credentials($name)
 145 {
 146         setcookie('client_key', '', 0, get_cookie_path() );
 147         setcookie($name, '', 0, "/");
 148
 149         $_SESSION = array();
 150         session_destroy();
 151         return false;
 152 }
 153 function get_authorization()
 154 {
 155         return 1;
 156 }
 157 function can_write ( )
 158 {
 159         // Stub, to be called on any API nodes that write data in the DB.
 160         $authid = $_SESSION['authid'];
 161         $type   = $_SESSION['type'];
 162         $level = get_authorization( $type, $authid );
 163         return true;
 164 }
 165
 166 ?>