diff options
| author | polwex <polwex@sortug.com> | 2025-06-22 23:11:11 +0700 |
|---|---|---|
| committer | polwex <polwex@sortug.com> | 2025-06-22 23:11:11 +0700 |
| commit | 6fb80b2d94a5282c8350278e299bfcb2d0b60d40 (patch) | |
| tree | be85636f67322948181bf59519dfe998f7d7b6b1 /lib/metamask.hoon | |
| parent | 4e2a84761b95a29c02c77c575810ab49f2af7335 (diff) | |
Diffstat (limited to 'lib/metamask.hoon')
| -rw-r--r-- | lib/metamask.hoon | 147 |
1 files changed, 24 insertions, 123 deletions
diff --git a/lib/metamask.hoon b/lib/metamask.hoon index 3456692..09e2f66 100644 --- a/lib/metamask.hoon +++ b/lib/metamask.hoon @@ -1,70 +1,53 @@ -/+ naive, ethereum, server, sr=sortug -=> -|% -+$ challenges (set secret) -+$ secret @uv -+$ authorization - $: who=@p - =secret - adr=tape - sig=tape - == -:: +$ user-sessions (map coki=@ [proven=@p src=@p]) -+$ user-sessions (map coki=@ ship=@p) -+$ sessions - $: =challenges - users=user-sessions - == --- -|_ [=sessions =bowl:gall] -+$ sess ^sessions -:: state field to keep track of users logged with metamask - :: this goes on the router +/- coki +/+ naive, ethereum, sr=sortug, cokil=coki, server +|_ [=sessions:coki =bowl:gall] ++* cokilib ~(. cokil [sessions bowl]) + ++ serve-metamask-challenge |= eyre-id=@ta :: special-case MetaMask auth handling =/ new-challenge (sham [now eny]:bowl) - %+ weld (self-poke [%meta new-challenge]) + =/ jon (enjs-challenge new-challenge) + %+ weld (send-self-poke:cokilib [%meta new-challenge]) %+ give-simple-payload:app:server eyre-id - ^- simple-payload:http - :- :- 200 - ~[['Content-Type' 'application/json']] - `(as-octs:mimes:html (en:json:html (enjs-challenge new-challenge))) + (json-response:gen:server jon) + :: :: Modified from ~rabsef-bicrym's %mask by ~hanfel-dovned. ++ process-metamask-auth - |= [order-id=@t octs=(unit octs)] - ^- (list card:agent:gall) + |= [order-id=@t octs=(unit octs) redirect-path=@t base-slug=@t] + ^- (each (list card:agent:gall) [@ud @t]) =/ challenges challenges.sessions |^ - ?~ octs ~|(%empty-auth-request !!) + ?~ octs [%.n 403 %empty-auth-request] :: ?. =('auth' (cut 3 [0 4] q.u.octs)) :: *(list card:agent:gall) =/ jon (de:json:html q.u.octs) - ?~ jon ~|(%empty-auth-json !!) + ?~ jon [%.n 403 %empty-auth-json] =/ body=json u.jon =/ axn (dejs-action body) - =/ is-valid (validate who.axn secret.axn adr.axn sig.axn) - ~& >> signature-valid=[is-valid who.axn secret.axn adr.axn sig.axn] - ?. is-valid ~|(%bad-metamask-signature !!) + =/ is-valid (validate who.axn challenge.axn adr.axn sig.axn) + ~& >> signature-valid=[is-valid who.axn challenge.axn adr.axn sig.axn] + ?. is-valid [%.n 403 %bad-metamask-signature] - =/ coki-hash session-hash - =/ coki (session-cookie-string coki-hash who.axn) + =/ coki-hash session-hash:cokilib + =/ coki (session-cookie-string:cokilib coki-hash who.axn base-slug) + :- %.y %+ weld - (self-poke [%auth who.axn coki-hash secret.axn]) + (send-self-poke:cokilib [%coki who.axn coki-hash challenge.axn]) %+ give-simple-payload:app:server order-id ^- simple-payload:http :- :- 303 :~ ['set-cookie' coki] - ['location' '/zodiac'] + ['location' redirect-path] == =/ obj=json %- pairs:enjs:format :~([%login-ok [%b .y]]) `(as-octs:mimes:html (en:json:html obj)) ++ validate - |= [who=@p challenge=secret address=tape hancock=tape] + |= [who=@p =challenge:coki address=tape hancock=tape] ^- ? =/ addy (from-tape address) =/ cock (from-tape hancock) @@ -127,13 +110,13 @@ == ++ dejs-action |= jon=json - ^- authorization + ^- authorization:cokilib =, dejs:format %. jon %- ot :: :~ [%who (se %p)] :~ [%who ni] - [%secret (se %uv)] + [%challenge (se %uv)] [%address sa] [%signature sa] == @@ -145,87 +128,5 @@ %- pairs :~ [%challenge [%s (scot %uv chal)]] == - ++ self-poke - |= noun=* - ^- (list card:agent:gall) - :~ [%pass /gib %agent [our.bowl dap.bowl] %poke %noun !>(noun)] - == - - :: these are the poke handlers - ++ handle-meta - |= new-challenge=@ ^- ^sessions - :: =? users.sessions - :: !(~(has by users.sessions) src.bowl) - :: (~(put by users.sessions) [src.bowl src.bowl]) - :: =? challenges.sessions - :: =(src.bowl (~(got by users.sessions) src.bowl)) - =. challenges.sessions - (~(put in challenges.sessions) new-challenge) - sessions - ++ handle-auth - |= [who=@p coki=@ =secret] ^- ^sessions - :: ~& > "%ustj: Successful authentication of {<src>} as {<who>}." - =. users.sessions (~(put by users.sessions) coki who) - =. challenges.sessions (~(del in challenges.sessions) secret) - sessions - - ++ session-timeout - |% - ++ auth ~d30 - ++ guest ~d7 - -- - ++ session-hash - (~(raw og (shas %coki eny.bowl)) 128) - ++ session-cookie-string |= [session=@ proven=@p] - ^- @t - =/ max-age=tape %- a-co:co - =/ its-a-me .=(src.bowl our.bowl) - =, session-timeout - (div (msec:milly ?:(its-a-me auth guest)) 1.000) - %- crip - "urbneo-{(scow %p proven)}={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}" - :: "urbneo={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}" - ++ validate-coki |= coki=@t ^- (unit @p) - ~& >> validating-coki=coki - =/ cookies (rush coki cock:de-purl:html) - ~& cookies=cookies - ?~ cookies ~ - =/ cokis=(list [@t @t]) u.cookies - |- - ?~ cokis ~ - =/ hd i.cokis - :: ?: (contains:string:sr (trip hd) "urbneo") - ~& key=-.hd - =/ hash (slaw:parsing:sr %uv +.hd) - ?~ hash $(cokis t.cokis) - ~& hash=`@uv`u.hash - =/ sess (~(get by users.sessions) u.hash) - ~& sess=sess - ?~ sess $(cokis t.cokis) - `u.sess - ++ parse-coki |= coki=@t - =/ cookies (rush coki cock:de-purl:html) - ?~ cookies users.sessions - =/ cokis=(list [@t @t]) u.cookies - |- - ?~ cokis users.sessions - =/ hd i.cokis - :: ?: (contains:string:sr (trip hd) "urbneo") - ~& key=-.hd - =/ hash (slaw:parsing:sr %uv +.hd) - ?~ hash $(cokis t.cokis) - =/ sess (~(get by users.sessions) u.hash) - ?~ sess $(cokis t.cokis) - (~(del by users.sessions) u.hash) - - ++ logout |= [order-id=@t coki=@t] - (self-poke [%logout order-id coki]) - ++ handle-logout |= [order-id=@t coki=@t] - ~& handling-logout=coki - =/ new-users (parse-coki coki) - :_ sessions(users new-users) - %+ give-simple-payload:app:server - order-id - (redirect:gen:server '/zodiac/login') -- |