2 files changed, 116 insertions, 123 deletions

diff --git a/lib/coki.hoon b/lib/coki.hoon
new file mode 100644
index 0000000..39ea479
--- /dev/null
+++ b/lib/coki.hoon
@@ -0,0 +1,92 @@
+/-  *coki
+/+  server, sr=sortug
+|_  [=sessions =bowl:gall]
++$  sess  ^sessions
+++  session-timeout
+  |%
+  ++  host  ~d30
+  ++  guest  ~d7
+  --
+++  session-hash
+  (~(raw og (shas %coki eny.bowl)) 128)
+++  session-cookie-string  |=  [session=@ proven=@p desk=@tas]
+  ^-  @t
+  =/  max-age=tape  %-  a-co:co
+    =/  its-a-me  .=(src.bowl our.bowl)
+    =,  session-timeout
+    (div (msec:milly ?:(its-a-me host guest)) 1.000)
+  %-  crip
+    "urbcoki-{(trip desk)}-{(scow %p proven)}={(scow:parsing:sr %uv session)}; Path=/{(trip desk)}; HttpOnly; SameSite=Lax; Max-Age={max-age}"
+    :: "urbneo={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}"
+++  validate-coki  |=  coki=@t  ^-  (unit @p)
+  =/  cookies  (rush coki cock:de-purl:html)
+  ~&  cookies=cookies
+  ?~  cookies  ~
+  =/  cokis=(list [@t @t])  u.cookies
+  |-
+    ?~  cokis  ~
+    =/  hd  i.cokis
+    :: ?:  (contains:string:sr (trip hd) "urbneo")
+      =/  hash  (slaw:parsing:sr %uv +.hd)
+      ?~  hash  $(cokis t.cokis)
+      =/  sess  (~(get by users.sessions) u.hash)
+      ?~  sess  $(cokis t.cokis)
+      `u.sess
+++  send-self-poke  |=  poke=self-poke
+  ^-  (list card:agent:gall)
+  :~  [%pass /gib %agent [our.bowl dap.bowl] %poke %coki !>(poke)]
+  ==
+::  handle-self-pokes
+++  handle-self-poke  |=  poke=self-poke
+?-  -.poke
+  %meta    :-  ~  (handle-challenge +.poke)
+  %coki    :-  ~  (handle-coki +.poke)
+  %logout  (handle-logout +.poke)
+==
+++  handle-challenge
+  |=  new-challenge=@  ^-  ^sessions
+  :: =?    users.sessions
+  ::     !(~(has by users.sessions) src.bowl)
+  ::   (~(put by users.sessions) [src.bowl src.bowl])
+  :: =?    challenges.sessions
+  ::     =(src.bowl (~(got by users.sessions) src.bowl))
+    =.  challenges.sessions
+    (~(put in challenges.sessions) new-challenge)
+
+  sessions
+
+
+++  parse-coki  |=  coki=@t
+  =/  cookies  (rush coki cock:de-purl:html)
+  ?~  cookies  users.sessions
+  =/  cokis=(list [@t @t])  u.cookies
+  |-
+    ?~  cokis  users.sessions
+    =/  hd  i.cokis
+    :: ?:  (contains:string:sr (trip hd) "urbneo")
+    =/  hash  (slaw:parsing:sr %uv +.hd)
+    ?~  hash  $(cokis t.cokis)
+    =/  sess  (~(get by users.sessions) u.hash)
+    ?~  sess  $(cokis t.cokis)
+    (~(del by users.sessions) u.hash)
+
+++  logout  |=  [order-id=@t coki=@t redirect=@t]
+  (send-self-poke [%logout order-id coki redirect])
+
+++  handle-logout  |=  [order-id=@t coki=@t redirect=@t]
+  ~&  handling-logout=coki
+  =/  new-users  (parse-coki coki)
+  :_  sessions(users new-users)
+  %+  give-simple-payload:app:server
+    order-id
+  (redirect:gen:server redirect)
+
+  ++  handle-coki
+    |=  [who=@p coki=@ =challenge]  ^-  ^sessions
+    :: ~&  >  "%ustj: Successful authentication of {<src>} as {<who>}."
+    =.  users.sessions        (~(put by users.sessions) coki who)
+    =.  challenges.sessions   (~(del in challenges.sessions) challenge)
+    sessions
+
+  
+--
diff --git a/lib/metamask.hoon b/lib/metamask.hoon
index 3456692..09e2f66 100644
--- a/lib/metamask.hoon
+++ b/lib/metamask.hoon
@@ -1,70 +1,53 @@
-/+  naive, ethereum, server, sr=sortug
-=>
-|%
-+$  challenges  (set secret)
-+$  secret  @uv
-+$  authorization
-  $:  who=@p
-      =secret
-      adr=tape
-      sig=tape
-  ==
-:: +$  user-sessions  (map coki=@ [proven=@p src=@p])
-+$  user-sessions  (map coki=@ ship=@p)
-+$  sessions
-  $:  =challenges
-      users=user-sessions
-  ==
---
-|_  [=sessions =bowl:gall]
-+$  sess  ^sessions
-::  state field to keep track of users logged with metamask
-  ::  this goes on the router
+/-  coki
+/+  naive, ethereum,  sr=sortug, cokil=coki, server
+|_  [=sessions:coki =bowl:gall]
++*  cokilib  ~(. cokil [sessions bowl])
+
   ++  serve-metamask-challenge  
     |=  eyre-id=@ta
     ::  special-case MetaMask auth handling
     =/  new-challenge  (sham [now eny]:bowl)
-    %+  weld  (self-poke [%meta new-challenge])
+    =/  jon  (enjs-challenge new-challenge)
+    %+  weld  (send-self-poke:cokilib [%meta new-challenge])
     %+  give-simple-payload:app:server
       eyre-id
-    ^-  simple-payload:http
-    :-  :-  200
-        ~[['Content-Type' 'application/json']]
-    `(as-octs:mimes:html (en:json:html (enjs-challenge new-challenge)))
+      (json-response:gen:server jon)
+  :: 
   ::  Modified from ~rabsef-bicrym's %mask by ~hanfel-dovned.
   ++  process-metamask-auth
-    |=  [order-id=@t octs=(unit octs)]
-    ^-  (list card:agent:gall)
+    |=  [order-id=@t octs=(unit octs) redirect-path=@t base-slug=@t]
+    ^-  (each (list card:agent:gall) [@ud @t])
     =/  challenges  challenges.sessions
     |^
-    ?~  octs  ~|(%empty-auth-request !!)
+    ?~  octs  [%.n 403 %empty-auth-request]
     :: ?.  =('auth' (cut 3 [0 4] q.u.octs))
     ::   *(list card:agent:gall)
     =/  jon  (de:json:html q.u.octs)
-    ?~  jon  ~|(%empty-auth-json !!)
+    ?~  jon  [%.n 403 %empty-auth-json]
     =/  body=json  u.jon
     =/  axn  (dejs-action body)
-    =/  is-valid  (validate who.axn secret.axn adr.axn sig.axn)
-    ~&  >>  signature-valid=[is-valid who.axn secret.axn adr.axn sig.axn]
-    ?.  is-valid  ~|(%bad-metamask-signature !!)
+    =/  is-valid  (validate who.axn challenge.axn adr.axn sig.axn)
+    ~&  >>  signature-valid=[is-valid who.axn challenge.axn adr.axn sig.axn]
+    ?.  is-valid  [%.n 403 %bad-metamask-signature]
     
-    =/  coki-hash  session-hash
-    =/  coki  (session-cookie-string coki-hash who.axn)
+    =/  coki-hash  session-hash:cokilib
+    =/  coki  (session-cookie-string:cokilib coki-hash who.axn base-slug)
+    :-  %.y
     %+  weld
-    (self-poke [%auth who.axn coki-hash secret.axn])
+    (send-self-poke:cokilib [%coki who.axn coki-hash challenge.axn])
     %+  give-simple-payload:app:server
       order-id
     ^-  simple-payload:http
     :-  :-  303
       :~
         ['set-cookie' coki]
-        ['location' '/zodiac']
+        ['location' redirect-path]
       ==
     =/  obj=json  %-  pairs:enjs:format  :~([%login-ok [%b .y]])
     `(as-octs:mimes:html (en:json:html obj))
     
     ++  validate
-      |=  [who=@p challenge=secret address=tape hancock=tape]
+      |=  [who=@p =challenge:coki address=tape hancock=tape]
       ^-  ?
       =/  addy  (from-tape address)
       =/  cock  (from-tape hancock)
@@ -127,13 +110,13 @@
       ==
     ++  dejs-action
       |=  jon=json
-      ^-  authorization
+      ^-  authorization:cokilib
       =,  dejs:format
       %.  jon
       %-  ot
       :: :~  [%who (se %p)]
       :~  [%who ni]
-          [%secret (se %uv)]
+          [%challenge (se %uv)]
           [%address sa]
           [%signature sa]
       ==
@@ -145,87 +128,5 @@
     %-  pairs
     :~  [%challenge [%s (scot %uv chal)]]
     ==
-  ++  self-poke
-    |=  noun=*
-    ^-  (list card:agent:gall)
-    :~  [%pass /gib %agent [our.bowl dap.bowl] %poke %noun !>(noun)]
-    ==
-
-  ::  these are the poke handlers
-  ++  handle-meta
-    |=  new-challenge=@  ^-  ^sessions
-    :: =?    users.sessions
-    ::     !(~(has by users.sessions) src.bowl)
-    ::   (~(put by users.sessions) [src.bowl src.bowl])
-    :: =?    challenges.sessions
-    ::     =(src.bowl (~(got by users.sessions) src.bowl))
-      =.  challenges.sessions
-      (~(put in challenges.sessions) new-challenge)
 
-    sessions
-  ++  handle-auth
-    |=  [who=@p coki=@ =secret]  ^-  ^sessions
-    :: ~&  >  "%ustj: Successful authentication of {<src>} as {<who>}."
-    =.  users.sessions        (~(put by users.sessions) coki who)
-    =.  challenges.sessions   (~(del in challenges.sessions) secret)
-    sessions
-  
-  ++  session-timeout
-    |%
-    ++  auth   ~d30
-    ++  guest  ~d7
-    --
-  ++  session-hash
-    (~(raw og (shas %coki eny.bowl)) 128)
-  ++  session-cookie-string  |=  [session=@ proven=@p]
-    ^-  @t
-    =/  max-age=tape  %-  a-co:co
-      =/  its-a-me  .=(src.bowl our.bowl)
-      =,  session-timeout
-      (div (msec:milly ?:(its-a-me auth guest)) 1.000)
-    %-  crip
-      "urbneo-{(scow %p proven)}={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}"
-      :: "urbneo={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}"
-  ++  validate-coki  |=  coki=@t  ^-  (unit @p)
-    ~&  >>  validating-coki=coki
-    =/  cookies  (rush coki cock:de-purl:html)
-    ~&  cookies=cookies
-    ?~  cookies  ~
-    =/  cokis=(list [@t @t])  u.cookies
-    |-
-      ?~  cokis  ~
-      =/  hd  i.cokis
-      :: ?:  (contains:string:sr (trip hd) "urbneo")
-        ~&  key=-.hd
-        =/  hash  (slaw:parsing:sr %uv +.hd)
-        ?~  hash  $(cokis t.cokis)
-        ~&  hash=`@uv`u.hash
-        =/  sess  (~(get by users.sessions) u.hash)
-        ~&  sess=sess
-        ?~  sess  $(cokis t.cokis)
-        `u.sess
-  ++  parse-coki  |=  coki=@t
-    =/  cookies  (rush coki cock:de-purl:html)
-    ?~  cookies  users.sessions
-    =/  cokis=(list [@t @t])  u.cookies
-    |-
-      ?~  cokis  users.sessions
-      =/  hd  i.cokis
-      :: ?:  (contains:string:sr (trip hd) "urbneo")
-      ~&  key=-.hd
-      =/  hash  (slaw:parsing:sr %uv +.hd)
-      ?~  hash  $(cokis t.cokis)
-      =/  sess  (~(get by users.sessions) u.hash)
-      ?~  sess  $(cokis t.cokis)
-      (~(del by users.sessions) u.hash)
-
-  ++  logout  |=  [order-id=@t coki=@t]
-    (self-poke [%logout order-id coki])
-  ++  handle-logout  |=  [order-id=@t coki=@t]
-    ~&  handling-logout=coki
-    =/  new-users  (parse-coki coki)
-    :_  sessions(users new-users)
-    %+  give-simple-payload:app:server
-      order-id
-    (redirect:gen:server '/zodiac/login')
   --