summaryrefslogtreecommitdiff
path: root/lib/metamask.hoon
diff options
context:
space:
mode:
Diffstat (limited to 'lib/metamask.hoon')
-rw-r--r--lib/metamask.hoon147
1 files changed, 24 insertions, 123 deletions
diff --git a/lib/metamask.hoon b/lib/metamask.hoon
index 3456692..09e2f66 100644
--- a/lib/metamask.hoon
+++ b/lib/metamask.hoon
@@ -1,70 +1,53 @@
-/+ naive, ethereum, server, sr=sortug
-=>
-|%
-+$ challenges (set secret)
-+$ secret @uv
-+$ authorization
- $: who=@p
- =secret
- adr=tape
- sig=tape
- ==
-:: +$ user-sessions (map coki=@ [proven=@p src=@p])
-+$ user-sessions (map coki=@ ship=@p)
-+$ sessions
- $: =challenges
- users=user-sessions
- ==
---
-|_ [=sessions =bowl:gall]
-+$ sess ^sessions
-:: state field to keep track of users logged with metamask
- :: this goes on the router
+/- coki
+/+ naive, ethereum, sr=sortug, cokil=coki, server
+|_ [=sessions:coki =bowl:gall]
++* cokilib ~(. cokil [sessions bowl])
+
++ serve-metamask-challenge
|= eyre-id=@ta
:: special-case MetaMask auth handling
=/ new-challenge (sham [now eny]:bowl)
- %+ weld (self-poke [%meta new-challenge])
+ =/ jon (enjs-challenge new-challenge)
+ %+ weld (send-self-poke:cokilib [%meta new-challenge])
%+ give-simple-payload:app:server
eyre-id
- ^- simple-payload:http
- :- :- 200
- ~[['Content-Type' 'application/json']]
- `(as-octs:mimes:html (en:json:html (enjs-challenge new-challenge)))
+ (json-response:gen:server jon)
+ ::
:: Modified from ~rabsef-bicrym's %mask by ~hanfel-dovned.
++ process-metamask-auth
- |= [order-id=@t octs=(unit octs)]
- ^- (list card:agent:gall)
+ |= [order-id=@t octs=(unit octs) redirect-path=@t base-slug=@t]
+ ^- (each (list card:agent:gall) [@ud @t])
=/ challenges challenges.sessions
|^
- ?~ octs ~|(%empty-auth-request !!)
+ ?~ octs [%.n 403 %empty-auth-request]
:: ?. =('auth' (cut 3 [0 4] q.u.octs))
:: *(list card:agent:gall)
=/ jon (de:json:html q.u.octs)
- ?~ jon ~|(%empty-auth-json !!)
+ ?~ jon [%.n 403 %empty-auth-json]
=/ body=json u.jon
=/ axn (dejs-action body)
- =/ is-valid (validate who.axn secret.axn adr.axn sig.axn)
- ~& >> signature-valid=[is-valid who.axn secret.axn adr.axn sig.axn]
- ?. is-valid ~|(%bad-metamask-signature !!)
+ =/ is-valid (validate who.axn challenge.axn adr.axn sig.axn)
+ ~& >> signature-valid=[is-valid who.axn challenge.axn adr.axn sig.axn]
+ ?. is-valid [%.n 403 %bad-metamask-signature]
- =/ coki-hash session-hash
- =/ coki (session-cookie-string coki-hash who.axn)
+ =/ coki-hash session-hash:cokilib
+ =/ coki (session-cookie-string:cokilib coki-hash who.axn base-slug)
+ :- %.y
%+ weld
- (self-poke [%auth who.axn coki-hash secret.axn])
+ (send-self-poke:cokilib [%coki who.axn coki-hash challenge.axn])
%+ give-simple-payload:app:server
order-id
^- simple-payload:http
:- :- 303
:~
['set-cookie' coki]
- ['location' '/zodiac']
+ ['location' redirect-path]
==
=/ obj=json %- pairs:enjs:format :~([%login-ok [%b .y]])
`(as-octs:mimes:html (en:json:html obj))
++ validate
- |= [who=@p challenge=secret address=tape hancock=tape]
+ |= [who=@p =challenge:coki address=tape hancock=tape]
^- ?
=/ addy (from-tape address)
=/ cock (from-tape hancock)
@@ -127,13 +110,13 @@
==
++ dejs-action
|= jon=json
- ^- authorization
+ ^- authorization:cokilib
=, dejs:format
%. jon
%- ot
:: :~ [%who (se %p)]
:~ [%who ni]
- [%secret (se %uv)]
+ [%challenge (se %uv)]
[%address sa]
[%signature sa]
==
@@ -145,87 +128,5 @@
%- pairs
:~ [%challenge [%s (scot %uv chal)]]
==
- ++ self-poke
- |= noun=*
- ^- (list card:agent:gall)
- :~ [%pass /gib %agent [our.bowl dap.bowl] %poke %noun !>(noun)]
- ==
-
- :: these are the poke handlers
- ++ handle-meta
- |= new-challenge=@ ^- ^sessions
- :: =? users.sessions
- :: !(~(has by users.sessions) src.bowl)
- :: (~(put by users.sessions) [src.bowl src.bowl])
- :: =? challenges.sessions
- :: =(src.bowl (~(got by users.sessions) src.bowl))
- =. challenges.sessions
- (~(put in challenges.sessions) new-challenge)
- sessions
- ++ handle-auth
- |= [who=@p coki=@ =secret] ^- ^sessions
- :: ~& > "%ustj: Successful authentication of {<src>} as {<who>}."
- =. users.sessions (~(put by users.sessions) coki who)
- =. challenges.sessions (~(del in challenges.sessions) secret)
- sessions
-
- ++ session-timeout
- |%
- ++ auth ~d30
- ++ guest ~d7
- --
- ++ session-hash
- (~(raw og (shas %coki eny.bowl)) 128)
- ++ session-cookie-string |= [session=@ proven=@p]
- ^- @t
- =/ max-age=tape %- a-co:co
- =/ its-a-me .=(src.bowl our.bowl)
- =, session-timeout
- (div (msec:milly ?:(its-a-me auth guest)) 1.000)
- %- crip
- "urbneo-{(scow %p proven)}={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}"
- :: "urbneo={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}"
- ++ validate-coki |= coki=@t ^- (unit @p)
- ~& >> validating-coki=coki
- =/ cookies (rush coki cock:de-purl:html)
- ~& cookies=cookies
- ?~ cookies ~
- =/ cokis=(list [@t @t]) u.cookies
- |-
- ?~ cokis ~
- =/ hd i.cokis
- :: ?: (contains:string:sr (trip hd) "urbneo")
- ~& key=-.hd
- =/ hash (slaw:parsing:sr %uv +.hd)
- ?~ hash $(cokis t.cokis)
- ~& hash=`@uv`u.hash
- =/ sess (~(get by users.sessions) u.hash)
- ~& sess=sess
- ?~ sess $(cokis t.cokis)
- `u.sess
- ++ parse-coki |= coki=@t
- =/ cookies (rush coki cock:de-purl:html)
- ?~ cookies users.sessions
- =/ cokis=(list [@t @t]) u.cookies
- |-
- ?~ cokis users.sessions
- =/ hd i.cokis
- :: ?: (contains:string:sr (trip hd) "urbneo")
- ~& key=-.hd
- =/ hash (slaw:parsing:sr %uv +.hd)
- ?~ hash $(cokis t.cokis)
- =/ sess (~(get by users.sessions) u.hash)
- ?~ sess $(cokis t.cokis)
- (~(del by users.sessions) u.hash)
-
- ++ logout |= [order-id=@t coki=@t]
- (self-poke [%logout order-id coki])
- ++ handle-logout |= [order-id=@t coki=@t]
- ~& handling-logout=coki
- =/ new-users (parse-coki coki)
- :_ sessions(users new-users)
- %+ give-simple-payload:app:server
- order-id
- (redirect:gen:server '/zodiac/login')
--
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 12:39:18 +0000