vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-04-20 02:49:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
safing-portmaster/spn/access/op_auth.go
Daniel Hååvi 80664d1a27
Restructure modules () 
* Move portbase into monorepo

* Add new simple module mgr

* [WIP] Switch to new simple module mgr

* Add StateMgr and more worker variants

* [WIP] Switch more modules

* [WIP] Switch more modules

* [WIP] swtich more modules

* [WIP] switch all SPN modules

* [WIP] switch all service modules

* [WIP] Convert all workers to the new module system

* [WIP] add new task system to module manager

* [WIP] Add second take for scheduling workers

* [WIP] Add FIXME for bugs in new scheduler

* [WIP] Add minor improvements to scheduler

* [WIP] Add new worker scheduler

* [WIP] Fix more bug related to new module system

* [WIP] Fix start handing of the new module system

* [WIP] Improve startup process

* [WIP] Fix minor issues

* [WIP] Fix missing subsystem in settings

* [WIP] Initialize managers in constructor

* [WIP] Move module event initialization to constrictors

* [WIP] Fix setting for enabling and disabling the SPN module

* [WIP] Move API registeration into module construction

* [WIP] Update states mgr for all modules

* [WIP] Add CmdLine operation support

* Add state helper methods to module group and instance

* Add notification and module status handling to status package

* Fix starting issues

* Remove pilot widget and update security lock to new status data

* Remove debug logs

* Improve http server shutdown

* Add workaround for cleanly shutting down firewall+netquery

* Improve logging

* Add syncing states with notifications for new module system

* Improve starting, stopping, shutdown; resolve FIXMEs/TODOs

* [WIP] Fix most unit tests

* Review new module system and fix minor issues

* Push shutdown and restart events again via API

* Set sleep mode via interface

* Update example/template module

* [WIP] Fix spn/cabin unit test

* Remove deprecated UI elements

* Make log output more similar for the logging transition phase

* Switch spn hub and observer cmds to new module system

* Fix log sources

* Make worker mgr less error prone

* Fix tests and minor issues

* Fix observation hub

* Improve shutdown and restart handling

* Split up big connection.go source file

* Move varint and dsd packages to structures repo

* Improve expansion test

* Fix linter warnings

* Fix interception module on windows

* Fix linter errors

---------

Co-authored-by: Vladimir Stoilov <vladimir@safing.io>
2024-08-09 18:15:48 +03:00

75 lines
2.1 KiB
Go
Raw Permalink Blame History

package access
import (
"time"
"github.com/safing/portmaster/base/log"
"github.com/safing/portmaster/spn/access/token"
"github.com/safing/portmaster/spn/terminal"
"github.com/safing/structures/container"
)
// OpTypeAccessCodeAuth is the type ID of the auth operation.
const OpTypeAccessCodeAuth = "auth"
func init() {
terminal.RegisterOpType(terminal.OperationFactory{
Type: OpTypeAccessCodeAuth,
Start: checkAccessCode,
})
}
// AuthorizeOp is used to authorize a session.
type AuthorizeOp struct {
terminal.OneOffOperationBase
}
// Type returns the type ID.
func (op *AuthorizeOp) Type() string {
return OpTypeAccessCodeAuth
}
// AuthorizeToTerminal starts an authorization operation.
func AuthorizeToTerminal(t terminal.Terminal) (*AuthorizeOp, *terminal.Error) {
op := &AuthorizeOp{}
op.Init()
newToken, err := GetToken(ExpandAndConnectZones)
if err != nil {
return nil, terminal.ErrInternalError.With("failed to get access token: %w", err)
}
tErr := t.StartOperation(op, container.New(newToken.Raw()), 10*time.Second)
if tErr != nil {
return nil, terminal.ErrInternalError.With("failed to init auth op: %w", tErr)
}
return op, nil
}
func checkAccessCode(t terminal.Terminal, opID uint32, initData *container.Container) (terminal.Operation, *terminal.Error) {
// Parse provided access token.
receivedToken, err := token.ParseRawToken(initData.CompileData())
if err != nil {
return nil, terminal.ErrMalformedData.With("failed to parse access token: %w", err)
}
// Check if token is valid.
granted, err := VerifyToken(receivedToken)
if err != nil {
return nil, terminal.ErrPermissionDenied.With("invalid access token: %w", err)
}
// Get the authorizing terminal for applying the granted permission.
authTerm, ok := t.(terminal.AuthorizingTerminal)
if !ok {
return nil, terminal.ErrIncorrectUsage.With("terminal does not handle authorization")
}
// Grant permissions.
authTerm.GrantPermission(granted)
log.Debugf("spn/access: granted %s permissions via %s zone", t.FmtID(), receivedToken.Zone)
// End successfully.
return nil, terminal.ErrExplicitAck
}
Reference in a new issue View git blame Copy permalink