2022-04-23 02:23:14 +02:00
|
|
|
package fediverse
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"io"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
// OTPRegistration represents a single OTP request.
|
|
|
|
type OTPRegistration struct {
|
|
|
|
UserID string
|
|
|
|
UserDisplayName string
|
|
|
|
Code string
|
|
|
|
Account string
|
|
|
|
Timestamp time.Time
|
|
|
|
}
|
|
|
|
|
|
|
|
// Key by access token to limit one OTP request for a person
|
|
|
|
// to be active at a time.
|
|
|
|
var pendingAuthRequests = make(map[string]OTPRegistration)
|
|
|
|
|
2022-08-02 22:29:06 +02:00
|
|
|
const registrationTimeout = time.Minute * 10
|
|
|
|
|
2022-04-23 02:23:14 +02:00
|
|
|
// RegisterFediverseOTP will start the OTP flow for a user, creating a new
|
|
|
|
// code and returning it to be sent to a destination.
|
2022-08-02 22:29:06 +02:00
|
|
|
func RegisterFediverseOTP(accessToken, userID, userDisplayName, account string) (OTPRegistration, bool) {
|
|
|
|
request, requestExists := pendingAuthRequests[accessToken]
|
|
|
|
|
|
|
|
// If a request is already registered and has not expired then return that
|
|
|
|
// existing request.
|
|
|
|
if requestExists && time.Since(request.Timestamp) < registrationTimeout {
|
|
|
|
return request, false
|
|
|
|
}
|
|
|
|
|
2022-04-23 02:23:14 +02:00
|
|
|
code, _ := createCode()
|
|
|
|
r := OTPRegistration{
|
|
|
|
Code: code,
|
|
|
|
UserID: userID,
|
|
|
|
UserDisplayName: userDisplayName,
|
|
|
|
Account: account,
|
|
|
|
Timestamp: time.Now(),
|
|
|
|
}
|
|
|
|
pendingAuthRequests[accessToken] = r
|
|
|
|
|
2022-08-02 22:29:06 +02:00
|
|
|
return r, true
|
2022-04-23 02:23:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// ValidateFediverseOTP will verify a OTP code for a auth request.
|
|
|
|
func ValidateFediverseOTP(accessToken, code string) (bool, *OTPRegistration) {
|
|
|
|
request, ok := pendingAuthRequests[accessToken]
|
|
|
|
|
2022-08-02 22:29:06 +02:00
|
|
|
if !ok || request.Code != code || time.Since(request.Timestamp) > registrationTimeout {
|
2022-04-23 02:23:14 +02:00
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
delete(pendingAuthRequests, accessToken)
|
|
|
|
return true, &request
|
|
|
|
}
|
|
|
|
|
|
|
|
func createCode() (string, error) {
|
|
|
|
table := [...]byte{'1', '2', '3', '4', '5', '6', '7', '8', '9', '0'}
|
|
|
|
|
|
|
|
digits := 6
|
|
|
|
b := make([]byte, digits)
|
|
|
|
n, err := io.ReadAtLeast(rand.Reader, b, digits)
|
|
|
|
if n != digits {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
for i := 0; i < len(b); i++ {
|
|
|
|
b[i] = table[int(b[i])%len(table)]
|
|
|
|
}
|
|
|
|
return string(b), nil
|
|
|
|
}
|