154 lines
4.3 KiB
Ruby
154 lines
4.3 KiB
Ruby
# Install Sinatra: gem install sinatra
|
|
require_relative "initialize_database"
|
|
require_relative "database_queries"
|
|
require_relative "cryptography"
|
|
|
|
|
|
require 'sinatra'
|
|
require 'json'
|
|
require 'sqlite3'
|
|
require 'jwt'
|
|
|
|
#puts generate_random_string(256)
|
|
|
|
|
|
#
|
|
#token = JWT.encode payload, hmac_secret, 'HS256'
|
|
##puts token
|
|
#
|
|
#begin
|
|
# decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
|
|
# puts "Token is valid!"
|
|
# puts "Decoded token: #{decoded_token}"
|
|
#
|
|
# puts data_value = decoded_token.first['data']
|
|
# puts test_value = decoded_token.first['test']
|
|
#rescue JWT::DecodeError
|
|
# puts "Invalid token or signature!"
|
|
#end
|
|
|
|
#puts decoded_token
|
|
|
|
initialize_database
|
|
|
|
post '/auth/login' do
|
|
content_type :json
|
|
|
|
username = params[:username]
|
|
password = params[:password]
|
|
|
|
unless check_if_user_exists username
|
|
status 401
|
|
|
|
return { reply: "Unuthorized Access" }.to_json
|
|
end
|
|
|
|
user_id = get_user_id username
|
|
|
|
unless check_password_for_user(user_id, password)
|
|
status 401
|
|
|
|
return { reply: "Unuthorized Access" }.to_json
|
|
end
|
|
|
|
reauthJWT = get_reauth_jwt user_id
|
|
|
|
return {token: reauthJWT}.to_json
|
|
end
|
|
|
|
post '/auth/reauthenticate' do
|
|
content_type :json
|
|
|
|
authorization_header = request.env['HTTP_AUTHORIZATION']
|
|
|
|
unless authorization_header && authorization_header.match(/^Bearer (.+)/)
|
|
status 401
|
|
return { reply: 'Unauthorized Access. Token missing or invalid.' }.to_json
|
|
end
|
|
|
|
reauth_token = Regexp.last_match(1)
|
|
|
|
hmac_secret = 'WChX-tQWbGbj_pGJQREoFAZGC9JWh58KSk8O7KPj-P8Nd-J88g3eSFDVuNe6zddj0ZB3yxjm_IuPNPyLhiSnxlWHImqXR6ajh3OzrzYm0bNb3f5C4IAScphyEdAfYGMcM-HvYOXxxxp5u5mryfiV3JH1CTqL1CzGyO8df7zUpRKXEXZ5SKmUvhfLU0XKCR_28FAZUgPCAi3GywkDDsH0by68j33BU5cnMT8KiEkHOX4wVUVDQc85_AuE7fN3ji_WkhnDCSLXU9dBCcXM3ziFFeX0RbvIRDG0vKdzwt4TOr4Jws7NP9w11GrUGDFKARZqvT7FTxwxO3MM-mmjb2xyGg'
|
|
|
|
begin
|
|
# Verify the token using the secret key
|
|
decoded_token = JWT.decode(reauth_token, hmac_secret, true, algorithm: 'HS256')
|
|
|
|
# At this point, the token is valid
|
|
# You can access the claims inside the 'decoded_token' variable
|
|
|
|
uid = decoded_token.first['uid']
|
|
|
|
# Your reauthentication logic here...
|
|
|
|
# Return a response (replace with your own logic)
|
|
{ reply: get_jwt(uid) }.to_json
|
|
rescue JWT::DecodeError
|
|
status 401
|
|
return { reply: 'Unauthorized Access. Invalid token.' }.to_json
|
|
end
|
|
end
|
|
|
|
def get_reauth_jwt (user_id)
|
|
#claims = get_claims user_id
|
|
|
|
payload = {
|
|
sub: 'reauthentication' ,
|
|
admin: check_if_user_is_admin(user_id),
|
|
iss: 'roysathome.net',
|
|
uid: user_id, #Example id
|
|
iat: Time.now.to_i,
|
|
exp: Time.now.to_i + 3600
|
|
}
|
|
|
|
hmac_secret = 'WChX-tQWbGbj_pGJQREoFAZGC9JWh58KSk8O7KPj-P8Nd-J88g3eSFDVuNe6zddj0ZB3yxjm_IuPNPyLhiSnxlWHImqXR6ajh3OzrzYm0bNb3f5C4IAScphyEdAfYGMcM-HvYOXxxxp5u5mryfiV3JH1CTqL1CzGyO8df7zUpRKXEXZ5SKmUvhfLU0XKCR_28FAZUgPCAi3GywkDDsH0by68j33BU5cnMT8KiEkHOX4wVUVDQc85_AuE7fN3ji_WkhnDCSLXU9dBCcXM3ziFFeX0RbvIRDG0vKdzwt4TOr4Jws7NP9w11GrUGDFKARZqvT7FTxwxO3MM-mmjb2xyGg'
|
|
return JWT.encode payload, hmac_secret, 'HS256'
|
|
#data: {time: 'now', help: 'no'}.to_json
|
|
end
|
|
|
|
def get_jwt (user_id)
|
|
claims = get_claims user_id
|
|
|
|
payload = {
|
|
sub: 'authentication' ,
|
|
admin: check_if_user_is_admin(user_id),
|
|
iss: 'roysathome.net',
|
|
uid: user_id, #Example id
|
|
iat: Time.now.to_i,
|
|
exp: Time.now.to_i + 60,
|
|
claims: claims
|
|
}
|
|
|
|
hmac_secret = 'WChX-tQWbGbj_pGJQREoFAZGC9JWh58KSk8O7KPj-P8Nd-J88g3eSFDVuNe6zddj0ZB3yxjm_IuPNPyLhiSnxlWHImqXR6ajh3OzrzYm0bNb3f5C4IAScphyEdAfYGMcM-HvYOXxxxp5u5mryfiV3JH1CTqL1CzGyO8df7zUpRKXEXZ5SKmUvhfLU0XKCR_28FAZUgPCAi3GywkDDsH0by68j33BU5cnMT8KiEkHOX4wVUVDQc85_AuE7fN3ji_WkhnDCSLXU9dBCcXM3ziFFeX0RbvIRDG0vKdzwt4TOr4Jws7NP9w11GrUGDFKARZqvT7FTxwxO3MM-mmjb2xyGg'
|
|
return JWT.encode payload, hmac_secret, 'HS256'
|
|
end
|
|
|
|
def get_claims (user_id)
|
|
puts "Getting claims for #{user_id}"
|
|
db = SQLite3::Database.new('./database/auth.db')
|
|
results = db.execute('
|
|
SELECT C.claim
|
|
FROM users U
|
|
INNER JOIN user_claims UC ON U.id = UC.user_id
|
|
INNER JOIN claims C ON UC.claim_id = U.id
|
|
WHERE u.id = ?
|
|
', user_id)
|
|
|
|
|
|
claims_list = []
|
|
|
|
if results.empty?
|
|
puts 'No claims found.'
|
|
else
|
|
results.each do |column|
|
|
claim = column[0]
|
|
claims_list << claim
|
|
end
|
|
end
|
|
|
|
return claims_list
|
|
end
|
|
|
|
# Run the application
|
|
# ruby your_file_name.rb
|