2021-04-08 17:41:52 +08:00
|
|
|
defmodule LivebookWeb.InvalidTokenError do
|
|
|
|
defexception plug_status: 401, message: "invalid token"
|
|
|
|
end
|
|
|
|
|
|
|
|
defmodule LivebookWeb.AuthPlug do
|
|
|
|
@moduledoc false
|
|
|
|
|
|
|
|
@behaviour Plug
|
|
|
|
|
|
|
|
import Plug.Conn
|
|
|
|
import Phoenix.Controller
|
|
|
|
|
|
|
|
@impl true
|
|
|
|
def init(opts), do: opts
|
|
|
|
|
|
|
|
@impl true
|
2021-04-15 20:15:56 +08:00
|
|
|
def call(conn, _opts) do
|
2021-04-15 21:50:29 +08:00
|
|
|
mode = Livebook.Config.auth_mode()
|
2021-04-15 20:15:56 +08:00
|
|
|
|
2021-04-15 21:50:29 +08:00
|
|
|
if authenticated?(conn, mode) do
|
|
|
|
conn
|
|
|
|
else
|
|
|
|
authenticate(conn, mode)
|
2021-04-08 17:41:52 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-04-15 21:50:29 +08:00
|
|
|
@doc """
|
|
|
|
Stores in the session the secret for the given mode.
|
|
|
|
"""
|
|
|
|
def store(conn, mode, value) do
|
2022-01-06 23:31:26 +08:00
|
|
|
put_session(conn, key(conn.port, mode), hash(value))
|
2021-04-15 21:50:29 +08:00
|
|
|
end
|
|
|
|
|
2021-04-15 20:15:56 +08:00
|
|
|
@doc """
|
|
|
|
Checks if given connection is already authenticated.
|
|
|
|
"""
|
2021-04-15 21:50:29 +08:00
|
|
|
@spec authenticated?(Plug.Conn.t(), Livebook.Config.auth_mode()) :: boolean()
|
2022-01-06 23:31:26 +08:00
|
|
|
def authenticated?(conn, mode) do
|
|
|
|
authenticated?(get_session(conn), conn.port, mode)
|
|
|
|
end
|
|
|
|
|
|
|
|
@doc """
|
|
|
|
Checks if the given session is authenticated.
|
|
|
|
"""
|
|
|
|
@spec authenticated?(map(), non_neg_integer(), Livebook.Config.auth_mode()) :: boolean()
|
|
|
|
def authenticated?(session, port, mode)
|
2021-04-08 17:41:52 +08:00
|
|
|
|
2022-01-06 23:31:26 +08:00
|
|
|
def authenticated?(session, port, mode) when mode in [:token, :password] do
|
|
|
|
secret = session[key(port, mode)]
|
2021-04-15 21:50:29 +08:00
|
|
|
is_binary(secret) and Plug.Crypto.secure_compare(secret, expected(mode))
|
2021-04-15 20:15:56 +08:00
|
|
|
end
|
|
|
|
|
2022-01-06 23:31:26 +08:00
|
|
|
def authenticated?(_session, _port, _mode) do
|
2021-04-15 20:15:56 +08:00
|
|
|
true
|
|
|
|
end
|
|
|
|
|
2021-04-15 21:50:29 +08:00
|
|
|
defp authenticate(conn, :password) do
|
|
|
|
conn
|
|
|
|
|> redirect(to: "/authenticate")
|
|
|
|
|> halt()
|
2021-04-15 20:15:56 +08:00
|
|
|
end
|
|
|
|
|
2021-04-15 21:50:29 +08:00
|
|
|
defp authenticate(conn, :token) do
|
|
|
|
token = Map.get(conn.query_params, "token")
|
2021-04-08 17:41:52 +08:00
|
|
|
|
2021-04-15 21:50:29 +08:00
|
|
|
if is_binary(token) and Plug.Crypto.secure_compare(hash(token), expected(:token)) do
|
|
|
|
# Redirect to the same path without query params
|
|
|
|
conn
|
|
|
|
|> store(:token, token)
|
|
|
|
|> redirect(to: conn.request_path)
|
|
|
|
|> halt()
|
|
|
|
else
|
|
|
|
raise LivebookWeb.InvalidTokenError
|
2021-04-08 17:41:52 +08:00
|
|
|
end
|
|
|
|
end
|
2021-04-15 20:15:56 +08:00
|
|
|
|
2022-01-06 23:31:26 +08:00
|
|
|
defp key(port, mode), do: "#{port}:#{mode}"
|
2021-04-15 21:50:29 +08:00
|
|
|
defp expected(mode), do: hash(Application.fetch_env!(:livebook, mode))
|
|
|
|
defp hash(value), do: :crypto.hash(:sha256, value)
|
2021-04-08 17:41:52 +08:00
|
|
|
end
|