|  | @@ -0,0 +1,319 @@
 | 
	
		
			
				|  |  | +package auth
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +import (
 | 
	
		
			
				|  |  | +	"encoding/json"
 | 
	
		
			
				|  |  | +	"errors"
 | 
	
		
			
				|  |  | +	"net/http"
 | 
	
		
			
				|  |  | +	"time"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	uuid "github.com/satori/go.uuid"
 | 
	
		
			
				|  |  | +	"imuslab.com/arozos/mod/database"
 | 
	
		
			
				|  |  | +	"imuslab.com/arozos/mod/utils"
 | 
	
		
			
				|  |  | +)
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +/*
 | 
	
		
			
				|  |  | +	Account Switch
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	This script handle account switching logic
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	The switchable account pools work like this
 | 
	
		
			
				|  |  | +	Let say user A want to switch to user B account
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	A will create a pool with user A and B username inside the pool
 | 
	
		
			
				|  |  | +	The pool UUID will be returned to the client, and stored in local storage
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	The client can always switch between A and B as both are in the pool and the
 | 
	
		
			
				|  |  | +	client is logged in either A or B's account.
 | 
	
		
			
				|  |  | +*/
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +type SwitchableAccount struct {
 | 
	
		
			
				|  |  | +	Username   string //Username of the account
 | 
	
		
			
				|  |  | +	LastSwitch int64  //Last time this account is accessed
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +type SwitchableAccountsPool struct {
 | 
	
		
			
				|  |  | +	UUID     string               //UUID of this pool, one pool per browser instance
 | 
	
		
			
				|  |  | +	Accounts []*SwitchableAccount //Accounts that is cross switchable in this pool
 | 
	
		
			
				|  |  | +	parent   *SwitchableAccountPoolManager
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +type SwitchableAccountPoolManager struct {
 | 
	
		
			
				|  |  | +	Database   *database.Database
 | 
	
		
			
				|  |  | +	ExpireTime int64 //Expire time of the switchable account
 | 
	
		
			
				|  |  | +	authAgent  *AuthAgent
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Create a new switchable account pool manager
 | 
	
		
			
				|  |  | +func NewSwitchableAccountPoolManager(sysdb *database.Database, parent *AuthAgent) *SwitchableAccountPoolManager {
 | 
	
		
			
				|  |  | +	sysdb.NewTable("auth_acswitch")
 | 
	
		
			
				|  |  | +	thisManager := SwitchableAccountPoolManager{
 | 
	
		
			
				|  |  | +		Database:   sysdb,
 | 
	
		
			
				|  |  | +		ExpireTime: 604800,
 | 
	
		
			
				|  |  | +		authAgent:  parent,
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	return &thisManager
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Handle switchable account listing for this browser
 | 
	
		
			
				|  |  | +func (m *SwitchableAccountPoolManager) HandleSwitchableAccountListing(w http.ResponseWriter, r *http.Request) {
 | 
	
		
			
				|  |  | +	//Get username and pool id
 | 
	
		
			
				|  |  | +	currentUsername, err := m.authAgent.GetUserName(w, r)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, err.Error())
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	poolid, err := utils.GetPara(r, "pid")
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, "invalid pool id given")
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Check pool exists
 | 
	
		
			
				|  |  | +	targetPool, err := m.GetPoolByID(poolid)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, err.Error())
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Check if the user can access this pool
 | 
	
		
			
				|  |  | +	if !targetPool.IsAccessibleBy(currentUsername) {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, "permission denied")
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//OK. List all the information about the pool
 | 
	
		
			
				|  |  | +	type AccountInfo struct {
 | 
	
		
			
				|  |  | +		Username  string
 | 
	
		
			
				|  |  | +		IsExpired bool
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	results := []*AccountInfo{}
 | 
	
		
			
				|  |  | +	for _, acc := range targetPool.Accounts {
 | 
	
		
			
				|  |  | +		results = append(results, &AccountInfo{
 | 
	
		
			
				|  |  | +			Username:  acc.Username,
 | 
	
		
			
				|  |  | +			IsExpired: (time.Now().Unix() > acc.LastSwitch+m.ExpireTime),
 | 
	
		
			
				|  |  | +		})
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	js, _ := json.Marshal(results)
 | 
	
		
			
				|  |  | +	utils.SendJSONResponse(w, string(js))
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Logout all the accounts in the pool
 | 
	
		
			
				|  |  | +func (m *SwitchableAccountPoolManager) HandleLogoutAllAccounts(w http.ResponseWriter, r *http.Request) {
 | 
	
		
			
				|  |  | +	currentUsername, err := m.authAgent.GetUserName(w, r)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, err.Error())
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	poolid, err := utils.PostPara(r, "pid")
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, "invalid pool id given")
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Get the target pool
 | 
	
		
			
				|  |  | +	targetpool, err := m.GetPoolByID(poolid)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, err.Error())
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	if !targetpool.IsAccessibleBy(currentUsername) {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, "permission denied")
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Remove the pool
 | 
	
		
			
				|  |  | +	targetpool.Delete()
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	utils.SendOK(w)
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Handle account switching
 | 
	
		
			
				|  |  | +func (m *SwitchableAccountPoolManager) HandleAccountSwitch(w http.ResponseWriter, r *http.Request) {
 | 
	
		
			
				|  |  | +	previousUserName, err := m.authAgent.GetUserName(w, r)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, err.Error())
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	poolid, err := utils.PostPara(r, "pid")
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		//No pool is given. Generate a pool for this request
 | 
	
		
			
				|  |  | +		poolid = uuid.NewV4().String()
 | 
	
		
			
				|  |  | +		newPool := SwitchableAccountsPool{
 | 
	
		
			
				|  |  | +			UUID: poolid,
 | 
	
		
			
				|  |  | +			Accounts: []*SwitchableAccount{
 | 
	
		
			
				|  |  | +				{
 | 
	
		
			
				|  |  | +					Username:   previousUserName,
 | 
	
		
			
				|  |  | +					LastSwitch: time.Now().Unix(),
 | 
	
		
			
				|  |  | +				},
 | 
	
		
			
				|  |  | +			},
 | 
	
		
			
				|  |  | +			parent: m,
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		newPool.Save()
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Get switchable pool from manager
 | 
	
		
			
				|  |  | +	targetPool, err := m.GetPoolByID(poolid)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, err.Error())
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Check if this user can access this pool
 | 
	
		
			
				|  |  | +	if !targetPool.IsAccessibleByRequest(w, r) {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, "access request denied: user not belongs to this account pool")
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//OK! Switch the user to alternative account
 | 
	
		
			
				|  |  | +	username, err := utils.PostPara(r, "username")
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		utils.SendErrorResponse(w, "invalid or empty username given")
 | 
	
		
			
				|  |  | +		return
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	password, err := utils.PostPara(r, "password")
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		//Password not given. Check for direct switch
 | 
	
		
			
				|  |  | +		switchToTargetAlreadySwitchedBefore := targetPool.UserAlreadyInPool(username)
 | 
	
		
			
				|  |  | +		if !switchToTargetAlreadySwitchedBefore {
 | 
	
		
			
				|  |  | +			utils.SendErrorResponse(w, "account must be added before it can switch without password")
 | 
	
		
			
				|  |  | +			return
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		//Check if the switching is expired
 | 
	
		
			
				|  |  | +		lastSwitchTime := targetPool.GetLastSwitchTimeFromUsername(username)
 | 
	
		
			
				|  |  | +		if time.Now().Unix() > lastSwitchTime+m.ExpireTime {
 | 
	
		
			
				|  |  | +			//Already expired
 | 
	
		
			
				|  |  | +			utils.SendErrorResponse(w, "target account session has expired")
 | 
	
		
			
				|  |  | +			return
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		//Not expired. Switch over directly
 | 
	
		
			
				|  |  | +		m.authAgent.LoginUserByRequest(w, r, username, true)
 | 
	
		
			
				|  |  | +	} else {
 | 
	
		
			
				|  |  | +		//Password given. Use Add User Account routine
 | 
	
		
			
				|  |  | +		ok, reason := m.authAgent.ValidateUsernameAndPasswordWithReason(username, password)
 | 
	
		
			
				|  |  | +		if !ok {
 | 
	
		
			
				|  |  | +			utils.SendErrorResponse(w, reason)
 | 
	
		
			
				|  |  | +			return
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +		m.authAgent.LoginUserByRequest(w, r, username, true)
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Update the pool account info
 | 
	
		
			
				|  |  | +	targetPool.UpdateUserPoolAccountInfo(username)
 | 
	
		
			
				|  |  | +	targetPool.Save()
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	js, _ := json.Marshal(poolid)
 | 
	
		
			
				|  |  | +	utils.SendJSONResponse(w, string(js))
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	//Debug print
 | 
	
		
			
				|  |  | +	//js, _ = json.MarshalIndent(targetPool, "", " ")
 | 
	
		
			
				|  |  | +	//fmt.Println("Switching Pool Updated", string(js))
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +func (m *SwitchableAccountPoolManager) GetAllPools() ([]*SwitchableAccountsPool, error) {
 | 
	
		
			
				|  |  | +	results := []*SwitchableAccountsPool{}
 | 
	
		
			
				|  |  | +	entries, err := m.Database.ListTable("auth_acswitch")
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		return results, err
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	for _, keypairs := range entries {
 | 
	
		
			
				|  |  | +		//thisPoolID := string(keypairs[0])
 | 
	
		
			
				|  |  | +		thisPool := new(SwitchableAccountsPool)
 | 
	
		
			
				|  |  | +		err = json.Unmarshal(keypairs[1], &thisPool)
 | 
	
		
			
				|  |  | +		if err == nil {
 | 
	
		
			
				|  |  | +			results = append(results, thisPool)
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +	return results, nil
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Get a switchable account pool by its id
 | 
	
		
			
				|  |  | +func (m *SwitchableAccountPoolManager) GetPoolByID(uuid string) (*SwitchableAccountsPool, error) {
 | 
	
		
			
				|  |  | +	targetPool := SwitchableAccountsPool{}
 | 
	
		
			
				|  |  | +	err := m.authAgent.Database.Read("auth_acswitch", uuid, &targetPool)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		return nil, errors.New("pool with given uuid not found")
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	targetPool.parent = m
 | 
	
		
			
				|  |  | +	return &targetPool, nil
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +/*
 | 
	
		
			
				|  |  | +	Switachable Account Pool functions
 | 
	
		
			
				|  |  | +*/
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Check if the requester can switch within target pool
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) IsAccessibleByRequest(w http.ResponseWriter, r *http.Request) bool {
 | 
	
		
			
				|  |  | +	username, err := p.parent.authAgent.GetUserName(w, r)
 | 
	
		
			
				|  |  | +	if err != nil {
 | 
	
		
			
				|  |  | +		return false
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	return p.IsAccessibleBy(username)
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Check if a given username can switch within this pool
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) IsAccessibleBy(username string) bool {
 | 
	
		
			
				|  |  | +	for _, account := range p.Accounts {
 | 
	
		
			
				|  |  | +		if account.Username == username {
 | 
	
		
			
				|  |  | +			return true
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	return false
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) UserAlreadyInPool(username string) bool {
 | 
	
		
			
				|  |  | +	for _, acc := range p.Accounts {
 | 
	
		
			
				|  |  | +		if acc.Username == username {
 | 
	
		
			
				|  |  | +			return true
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	return false
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) UpdateUserLastSwitchTime(username string) bool {
 | 
	
		
			
				|  |  | +	for _, acc := range p.Accounts {
 | 
	
		
			
				|  |  | +		if acc.Username == username {
 | 
	
		
			
				|  |  | +			acc.LastSwitch = time.Now().Unix()
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	return false
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) GetLastSwitchTimeFromUsername(username string) int64 {
 | 
	
		
			
				|  |  | +	for _, acc := range p.Accounts {
 | 
	
		
			
				|  |  | +		if acc.Username == username {
 | 
	
		
			
				|  |  | +			return acc.LastSwitch
 | 
	
		
			
				|  |  | +		}
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +	return 0
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Everytime switching to a given user in a pool, call this update function to
 | 
	
		
			
				|  |  | +// update contents inside the pool
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) UpdateUserPoolAccountInfo(username string) {
 | 
	
		
			
				|  |  | +	if !p.UserAlreadyInPool(username) {
 | 
	
		
			
				|  |  | +		p.Accounts = append(p.Accounts, &SwitchableAccount{
 | 
	
		
			
				|  |  | +			Username:   username,
 | 
	
		
			
				|  |  | +			LastSwitch: time.Now().Unix(),
 | 
	
		
			
				|  |  | +		})
 | 
	
		
			
				|  |  | +	} else {
 | 
	
		
			
				|  |  | +		p.UpdateUserLastSwitchTime(username)
 | 
	
		
			
				|  |  | +	}
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Save changes of this pool to database
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) Save() {
 | 
	
		
			
				|  |  | +	p.parent.Database.Write("auth_acswitch", p.UUID, p)
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +// Delete this pool from database
 | 
	
		
			
				|  |  | +func (p *SwitchableAccountsPool) Delete() error {
 | 
	
		
			
				|  |  | +	return p.parent.Database.Delete("auth_acswitch", p.UUID)
 | 
	
		
			
				|  |  | +}
 |