Startseite Erkunden Hilfe
Anmelden
Troglodyne
/
tCMS
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: 6a0f18594e
Branches Tags
tCMS
/
lib
/
Trog
/
Auth.pm

Auth.pm 3.4 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 
  1. package Trog::Auth;
    2. 

  2. 

  3. use strict;
    4. 

  4. use warnings;
    5. 

  5. 

  6. no warnings 'experimental';
    7. 

  7. use feature qw{signatures};
    8. 

  8. 

  9. use DBI;
    10. 

  10. use DBD::SQLite;
    11. 

  11. use File::Slurper qw{read_text};
    12. 

  12. use UUID::Tiny ':std';
    13. 

  13. use Digest::SHA 'sha256';
    14. 

  14. 

  15. =head1 Trog::Auth
    16. 

  16. 

  17. An SQLite3 authdb.
    18. 

  18. 

  19. =head1 Termination Conditions
    20. 

  20. 

  21. Throws exceptions in the event the session database cannot be accessed.
    22. 

  22. 

  23. =head1 FUNCTIONS
    24. 

  24. 

  25. =head2 session2user(sessid) = (STRING, INT)
    26. 

  26. 

  27. Translate a session UUID into a username and id.
    28. 

  28. 

  29. Returns empty strings on no active session.
    30. 

  30. 

  31. =cut
    32. 

  32. 

  33. sub session2user ($sessid) {
    34. 

  34.     my $dbh = _dbh();
    35. 

  35.     my $rows = $dbh->selectall_arrayref("SELECT name,id FROM sess_user WHERE session=?",{ Slice => {} }, $sessid);
    36. 

  36.     return ('','') unless ref $rows eq 'ARRAY' && @$rows;
    37. 

  37.     return ($rows->[0]->{name},$rows->[0]->{id});
    38. 

  38. }
    39. 

  39. 

  40. =head2 acls4user(user_id) = ARRAYREF
    41. 

  41. 

  42. Return the list of ACLs belonging to the user.
    43. 

  43. The function of ACLs are to allow you to access content tagged 'private' which are also tagged with the ACL name.
    44. 

  44. 

  45. The 'admin' ACL is the only special one, as it allows for authoring posts, configuring tCMS, adding series (ACLs) and more.
    46. 

  46. 

  47. =cut
    48. 

  48. 

  49. sub acls4user($user_id) {
    50. 

  50.     my $dbh = _dbh();
    51. 

  51.     my $records = $dbh->selectall_arrayref("SELECT acl FROM user_acl WHERE user_id = ?", { Slice => {} }, $user_id);
    52. 

  52.     return () unless ref $records eq 'ARRAY' && @$records;
    53. 

  53.     my @acls = map { $_->{acl} } @$records;
    54. 

  54.     return \@acls;
    55. 

  55.  }
    56. 

  56. 

  57. =head2 mksession(user, pass) = STRING
    58. 

  58. 

  59. Create a session for the user and waste all other sessions.
    60. 

  60. 

  61. Returns a session ID, or blank string in the event the user does not exist or incorrect auth was passed.
    62. 

  62. 

  63. =cut
    64. 

  64. 

  65. sub mksession ($user,$pass) {
    66. 

  66.     my $dbh = _dbh();
    67. 

  67.     my $records = $dbh->selectall_arrayref("SELECT salt FROM user WHERE name = ?", { Slice => {} }, $user);
    68. 

  68.     return '' unless ref $records eq 'ARRAY' && @$records;
    69. 

  69.     my $salt = $records->[0]->{salt};
    70. 

  70.     my $hash = sha256($pass.$salt);
    71. 

  71.     my $worked = $dbh->selectall_arrayref("SELECT id FROM user WHERE hash=? AND name = ?", { Slice => {} }, $hash, $user);
    72. 

  72.     return '' unless ref $worked eq 'ARRAY' && @$worked;
    73. 

  73.     my $uid = $worked->[0]->{id};
    74. 

  74.     my $uuid = create_uuid_as_string(UUID_V1, UUID_NS_DNS);
    75. 

  75.     $dbh->do("INSERT OR REPLACE INTO session (id,user_id) VALUES (?,?)", undef, $uuid, $uid) or return '';
    76. 

  76.     return $uuid;
    77. 

  77. }
    78. 

  78. 

  79. =head2 useradd(user, pass) = BOOL
    80. 

  80. 

  81. Adds a user identified by the provided password into the auth DB.
    82. 

  82. 

  83. Returns True or False (likely false when user already exists).
    84. 

  84. 

  85. =cut
    86. 

  86. 

  87. sub useradd ($user, $pass, $acls) {
    88. 

  88.     my $dbh = _dbh();
    89. 

  89.     my $salt = create_uuid();
    90. 

  90.     my $hash = sha256($pass.$salt);
    91. 

  91.     my $res =  $dbh->do("INSERT INTO user (name,salt,hash) VALUES (?,?,?)", undef, $user, $salt, $hash);
    92. 

  92.     return unless $res && ref $acls eq 'ARRAY';
    93. 

  93. 

  94.     #XXX this is clearly not normalized with an ACL mapping table, will be an issue with large number of users
    95. 

  95.     foreach my $acl (@$acls) {
    96. 

  96.         return unless $dbh->do("INSERT INTO user_acl (user_id,acl) VALUES ((SELECT id FROM user WHERE name=?),?)", undef, $user, $acl);
    97. 

  97.     }
    98. 

  98.     return 1;
    99. 

  99. }
    100. 

  100. 

  101. my $dbh;
    102. 

  102. # Ensure the db schema is OK, and give us a handle
    103. 

  103. sub _dbh {
    104. 

  104.     return $dbh if $dbh;
    105. 

  105.     my $qq = read_text('schema/auth.schema');
    106. 

  106.     my $dbname = "$ENV{HOME}/.tcms/auth.db";
    107. 

  107.     $dbh = DBI->connect("dbi:SQLite:dbname=$dbname","","");
    108. 

  108.     $dbh->{sqlite_allow_multiple_statements} = 1;
    109. 

  109.     $dbh->do($qq) or die "Could not ensure auth database consistency";
    110. 

  110.     $dbh->{sqlite_allow_multiple_statements} = 0;
    111. 

  111.     return $dbh;
    112. 

  112. }
    113. 

  113. 

  114. 1;
    115.