ホーム エクスプローラ ヘルプ
サインイン
Troglodyne
/
tCMS
2
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: 83dc8fa21d
ブランチ タグ
tCMS
/
lib
/
Trog
/
Auth.pm

Auth.pm 2.4 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. package Trog::Auth;
    2. 

  2. 

  3. use strict;
    4. 

  4. use warnings;
    5. 

  5. 

  6. no warnings 'experimental';
    7. 

  7. use feature qw{signatures};
    8. 

  8. 

  9. use DBI;
    10. 

  10. use DBD::SQLite;
    11. 

  11. use File::Slurper qw{read_text};
    12. 

  12. use UUID::Tiny ':std';
    13. 

  13. use Digest::SHA 'sha256';
    14. 

  14. 

  15. =head1 Trog::Auth
    16. 

  16. 

  17. An SQLite3 authdb.
    18. 

  18. 

  19. =head1 Termination Conditions
    20. 

  20. 

  21. Throws exceptions in the event the session database cannot be accessed.
    22. 

  22. 

  23. =head1 FUNCTIONS
    24. 

  24. 

  25. =head2 session2user(sessid) = STRING
    26. 

  26. 

  27. Translate a session UUID into a username.
    28. 

  28. 

  29. Returns empty string on no active session.
    30. 

  30. 

  31. =cut
    32. 

  32. 

  33. sub session2user ($sessid) {
    34. 

  34.     my $dbh = _dbh();
    35. 

  35.     my $rows = $dbh->selectall_arrayref("SELECT name FROM sess_user WHERE session=?",{ Slice => {} }, $sessid);
    36. 

  36.     return '' unless ref $rows eq 'ARRAY' && @$rows;
    37. 

  37.     return $rows->[0]->{name};
    38. 

  38. }
    39. 

  39. 

  40. =head2 mksession(user, pass) = STRING
    41. 

  41. 

  42. Create a session for the user and waste all other sessions.
    43. 

  43. 

  44. Returns a session ID, or blank string in the event the user does not exist or incorrect auth was passed.
    45. 

  45. 

  46. =cut
    47. 

  47. 

  48. sub mksession ($user,$pass) {
    49. 

  49.     my $dbh = _dbh();
    50. 

  50.     my $records = $dbh->selectall_arrayref("SELECT salt FROM user WHERE name = ?", { Slice => {} }, $user);
    51. 

  51.     return '' unless ref $records eq 'ARRAY' && @$records;
    52. 

  52.     my $salt = $records->[0]->{salt};
    53. 

  53.     my $hash = sha256($pass.$salt);
    54. 

  54.     my $worked = $dbh->selectall_arrayref("SELECT id FROM user WHERE hash=? AND name = ?", { Slice => {} }, $hash, $user);
    55. 

  55.     return '' unless ref $worked eq 'ARRAY' && @$worked;
    56. 

  56.     my $uid = $worked->[0]->{id};
    57. 

  57.     my $uuid = create_uuid_as_string(UUID_V1, UUID_NS_DNS);
    58. 

  58.     $dbh->do("INSERT OR REPLACE INTO session (id,user_id) VALUES (?,?)", undef, $uuid, $uid) or return '';
    59. 

  59.     return $uuid;
    60. 

  60. }
    61. 

  61. 

  62. =head2 useradd(user, pass) = BOOL
    63. 

  63. 

  64. Adds a user identified by the provided password into the auth DB.
    65. 

  65. 

  66. Returns True or False (likely false when user already exists).
    67. 

  67. 

  68. =cut
    69. 

  69. 

  70. sub useradd ($user, $pass) {
    71. 

  71.     my $dbh = _dbh();
    72. 

  72.     my $salt = create_uuid();
    73. 

  73.     my $hash = sha256($pass.$salt);
    74. 

  74.     return $dbh->do("INSERT INTO user (name,salt,hash) VALUES (?,?,?)", undef, $user, $salt, $hash);
    75. 

  75. }
    76. 

  76. 

  77. my $dbh;
    78. 

  78. # Ensure the db schema is OK, and give us a handle
    79. 

  79. sub _dbh {
    80. 

  80.     return $dbh if $dbh;
    81. 

  81.     my $qq = read_text('schema/auth.schema');
    82. 

  82.     my $dbname = "$ENV{HOME}/.tcms/auth.db";
    83. 

  83.     $dbh = DBI->connect("dbi:SQLite:dbname=$dbname","","");
    84. 

  84.     $dbh->{sqlite_allow_multiple_statements} = 1;
    85. 

  85.     $dbh->do($qq) or die "Could not ensure auth database consistency";
    86. 

  86.     $dbh->{sqlite_allow_multiple_statements} = 0;
    87. 

  87.     return $dbh;
    88. 

  88. }
    89. 

  89. 

  90. 1;
    91.