0
0
Fork 1
Spiegel von https://github.com/paviliondev/discourse-custom-wizard.git synchronisiert 2024-11-26 19:10:29 +01:00
discourse-custom-wizard/lib/custom_wizard/subscription/authentication.rb

96 Zeilen
2,1 KiB
Ruby

2021-09-07 14:11:50 +02:00
# frozen_string_literal: true
2021-09-24 11:58:42 +02:00
class CustomWizard::Subscription::Authentication
include ActiveModel::Serialization
attr_reader :client_id,
:auth_by,
:auth_at,
:api_key
2021-09-01 04:19:00 +02:00
def initialize(auth)
if auth
@api_key = auth.key
@auth_at = auth.auth_at
@auth_by = auth.auth_by
end
@client_id = get_client_id || set_client_id
end
def active?
@api_key.present?
end
def generate_keys(user_id, request_id)
2021-09-07 14:11:50 +02:00
rsa = OpenSSL::PKey::RSA.generate(2048)
nonce = SecureRandom.hex(32)
set_keys(request_id, user_id, rsa, nonce)
OpenStruct.new(nonce: nonce, public_key: rsa.public_key)
end
def decrypt_payload(request_id, payload)
keys = get_keys(request_id)
2021-09-07 14:06:13 +02:00
return false unless keys.present? && keys.pem
delete_keys(request_id)
rsa = OpenSSL::PKey::RSA.new(keys.pem)
decrypted_payload = rsa.private_decrypt(Base64.decode64(payload))
2021-09-07 14:06:13 +02:00
return false unless decrypted_payload.present?
begin
data = JSON.parse(decrypted_payload).symbolize_keys
rescue JSON::ParserError
return false
end
return false unless data[:nonce] == keys.nonce
data[:user_id] = keys.user_id
data
end
2021-09-07 14:06:13 +02:00
def get_keys(request_id)
2021-09-24 11:58:42 +02:00
raw = PluginStore.get(CustomWizard::Subscription.namespace, "#{keys_db_key}_#{request_id}")
2021-09-07 14:06:13 +02:00
OpenStruct.new(
user_id: raw && raw['user_id'],
pem: raw && raw['pem'],
nonce: raw && raw['nonce']
)
end
2021-08-18 08:59:43 +02:00
private
2021-08-18 08:59:43 +02:00
def keys_db_key
"keys"
end
2021-09-01 04:19:00 +02:00
def client_id_db_key
"client_id"
end
def set_keys(request_id, user_id, rsa, nonce)
2021-09-24 11:58:42 +02:00
PluginStore.set(CustomWizard::Subscription.namespace, "#{keys_db_key}_#{request_id}",
user_id: user_id,
pem: rsa.export,
nonce: nonce
)
end
def delete_keys(request_id)
2021-09-24 11:58:42 +02:00
PluginStore.remove(CustomWizard::Subscription.namespace, "#{keys_db_key}_#{request_id}")
end
2021-09-01 04:19:00 +02:00
def get_client_id
2021-09-24 11:58:42 +02:00
PluginStore.get(CustomWizard::Subscription.namespace, client_id_db_key)
2021-09-01 04:19:00 +02:00
end
def set_client_id
client_id = SecureRandom.hex(32)
2021-09-24 11:58:42 +02:00
PluginStore.set(CustomWizard::Subscription.namespace, client_id_db_key, client_id)
2021-09-01 04:19:00 +02:00
client_id
end
2021-09-07 14:11:50 +02:00
end