mirror of
https://github.com/badaix/snapcast
synced 2025-02-22 14:54:30 +01:00
109 lines
3.2 KiB
C++
109 lines
3.2 KiB
C++
/***
|
|
This file is part of snapcast
|
|
Copyright (C) 2014-2024 Johannes Pohl
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
***/
|
|
|
|
#pragma once
|
|
|
|
// local headers
|
|
#include "common/error_code.hpp"
|
|
#include "server_settings.hpp"
|
|
|
|
// 3rd party headers
|
|
|
|
// standard headers
|
|
#include <chrono>
|
|
#include <optional>
|
|
#include <string>
|
|
#include <system_error>
|
|
|
|
/// Authentication error codes
|
|
enum class AuthErrc
|
|
{
|
|
auth_scheme_not_supported = 1,
|
|
failed_to_create_token = 2,
|
|
unknown_user = 3,
|
|
wrong_password = 4,
|
|
expired = 5,
|
|
token_validation_failed = 6,
|
|
};
|
|
|
|
namespace snapcast::error::auth
|
|
{
|
|
const std::error_category& category();
|
|
}
|
|
|
|
|
|
|
|
namespace std
|
|
{
|
|
template <>
|
|
struct is_error_code_enum<AuthErrc> : public std::true_type
|
|
{
|
|
};
|
|
} // namespace std
|
|
|
|
std::error_code make_error_code(AuthErrc);
|
|
|
|
using snapcast::ErrorCode;
|
|
using snapcast::ErrorOr;
|
|
|
|
/// Authentication Info class
|
|
class AuthInfo
|
|
{
|
|
public:
|
|
/// c'tor
|
|
explicit AuthInfo(const ServerSettings& settings);
|
|
// explicit AuthInfo(std::string authheader);
|
|
/// d'tor
|
|
virtual ~AuthInfo() = default;
|
|
|
|
/// @return if authentication info is available
|
|
bool hasAuthInfo() const;
|
|
// ErrorCode isValid(const std::string& command) const;
|
|
/// @return the username
|
|
const std::string& username() const;
|
|
|
|
/// Authenticate with basic scheme
|
|
ErrorCode authenticateBasic(const std::string& credentials);
|
|
/// Authenticate with bearer scheme
|
|
ErrorCode authenticateBearer(const std::string& token);
|
|
/// Authenticate with basic or bearer scheme with an auth header
|
|
ErrorCode authenticate(const std::string& auth);
|
|
/// Authenticate with scheme ("basic" or "bearer") and auth param
|
|
ErrorCode authenticate(const std::string& scheme, const std::string& param);
|
|
|
|
/// @return JWS token for @p username and @p password
|
|
ErrorOr<std::string> getToken(const std::string& username, const std::string& password) const;
|
|
/// @return if the authenticated user has permission to access @p ressource
|
|
bool hasPermission(const std::string& resource) const;
|
|
|
|
private:
|
|
/// has auth info
|
|
bool has_auth_info_;
|
|
/// auth user name
|
|
std::string username_;
|
|
/// optional token expiration
|
|
std::optional<std::chrono::system_clock::time_point> expires_;
|
|
/// server configuration
|
|
ServerSettings settings_;
|
|
|
|
/// Validate @p username and @p password
|
|
/// @return true if username and password are correct
|
|
ErrorCode validateUser(const std::string& username, const std::optional<std::string>& password = std::nullopt) const;
|
|
/// @return if the authentication is expired
|
|
bool isExpired() const;
|
|
};
|