ReVanced/revanced-api
1
0
Fork 0
mirror of https://github.com/revanced/revanced-api.git synced 2025-04-29 22:24:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: Use auth digest instead of basic auth

Browse Source
This commit is contained in:
oSumAtrIX 2024-07-08 05:17:45 +02:00
parent 89a577e91a
commit 89e2acfebb
No known key found for this signature in database
GPG Key ID: A9B3094ACDB604B4
5 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example
View File

@ -8,9 +8,8 @@ DB_URL=jdbc:h2:./persistence/revanced-api
DB_USER=
DB_PASSWORD=
# Basic authentication to issue JWT tokens
BASIC_USERNAME=
BASIC_PASSWORD=
# Digest auth to issue JWT tokens in the format SHA256("username:ReVanced:password")
AUTH_SHA256_DIGEST=
# JWT configuration for authenticated API endpoints
JWT_SECRET=

5
src/main/kotlin/app/revanced/api/configuration/Dependencies.kt
View File

@ -118,10 +118,9 @@ fun Application.configureDependencies(
val issuer = dotenv["JWT_ISSUER"]
val validityInMin = dotenv["JWT_VALIDITY_IN_MIN"].toInt()
val basicUsername = dotenv["BASIC_USERNAME"]
val basicPassword = dotenv["BASIC_PASSWORD"]
val authSHA256DigestString = dotenv["AUTH_SHA256_DIGEST"]
AuthService(issuer, validityInMin, jwtSecret, basicUsername, basicPassword)
AuthService(issuer, validityInMin, jwtSecret, authSHA256DigestString)
}
single {
OldApiService(

2
src/main/kotlin/app/revanced/api/configuration/OpenAPI.kt
View File

@ -9,7 +9,6 @@ import io.bkbn.kompendium.oas.component.Components
import io.bkbn.kompendium.oas.info.Contact
import io.bkbn.kompendium.oas.info.Info
import io.bkbn.kompendium.oas.info.License
import io.bkbn.kompendium.oas.security.BasicAuth
import io.bkbn.kompendium.oas.security.BearerAuth
import io.bkbn.kompendium.oas.server.Server
import io.ktor.server.application.*
@ -38,7 +37,6 @@ internal fun Application.configureOpenAPI() {
components = Components(
securitySchemes = mutableMapOf(
"bearer" to BearerAuth(),
"basic" to BasicAuth(),
),
),
).apply {

2
src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt
View File

@ -25,7 +25,7 @@ internal fun Route.rootRoute() {
val authService = koinGet<AuthService>()
rateLimit(RateLimitName("strong")) {
authenticate("basic") {
authenticate("auth-digest") {
route("token") {
installTokenRouteDocumentation()

27
src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt
View File

@ -6,15 +6,23 @@ import io.ktor.server.application.*
import io.ktor.server.auth.*
import io.ktor.server.auth.jwt.*
import java.util.*
import kotlin.text.HexFormat
import kotlin.time.Duration.Companion.minutes
internal class AuthService(
internal class AuthService private constructor(
private val issuer: String,
private val validityInMin: Int,
private val jwtSecret: String,
private val basicUsername: String,
private val basicPassword: String,
private val authSHA256Digest: ByteArray,
) {
@OptIn(ExperimentalStdlibApi::class)
constructor(issuer: String, validityInMin: Int, jwtSecret: String, authSHA256DigestString: String) : this(
issuer,
validityInMin,
jwtSecret,
authSHA256DigestString.hexToByteArray(HexFormat.Default),
)
val configureSecurity: Application.() -> Unit = {
install(Authentication) {
jwt("jwt") {
@ -26,13 +34,12 @@ internal class AuthService(
validate { credential -> JWTPrincipal(credential.payload) }
}
basic("basic") {
validate { credentials ->
if (credentials.name == basicUsername && credentials.password == basicPassword) {
UserIdPrincipal(credentials.name)
} else {
null
}
digest("auth-digest") {
realm = "ReVanced"
algorithmName = "SHA-256"
digestProvider { _, _ ->
authSHA256Digest
}
}
}