ReVanced/revanced-api
1
0
Fork 0
mirror of https://github.com/revanced/revanced-api.git synced 2025-04-29 22:24:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: Use auth digest instead of basic auth

Browse Source
This commit is contained in:
oSumAtrIX 2024-07-08 05:17:45 +02:00
parent 89a577e91a
commit 89e2acfebb
No known key found for this signature in database
GPG Key ID: A9B3094ACDB604B4
5 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example
View File

@ -8,9 +8,8 @@ DB_URL=jdbc:h2:./persistence/revanced-api
DB_USER= DB_USER=
DB_PASSWORD= DB_PASSWORD=
# Basic authentication to issue JWT tokens # Digest auth to issue JWT tokens in the format SHA256("username:ReVanced:password")
BASIC_USERNAME= AUTH_SHA256_DIGEST=
BASIC_PASSWORD=
# JWT configuration for authenticated API endpoints # JWT configuration for authenticated API endpoints
JWT_SECRET= JWT_SECRET=

5
src/main/kotlin/app/revanced/api/configuration/Dependencies.kt
View File

@ -118,10 +118,9 @@ fun Application.configureDependencies(
val issuer = dotenv["JWT_ISSUER"] val issuer = dotenv["JWT_ISSUER"]
val validityInMin = dotenv["JWT_VALIDITY_IN_MIN"].toInt() val validityInMin = dotenv["JWT_VALIDITY_IN_MIN"].toInt()
val basicUsername = dotenv["BASIC_USERNAME"] val authSHA256DigestString = dotenv["AUTH_SHA256_DIGEST"]
val basicPassword = dotenv["BASIC_PASSWORD"]
AuthService(issuer, validityInMin, jwtSecret, basicUsername, basicPassword) AuthService(issuer, validityInMin, jwtSecret, authSHA256DigestString)
} }
single { single {
OldApiService( OldApiService(

2
src/main/kotlin/app/revanced/api/configuration/OpenAPI.kt
View File

@ -9,7 +9,6 @@ import io.bkbn.kompendium.oas.component.Components
import io.bkbn.kompendium.oas.info.Contact import io.bkbn.kompendium.oas.info.Contact
import io.bkbn.kompendium.oas.info.Info import io.bkbn.kompendium.oas.info.Info
import io.bkbn.kompendium.oas.info.License import io.bkbn.kompendium.oas.info.License
import io.bkbn.kompendium.oas.security.BasicAuth
import io.bkbn.kompendium.oas.security.BearerAuth import io.bkbn.kompendium.oas.security.BearerAuth
import io.bkbn.kompendium.oas.server.Server import io.bkbn.kompendium.oas.server.Server
import io.ktor.server.application.* import io.ktor.server.application.*
@ -38,7 +37,6 @@ internal fun Application.configureOpenAPI() {
components = Components( components = Components(
securitySchemes = mutableMapOf( securitySchemes = mutableMapOf(
"bearer" to BearerAuth(), "bearer" to BearerAuth(),
"basic" to BasicAuth(),
), ),
), ),
).apply { ).apply {

2
src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt
View File

@ -25,7 +25,7 @@ internal fun Route.rootRoute() {
val authService = koinGet<AuthService>() val authService = koinGet<AuthService>()
rateLimit(RateLimitName("strong")) { rateLimit(RateLimitName("strong")) {
authenticate("basic") { authenticate("auth-digest") {
route("token") { route("token") {
installTokenRouteDocumentation() installTokenRouteDocumentation()

27
src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt
View File

@ -6,15 +6,23 @@ import io.ktor.server.application.*
import io.ktor.server.auth.* import io.ktor.server.auth.*
import io.ktor.server.auth.jwt.* import io.ktor.server.auth.jwt.*
import java.util.* import java.util.*
import kotlin.text.HexFormat
import kotlin.time.Duration.Companion.minutes import kotlin.time.Duration.Companion.minutes
internal class AuthService( internal class AuthService private constructor(
private val issuer: String, private val issuer: String,
private val validityInMin: Int, private val validityInMin: Int,
private val jwtSecret: String, private val jwtSecret: String,
private val basicUsername: String, private val authSHA256Digest: ByteArray,
private val basicPassword: String,
) { ) {
@OptIn(ExperimentalStdlibApi::class)
constructor(issuer: String, validityInMin: Int, jwtSecret: String, authSHA256DigestString: String) : this(
issuer,
validityInMin,
jwtSecret,
authSHA256DigestString.hexToByteArray(HexFormat.Default),
)
val configureSecurity: Application.() -> Unit = { val configureSecurity: Application.() -> Unit = {
install(Authentication) { install(Authentication) {
jwt("jwt") { jwt("jwt") {
@ -26,13 +34,12 @@ internal class AuthService(
validate { credential -> JWTPrincipal(credential.payload) } validate { credential -> JWTPrincipal(credential.payload) }
} }
basic("basic") { digest("auth-digest") {
validate { credentials -> realm = "ReVanced"
if (credentials.name == basicUsername && credentials.password == basicPassword) { algorithmName = "SHA-256"
UserIdPrincipal(credentials.name)
} else { digestProvider { _, _ ->
null authSHA256Digest
}
} }
} }
} }