Use hashed device tokens
This commit is contained in:
parent
aa0646ba87
commit
75c4a37e40
@ -8,7 +8,7 @@ final class DeviceManager {
|
|||||||
private var connection: WebSocket?
|
private var connection: WebSocket?
|
||||||
|
|
||||||
/// The authentication token of the device for the socket connection
|
/// The authentication token of the device for the socket connection
|
||||||
private let deviceKey: String
|
private let deviceKey: Data
|
||||||
|
|
||||||
/// The authentication token of the remote
|
/// The authentication token of the remote
|
||||||
private let remoteKey: Data
|
private let remoteKey: Data
|
||||||
@ -26,7 +26,7 @@ final class DeviceManager {
|
|||||||
/// A promise to finish the request once the device responds or times out
|
/// A promise to finish the request once the device responds or times out
|
||||||
private var requestInProgress: EventLoopPromise<DeviceResponse>?
|
private var requestInProgress: EventLoopPromise<DeviceResponse>?
|
||||||
|
|
||||||
init(deviceKey: String, remoteKey: Data) {
|
init(deviceKey: Data, remoteKey: Data) {
|
||||||
self.deviceKey = deviceKey
|
self.deviceKey = deviceKey
|
||||||
self.remoteKey = remoteKey
|
self.remoteKey = remoteKey
|
||||||
}
|
}
|
||||||
@ -57,8 +57,9 @@ final class DeviceManager {
|
|||||||
return requestInProgress!.futureResult
|
return requestInProgress!.futureResult
|
||||||
}
|
}
|
||||||
|
|
||||||
func authenticateDevice(psk: String) {
|
func authenticateDevice(hash: String) {
|
||||||
guard psk == self.deviceKey else {
|
guard let key = Data(fromHexEncodedString: hash),
|
||||||
|
SHA256.hash(data: key) == self.deviceKey else {
|
||||||
print("Invalid device key")
|
print("Invalid device key")
|
||||||
_ = connection?.close()
|
_ = connection?.close()
|
||||||
deviceIsAuthenticated = false
|
deviceIsAuthenticated = false
|
||||||
|
@ -4,7 +4,7 @@ var deviceManager: DeviceManager!
|
|||||||
|
|
||||||
enum ServerError: Error {
|
enum ServerError: Error {
|
||||||
case invalidAuthenticationFileContent
|
case invalidAuthenticationFileContent
|
||||||
case invalidRemoteAuthenticationToken
|
case invalidAuthenticationToken
|
||||||
}
|
}
|
||||||
|
|
||||||
// configures your application
|
// configures your application
|
||||||
@ -13,20 +13,24 @@ public func configure(_ app: Application) throws {
|
|||||||
|
|
||||||
let storageFolder = URL(fileURLWithPath: app.directory.resourcesDirectory)
|
let storageFolder = URL(fileURLWithPath: app.directory.resourcesDirectory)
|
||||||
let keyFile = storageFolder.appendingPathComponent(Config.keyFileName)
|
let keyFile = storageFolder.appendingPathComponent(Config.keyFileName)
|
||||||
let authContent = try String(contentsOf: keyFile)
|
let authContent: [Data] = try String(contentsOf: keyFile)
|
||||||
.trimmingCharacters(in: .whitespacesAndNewlines)
|
.trimmingCharacters(in: .whitespacesAndNewlines)
|
||||||
.components(separatedBy: "\n")
|
.components(separatedBy: "\n")
|
||||||
.map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
|
.map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
|
||||||
|
.map {
|
||||||
|
guard let key = Data(fromHexEncodedString: $0) else {
|
||||||
|
throw ServerError.invalidAuthenticationToken
|
||||||
|
}
|
||||||
|
guard key.count == SHA256.byteCount else {
|
||||||
|
throw ServerError.invalidAuthenticationToken
|
||||||
|
}
|
||||||
|
return key
|
||||||
|
}
|
||||||
guard authContent.count == 2 else {
|
guard authContent.count == 2 else {
|
||||||
throw ServerError.invalidAuthenticationFileContent
|
throw ServerError.invalidAuthenticationFileContent
|
||||||
}
|
}
|
||||||
let deviceKey = authContent[0]
|
let deviceKey = authContent[0]
|
||||||
guard let remoteKey = Data(fromHexEncodedString: authContent[1]) else {
|
let remoteKey = authContent[1]
|
||||||
throw ServerError.invalidRemoteAuthenticationToken
|
|
||||||
}
|
|
||||||
guard remoteKey.count == SHA256.byteCount else {
|
|
||||||
throw ServerError.invalidRemoteAuthenticationToken
|
|
||||||
}
|
|
||||||
deviceManager = DeviceManager(deviceKey: deviceKey, remoteKey: remoteKey)
|
deviceManager = DeviceManager(deviceKey: deviceKey, remoteKey: remoteKey)
|
||||||
try routes(app)
|
try routes(app)
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ func routes(_ app: Application) throws {
|
|||||||
deviceManager.processDeviceResponse(data)
|
deviceManager.processDeviceResponse(data)
|
||||||
}
|
}
|
||||||
socket.onText { _, text in
|
socket.onText { _, text in
|
||||||
deviceManager.authenticateDevice(psk: text)
|
deviceManager.authenticateDevice(hash: text)
|
||||||
}
|
}
|
||||||
|
|
||||||
_ = socket.onClose.always { _ in
|
_ = socket.onClose.always { _ in
|
||||||
|
Loading…
Reference in New Issue
Block a user