lokinet/llarp/service/auth.hpp

#pragma once
#include "address.hpp"

#include <llarp/crypto/types.hpp>

#include <functional>
#include <optional>
#include <string>

namespace llarp
{
  struct Router;
}

namespace llarp::service
{
  /// authentication status code
  enum class AuthCode : uint64_t
  {
    /// explicitly accepted
    ACCEPTED = 0,
    /// explicitly rejected
    REJECTED = 1,
    /// attempt failed
    FAILED = 2,
    /// attempt rate limited
    RATE_LIMIT = 3,
    /// need mo munny
    PAYMENT_REQUIRED = 4
  };

  /// turn an auth result code into an int
  uint64_t
  auth_code_to_int(AuthCode code);

  /// may turn an int into an auth result code
  std::optional<AuthCode>
  int_to_auth_code(uint64_t code);

  /// auth result object with code and reason
  struct AuthResult
  {
    AuthCode code;
    std::string reason;
  };

  struct ProtocolMessage;
  struct ConvoTag;

  /// maybe get auth result from string
  std::optional<AuthCode>
  parse_auth_code(std::string data);

  struct IAuthPolicy
  {
    virtual ~IAuthPolicy() = default;

    /// asynchronously determine if we accept new convotag from remote service, call hook with
    /// result later
    virtual void
    authenticate_async(
        std::shared_ptr<ProtocolMessage> msg, std::function<void(std::string, bool)> hook) = 0;

    /// return true if we are asynchronously processing authentication on this convotag
    virtual bool
    auth_async_pending(ConvoTag tag) const = 0;
  };

  /// info needed by clients in order to authenticate to a remote endpoint
  struct AuthInfo
  {
    std::string token;
  };

  /// what kind of backend to use for auth
  enum class AuthType
  {
    /// no authentication
    NONE,
    /// manual whitelist
    WHITELIST,
    /// LMQ server
    OMQ,
    /// static file
    FILE,
  };

  /// how to interpret an file for auth
  enum class AuthFileType
  {
    PLAIN,
    HASHES,
  };

  /// get an auth type from a string
  /// throws std::invalid_argument if arg is invalid
  AuthType
  parse_auth_type(std::string arg);

  /// get an auth file type from a string
  /// throws std::invalid_argument if arg is invalid
  AuthFileType
  parse_auth_file_type(std::string arg);

  /// make an IAuthPolicy that reads out of a static file
  std::shared_ptr<IAuthPolicy>
  make_file_auth_policy(Router*, std::set<fs::path> files, AuthFileType fileType);

}  // namespace llarp::service
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`#pragma once`
Clang format include sorting + CMake - includes are now sorted in consistent, logical order; first step in an attempt to fix the tomfoolery (no relation to Tom) brought in by include-what-you-use - shuffled around some cmake linking to simplify dependency graph - superfluous files removed 2023-10-24 13:18:03 +00:00			`#include "address.hpp"`

Review commit 2023-10-19 21:59:57 +00:00			`#include <llarp/crypto/types.hpp>`
Clang format include sorting + CMake - includes are now sorted in consistent, logical order; first step in an attempt to fix the tomfoolery (no relation to Tom) brought in by include-what-you-use - shuffled around some cmake linking to simplify dependency graph - superfluous files removed 2023-10-24 13:18:03 +00:00
			`#include <functional>`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`#include <optional>`
			`#include <string>`

wawaweewa 2023-10-03 20:00:23 +00:00			`namespace llarp`
			`{`
			`struct Router;`
			`}`

exit authentication (initial) 2020-05-28 11:07:32 +00:00			`namespace llarp::service`
			`{`
add string reason to auth messages 2021-02-24 12:14:15 +00:00			`/// authentication status code`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`enum class AuthCode : uint64_t`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`{`
			`/// explicitly accepted`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`ACCEPTED = 0,`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`/// explicitly rejected`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`REJECTED = 1,`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`/// attempt failed`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`FAILED = 2,`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`/// attempt rate limited`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`RATE_LIMIT = 3,`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`/// need mo munny`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`PAYMENT_REQUIRED = 4`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`};`

make AuthResultCode an enum class 2021-02-24 18:41:23 +00:00			`/// turn an auth result code into an int`
			`uint64_t`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`auth_code_to_int(AuthCode code);`
make AuthResultCode an enum class 2021-02-24 18:41:23 +00:00
			`/// may turn an int into an auth result code`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`std::optional<AuthCode>`
			`int_to_auth_code(uint64_t code);`
make AuthResultCode an enum class 2021-02-24 18:41:23 +00:00
add string reason to auth messages 2021-02-24 12:14:15 +00:00			`/// auth result object with code and reason`
			`struct AuthResult`
			`{`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`AuthCode code;`
add string reason to auth messages 2021-02-24 12:14:15 +00:00			`std::string reason;`
			`};`
feedback auth result via lmq rpc 2021-01-01 18:55:31 +00:00
wawaweewa 2023-10-03 20:00:23 +00:00			`struct ProtocolMessage;`
			`struct ConvoTag;`

exit authentication (initial) 2020-05-28 11:07:32 +00:00			`/// maybe get auth result from string`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`std::optional<AuthCode>`
			`parse_auth_code(std::string data);`
exit authentication (initial) 2020-05-28 11:07:32 +00:00
			`struct IAuthPolicy`
			`{`
make destructor virtual 2022-01-31 21:02:30 +00:00			`virtual ~IAuthPolicy() = default;`
exit authentication (initial) 2020-05-28 11:07:32 +00:00
			`/// asynchronously determine if we accept new convotag from remote service, call hook with`
			`/// result later`
			`virtual void`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`authenticate_async(`
Outbound context absorbed sendcontex - message transmission routed through refactored handling - still work to be done, but now to make it compile at least 2023-10-18 12:48:09 +00:00			`std::shared_ptr<ProtocolMessage> msg, std::function<void(std::string, bool)> hook) = 0;`
feedback auth result via lmq rpc 2021-01-01 18:55:31 +00:00
			`/// return true if we are asynchronously processing authentication on this convotag`
			`virtual bool`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`auth_async_pending(ConvoTag tag) const = 0;`
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`};`
* rework exit codepath to allow multiple exits * rework net code for ip ranges to be cleaner * clean up endpoint auth code * refactor config to validate network configs before setting up endpoints * remove buildone from path/pathbuilder.cpp so we don't spam connection attempts 2020-06-24 13:24:07 +00:00
			`/// info needed by clients in order to authenticate to a remote endpoint`
			`struct AuthInfo`
			`{`
			`std::string token;`
			`};`

address feedback. * use exceptions when fetching identity key instead of std::optional, will throw on fail * fix up config options for endpoint auth and add better docs * add llarp::serive::AuthType enum for controlling what kind of endpoint auth to use 2020-06-30 16:02:29 +00:00			`/// what kind of backend to use for auth`
			`enum class AuthType`
			`{`
			`/// no authentication`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`NONE,`
address feedback. * use exceptions when fetching identity key instead of std::optional, will throw on fail * fix up config options for endpoint auth and add better docs * add llarp::serive::AuthType enum for controlling what kind of endpoint auth to use 2020-06-30 16:02:29 +00:00			`/// manual whitelist`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`WHITELIST,`
address feedback. * use exceptions when fetching identity key instead of std::optional, will throw on fail * fix up config options for endpoint auth and add better docs * add llarp::serive::AuthType enum for controlling what kind of endpoint auth to use 2020-06-30 16:02:29 +00:00			`/// LMQ server`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`OMQ,`
add hashed password capability to endpoint auth by file 2022-04-01 16:52:25 +00:00			`/// static file`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`FILE,`
address feedback. * use exceptions when fetching identity key instead of std::optional, will throw on fail * fix up config options for endpoint auth and add better docs * add llarp::serive::AuthType enum for controlling what kind of endpoint auth to use 2020-06-30 16:02:29 +00:00			`};`

add hashed password capability to endpoint auth by file 2022-04-01 16:52:25 +00:00			`/// how to interpret an file for auth`
			`enum class AuthFileType`
			`{`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`PLAIN,`
			`HASHES,`
add hashed password capability to endpoint auth by file 2022-04-01 16:52:25 +00:00			`};`

address feedback. * use exceptions when fetching identity key instead of std::optional, will throw on fail * fix up config options for endpoint auth and add better docs * add llarp::serive::AuthType enum for controlling what kind of endpoint auth to use 2020-06-30 16:02:29 +00:00			`/// get an auth type from a string`
			`/// throws std::invalid_argument if arg is invalid`
			`AuthType`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`parse_auth_type(std::string arg);`
address feedback. * use exceptions when fetching identity key instead of std::optional, will throw on fail * fix up config options for endpoint auth and add better docs * add llarp::serive::AuthType enum for controlling what kind of endpoint auth to use 2020-06-30 16:02:29 +00:00
add hashed password capability to endpoint auth by file 2022-04-01 16:52:25 +00:00			`/// get an auth file type from a string`
			`/// throws std::invalid_argument if arg is invalid`
			`AuthFileType`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`parse_auth_file_type(std::string arg);`
add hashed password capability to endpoint auth by file 2022-04-01 16:52:25 +00:00
add file auth for tokens 2022-01-17 12:57:08 +00:00			`/// make an IAuthPolicy that reads out of a static file`
			`std::shared_ptr<IAuthPolicy>`
A soothing re-nomenclatura 2023-11-03 13:40:14 +00:00			`make_file_auth_policy(Router*, std::set<fs::path> files, AuthFileType fileType);`
add file auth for tokens 2022-01-17 12:57:08 +00:00
exit authentication (initial) 2020-05-28 11:07:32 +00:00			`} // namespace llarp::service`