iteration

2023-10-09 06:54:35 -04:00
parent e6ed55bcc7
commit bb0d27b755
9 changed files with 515 additions and 77 deletions
--- a/packages/auth.lua
+++ b/packages/auth.lua
@ -6,10 +6,6 @@ if args[1] == nil then
 end

 local action = args[1]
-local server = settings.get("auth.server")
-
-
-auth_server_id = lns.lookup(server)

 if action == "login" then
    io.write("Username: ")
@ -17,43 +13,12 @@ if action == "login" then
    io.write("Password: ")
    local password = read("*")

-    local data = {
-        ["action"] = "login",
-        ["username"] = username,
-        ["password"] = password
-    }
-
-    rednet.send(auth_server_id, data, "auth")
-
-    while true do
-        id, msg = rednet.receive("auth")
-        if id == auth_server_id then
-            if msg == "invalid request" then
-                io.write("Invalid request\n")
-                return
-            elseif msg == "user not found" then
-                io.write("User not found\n")
-                return
-            elseif msg == "invalid password" then
-                io.write("Invalid password\n")
-                return
-            else
-                token = msg
-                break
-            end
-        end
+    if login(username, password) then
+        io.write("Logged in as " .. username .. "\n")
    end

-    settings.set("auth.username", username)
-    settings.set("auth.token", token)
-    settings.save()
-    io.write("Logged in as " .. username .. "\n")
-    return
-
 elseif action == "logout" then
-    settings.set("auth.token", -1)
-    settings.save()
-    io.write("Logged out\n")
+    auth.logout()
    return

 elseif action == "register" then
@ -69,29 +34,7 @@ elseif action == "register" then
        return
    end

-    local data = {
-        ["action"] = "register",
-        ["username"] = username,
-        ["password"] = password
-    }
-
-    rednet.send(auth_server_id, data, "auth")
-
-    while true do
-        id, msg = rednet.receive("auth")
-        if id == auth_server_id then
-            if msg == "invalid request" then
-                io.write("Invalid request\n")
-                return
-            elseif msg == "user already exists" then
-                io.write("User already exists\n")
-                return
-            else
-                io.write("Registered user " .. username .. "\n")
-                return
-            end
-        end
-    end
+    auth.register(username, password)
 elseif action == "group" then
    local subaction = args[2]
    if subaction == nil then
--- a/packages/auth_server.lua
+++ b/packages/auth_server.lua
@ -1,4 +1,9 @@

+settings.define("auth_server.salt", {
+    description = "Salt for hashing passwords",
+    type = "string",
+    default = "3m&LmNm7"
+})

 local data = {
    users = {}
@ -7,6 +12,7 @@ local data = {
 -- data = {
 --     users = {
 --         ["username"] = {
+--             token = "token",
 --             password = "hashed password",
 --             groups = {
 --                 ["group"] = true
@ -31,28 +37,15 @@ function load_data()
 end

 function generate_token(user)
-    local token = hash(user .. os.time() .. math.random())
+    local token = sha256.sha256(user .. os.time() .. math.random())
    data.users[user].token = token

    return token
 end

 function convert_password(password)
-    return hash(password .. "3m&LmNm7")
-end
-
-- Does a complex hash of a string to make it harder to guess
-function hash(str)
-    local hash = 0
-    local len = string.len(str)
-    local byte = 0
-
-    for i = 1, len do
-        byte = string.byte(str, i)
-        hash = bit32.band(hash * 31 + byte, 0xFFFFFFFF)
-    end
-
-    return hash
+    local salt = settings.get("auth_server.salt")
+    return sha256.sha256(password .. salt)
 end

 function log(str)