1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
/***
This file is part of snapcast
Copyright (C) 2014-2025 Johannes Pohl
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
***/
#pragma once
// local headers
#include "common/error_code.hpp"
#include "server_settings.hpp"
// 3rd party headers
// standard headers
#include <chrono>
#include <optional>
#include <string>
#include <system_error>
/// Authentication error codes
enum class AuthErrc
{
auth_scheme_not_supported = 1,
failed_to_create_token = 2,
unknown_user = 3,
wrong_password = 4,
expired = 5,
token_validation_failed = 6,
};
namespace snapcast::error::auth
{
const std::error_category& category();
}
namespace std
{
template <>
struct is_error_code_enum<AuthErrc> : public std::true_type
{
};
} // namespace std
std::error_code make_error_code(AuthErrc);
using snapcast::ErrorCode;
using snapcast::ErrorOr;
/// Authentication Info class
class AuthInfo
{
public:
/// c'tor
explicit AuthInfo(ServerSettings::Authorization auth_settings);
// explicit AuthInfo(std::string authheader);
/// d'tor
virtual ~AuthInfo() = default;
/// @return if user is authenticated
bool isAuthenticated() const;
// ErrorCode isValid(const std::string& command) const;
/// @return the username
const std::string& username() const;
/// Authenticate with basic scheme
ErrorCode authenticateBasic(const std::string& credentials);
/// Authenticate with user:password
ErrorCode authenticatePlain(const std::string& user_password);
/// Authenticate with bearer scheme
// ErrorCode authenticateBearer(const std::string& token);
/// Authenticate with basic or bearer scheme with an auth header
ErrorCode authenticate(const std::string& auth);
/// Authenticate with scheme ("basic" or "bearer") and auth param
ErrorCode authenticate(const std::string& scheme, const std::string& param);
// @return JWS token for @p username and @p password
// ErrorOr<std::string> getToken(const std::string& username, const std::string& password) const;
/// @return if the authenticated user has permission to access @p ressource
bool hasPermission(const std::string& resource) const;
private:
/// is authenticated
bool is_authenticated_;
/// auth user name
std::string username_;
/// optional token expiration
std::optional<std::chrono::system_clock::time_point> expires_;
/// server configuration
ServerSettings::Authorization auth_settings_;
/// Validate @p username and @p password
/// @return true if username and password are correct
ErrorCode validateUser(const std::string& username, const std::optional<std::string>& password = std::nullopt) const;
/// @return if the authentication is expired
bool isExpired() const;
};
|
