mirror of
https://github.com/FrankerFaceZ/FrankerFaceZ.git
synced 2025-08-21 05:20:54 +00:00
Switch to nacl cryptobox
This commit is contained in:
Kane York
parent
401f66f15b
commit
c6a3c120c6
6 changed files with 144 additions and 60 deletions
|
|
@ -1,6 +1,7 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"golang.org/x/crypto/nacl/box"
|
||||
"net/http"
|
||||
"time"
|
||||
"fmt"
|
||||
|
|
@ -9,9 +10,12 @@ import (
|
|||
"strconv"
|
||||
"io/ioutil"
|
||||
"encoding/json"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"sync"
|
||||
"log"
|
||||
"os"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var backendHttpClient http.Client
|
||||
|
|
@ -20,6 +24,10 @@ var responseCache *cache.Cache
|
|||
|
||||
var getBacklogUrl string
|
||||
|
||||
var backendSharedKey [32]byte
|
||||
|
||||
var messageBufferPool sync.Pool
|
||||
|
||||
func SetupBackend(config *Config) {
|
||||
backendHttpClient.Timeout = 60 * time.Second
|
||||
backendUrl = config.BackendUrl
|
||||
|
|
@ -29,26 +37,45 @@ func SetupBackend(config *Config) {
|
|||
responseCache = cache.New(60 * time.Second, 120 * time.Second)
|
||||
|
||||
getBacklogUrl = fmt.Sprintf("%s/backlog", backendUrl)
|
||||
}
|
||||
|
||||
func SetupBackendCertificates(config *Config, certPool x509.CertPool) {
|
||||
myCert, err := tls.LoadX509KeyPair(config.BackendClientCertFile, config.BackendClientKeyFile)
|
||||
messageBufferPool.New = NewByteBuffer
|
||||
|
||||
var keys CryptoKeysBuf
|
||||
file, err := os.Open(config.NaclKeysFile)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
tlsConfig := tls.Config{
|
||||
Certificates: []tls.Certificate{myCert},
|
||||
RootCAs: certPool,
|
||||
dec := json.NewDecoder(file)
|
||||
err = dec.Decode(&keys)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
tlsConfig.BuildNameToCertificate()
|
||||
transport := &http.Transport{TLSClientConfig: tlsConfig}
|
||||
backendHttpClient.Transport = transport
|
||||
|
||||
box.Precompute(&backendSharedKey, &keys.TheirPublicKey, &keys.OurPrivateKey)
|
||||
}
|
||||
|
||||
func getCacheKey(remoteCommand, data string) string {
|
||||
return fmt.Sprintf("%s/%s", remoteCommand, data)
|
||||
}
|
||||
|
||||
func SealRequest(form url.Values) ([]byte, error) {
|
||||
asString := form.Encode()
|
||||
var nonce [24]byte
|
||||
var err error
|
||||
|
||||
err = FillCryptoRandom(nonce[:])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
message := []byte(asString)
|
||||
out := make([]byte, len(message) + box.Overhead)
|
||||
box.SealAfterPrecomputation(out, message, &nonce, &backendSharedKey)
|
||||
|
||||
// TODO
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func RequestRemoteDataCached(remoteCommand, data string, auth AuthInfo) (string, error) {
|
||||
cached, ok := responseCache.Get(getCacheKey(remoteCommand, data))
|
||||
if ok {
|
||||
|
|
@ -57,7 +84,7 @@ func RequestRemoteDataCached(remoteCommand, data string, auth AuthInfo) (string,
|
|||
return RequestRemoteData(remoteCommand, data, auth)
|
||||
}
|
||||
|
||||
func RequestRemoteData(remoteCommand, data string, auth AuthInfo) (string, error) {
|
||||
func RequestRemoteData(remoteCommand, data string, auth AuthInfo) (responseStr string, err error) {
|
||||
destUrl := fmt.Sprintf("%s/cmd/%s", backendUrl, remoteCommand)
|
||||
var authKey string
|
||||
if auth.UsernameValidated {
|
||||
|
|
@ -70,9 +97,6 @@ func RequestRemoteData(remoteCommand, data string, auth AuthInfo) (string, error
|
|||
"clientData": []string{data},
|
||||
authKey: []string{auth.TwitchUsername},
|
||||
}
|
||||
if gconfig.BasicAuthPassword != "" {
|
||||
formData["password"] = gconfig.BasicAuthPassword
|
||||
}
|
||||
|
||||
resp, err := backendHttpClient.PostForm(destUrl, formData)
|
||||
if err != nil {
|
||||
|
|
@ -85,7 +109,7 @@ func RequestRemoteData(remoteCommand, data string, auth AuthInfo) (string, error
|
|||
return "", err
|
||||
}
|
||||
|
||||
responseJson := string(respBytes)
|
||||
responseStr = string(respBytes)
|
||||
|
||||
if resp.Header.Get("FFZ-Cache") != "" {
|
||||
durSecs, err := strconv.ParseInt(resp.Header.Get("FFZ-Cache"), 10, 64)
|
||||
|
|
@ -93,10 +117,10 @@ func RequestRemoteData(remoteCommand, data string, auth AuthInfo) (string, error
|
|||
return "", fmt.Errorf("The RPC server returned a non-integer cache duration: %v", err)
|
||||
}
|
||||
duration := time.Duration(durSecs) * time.Second
|
||||
responseCache.Set(getCacheKey(remoteCommand, data), responseJson, duration)
|
||||
responseCache.Set(getCacheKey(remoteCommand, data), responseStr, duration)
|
||||
}
|
||||
|
||||
return responseJson, nil
|
||||
return
|
||||
}
|
||||
|
||||
func FetchBacklogData(chatSubs, channelSubs []string) ([]ClientMessage, error) {
|
||||
|
|
@ -117,4 +141,43 @@ func FetchBacklogData(chatSubs, channelSubs []string) ([]ClientMessage, error) {
|
|||
}
|
||||
|
||||
return messages, nil
|
||||
}
|
||||
}
|
||||
|
||||
func GenerateKeys(outputFile, serverId, theirPublicStr string) {
|
||||
var err error
|
||||
output := CryptoKeysBuf{}
|
||||
|
||||
output.ServerId, err = strconv.Atoi(serverId)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
ourPublic, ourPrivate, err := box.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
output.OurPublicKey, output.OurPrivateKey = *ourPublic, *ourPrivate
|
||||
|
||||
if theirPublicStr != "" {
|
||||
reader := base64.NewDecoder(base64.RawURLEncoding, strings.NewReader(theirPublicStr))
|
||||
theirPublic, err := ioutil.ReadAll(reader)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
copy(output.TheirPublicKey[:], theirPublic)
|
||||
}
|
||||
|
||||
file, err := os.Create(outputFile)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
enc := json.NewEncoder(file)
|
||||
err = enc.Encode(output)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
err = file.Close()
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue