Skip to content

Commit 4b58a3a

Browse files
committed
add offline key for bootstrapping problem
1 parent 27e713e commit 4b58a3a

File tree

3 files changed

+17
-4
lines changed

3 files changed

+17
-4
lines changed

tmpauth/access.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ type accessController struct {
1616
realm string
1717
clientID string
1818
secret []byte
19+
offlineKey string
1920
publicKey *ecdsa.PublicKey
2021
tokenCache map[[32]byte]*CachedToken
2122
tokenCacheMutex *sync.RWMutex

tmpauth/auth.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package tmpauth
22

33
import (
44
"crypto/sha256"
5+
"crypto/subtle"
56
"encoding/json"
67
"fmt"
78
"net/http"
@@ -14,12 +15,17 @@ import (
1415
)
1516

1617
const TmpAuthHost = "auth.tmpim.pw"
18+
const offlineUser = "offline"
1719

1820
func (ac *accessController) authenticateUser(username, password string) error {
1921
ac.janitorOnce.Do(func() {
2022
go ac.janitor()
2123
})
2224

25+
if username == offlineUser && subtle.ConstantTimeCompare([]byte(password), []byte(ac.offlineKey)) == 1 {
26+
return nil
27+
}
28+
2329
token, err := ac.parseWrappedAuthJWT(password)
2430
if err != nil {
2531
return err

tmpauth/config.go

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,11 @@ func newAccessController(options map[string]interface{}) (auth.AccessController,
3535
return nil, fmt.Errorf(`"publickey" must be set for tmpauth access controller`)
3636
}
3737

38+
offlineKey, ok := options["offlinekey"].(string)
39+
if !ok {
40+
return nil, fmt.Errorf(`"offlinekey" must be set for tmpauth access controller`)
41+
}
42+
3843
pubKeyData, err := base64.StdEncoding.DecodeString(publicKey)
3944
if err != nil {
4045
return nil, fmt.Errorf("tmpauth: invalid public_key: %w", err)
@@ -69,10 +74,11 @@ func newAccessController(options map[string]interface{}) (auth.AccessController,
6974
}
7075

7176
return &accessController{
72-
realm: realm,
73-
clientID: claims.Subject,
74-
secret: []byte(claims.Secret),
75-
publicKey: pubKey,
77+
realm: realm,
78+
clientID: claims.Subject,
79+
secret: []byte(claims.Secret),
80+
offlineKey: offlineKey,
81+
publicKey: pubKey,
7682

7783
tokenCache: make(map[[32]byte]*CachedToken),
7884
tokenCacheMutex: new(sync.RWMutex),

0 commit comments

Comments
 (0)