mirror of
https://github.com/netbirdio/netbird.git
synced 2026-04-16 07:16:38 +00:00
64 lines
1.4 KiB
Go
64 lines
1.4 KiB
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/netbirdio/netbird/proxy/auth"
|
|
"github.com/netbirdio/netbird/proxy/internal/types"
|
|
"github.com/netbirdio/netbird/shared/management/proto"
|
|
)
|
|
|
|
const pinFormId = "pin"
|
|
|
|
type Pin struct {
|
|
id types.ServiceID
|
|
accountId types.AccountID
|
|
client authenticator
|
|
}
|
|
|
|
func NewPin(client authenticator, id types.ServiceID, accountId types.AccountID) Pin {
|
|
return Pin{
|
|
id: id,
|
|
accountId: accountId,
|
|
client: client,
|
|
}
|
|
}
|
|
|
|
func (Pin) Type() auth.Method {
|
|
return auth.MethodPIN
|
|
}
|
|
|
|
// Authenticate attempts to authenticate the request using a form
|
|
// value passed in the request.
|
|
// If authentication fails, the required HTTP form ID is returned
|
|
// so that it can be injected into a request from the UI so that
|
|
// authentication may be successful.
|
|
func (p Pin) Authenticate(r *http.Request) (string, string, error) {
|
|
pin := r.FormValue(pinFormId)
|
|
|
|
if pin == "" {
|
|
// No PIN submitted; return the form ID so the UI can prompt the user.
|
|
return "", pinFormId, nil
|
|
}
|
|
|
|
res, err := p.client.Authenticate(r.Context(), &proto.AuthenticateRequest{
|
|
Id: string(p.id),
|
|
AccountId: string(p.accountId),
|
|
Request: &proto.AuthenticateRequest_Pin{
|
|
Pin: &proto.PinRequest{
|
|
Pin: pin,
|
|
},
|
|
},
|
|
})
|
|
if err != nil {
|
|
return "", "", fmt.Errorf("authenticate pin: %w", err)
|
|
}
|
|
|
|
if res.GetSuccess() {
|
|
return res.GetSessionToken(), "", nil
|
|
}
|
|
|
|
return "", pinFormId, nil
|
|
}
|