Minecon724/mstats
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages 2 Wiki Activity Actions

feat: Secure admin

Browse source
This commit is contained in:
Minecon724 2025-02-16 16:25:05 +01:00
parent ea1ab1599f
commit c0866160e9
Signed by: Minecon724
GPG key ID: 3CCC4D267742C8E8
1 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/main/java/eu/m724/mstats/auth/MyHttpAuthenticationMechanism.java
View file

@ -1,6 +1,7 @@
package eu.m724.mstats.auth; package eu.m724.mstats.auth;
import eu.m724.mstats.orm.Server; import eu.m724.mstats.orm.Server;
import io.quarkus.logging.Log;
import io.quarkus.security.identity.IdentityProviderManager; import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusPrincipal; import io.quarkus.security.runtime.QuarkusPrincipal;
@ -14,7 +15,11 @@ import jakarta.annotation.Priority;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.inject.Alternative; import jakarta.enterprise.inject.Alternative;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import org.eclipse.microprofile.config.ConfigProvider;
import java.util.Base64;
import java.util.Optional;
import java.util.concurrent.ThreadLocalRandom;
import java.util.function.Supplier; import java.util.function.Supplier;
@Alternative @Alternative
@ -24,13 +29,30 @@ public class MyHttpAuthenticationMechanism implements HttpAuthenticationMechanis
@Inject @Inject
AuthService authService; AuthService authService;
private final String adminToken;
public MyHttpAuthenticationMechanism() {
Optional<String> configuredToken = ConfigProvider.getConfig().getOptionalValue("database.name", String.class);
if (configuredToken.isEmpty()) {
byte[] bytes = new byte[32];
ThreadLocalRandom.current().nextBytes(bytes);
this.adminToken = Base64.getEncoder().encodeToString(bytes);
} else {
this.adminToken = configuredToken.get();
}
Log.infof("Admin token: %s", this.adminToken);
}
@Override @Override
public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) { public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
return Uni.createFrom().item((Supplier<SecurityIdentity>) () -> { return Uni.createFrom().item((Supplier<SecurityIdentity>) () -> {
String serverTokenEncoded = context.request().getHeader("X-Server-Token"); String serverTokenEncoded = context.request().getHeader("X-Server-Token");
if (serverTokenEncoded != null) { if (serverTokenEncoded != null) {
if (serverTokenEncoded.equals("secure admni token")) { if (serverTokenEncoded.equals(this.adminToken)) {
return QuarkusSecurityIdentity.builder() return QuarkusSecurityIdentity.builder()
.setPrincipal(new QuarkusPrincipal("Administrator")) .setPrincipal(new QuarkusPrincipal("Administrator"))
.addRole("admin") .addRole("admin")