1
0
forked from blue/pica
pica/server/server.cpp

167 lines
5.1 KiB
C++
Raw Normal View History

// SPDX-FileCopyrightText: 2023 Yury Gubich <blue@macaw.me>
// SPDX-License-Identifier: GPL-3.0-or-later
2023-11-21 22:19:08 +00:00
#include "server.h"
2023-12-20 22:42:13 +00:00
#include <random>
2023-12-28 20:26:08 +00:00
#include "database/exceptions.h"
2023-12-13 20:33:11 +00:00
#include "handler/info.h"
#include "handler/env.h"
2023-12-14 22:17:28 +00:00
#include "handler/register.h"
2023-12-22 23:25:20 +00:00
#include "handler/login.h"
2023-12-13 20:33:11 +00:00
2023-12-20 22:42:13 +00:00
constexpr const char* pepper = "well, not much of a secret, huh?";
2023-12-29 17:40:00 +00:00
constexpr const char* dbLogin = "pica";
constexpr const char* dbPassword = "pica";
constexpr const char* dbName = "pica";
constexpr const char* dbPath = "/run/mysqld/mysqld.sock";
constexpr uint8_t dbConnectionsCount = 4;
2023-12-28 20:26:08 +00:00
2023-12-23 20:23:38 +00:00
constexpr const char* randomChars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
2023-12-20 22:42:13 +00:00
constexpr uint8_t saltSize = 16;
constexpr uint8_t hashSize = 32;
constexpr uint8_t hashParallel = 1;
constexpr uint8_t hashIterations = 2;
constexpr uint32_t hashMemoryCost = 65536;
2023-12-28 20:26:08 +00:00
constexpr uint8_t currentDbVesion = 1;
2023-11-21 22:19:08 +00:00
Server::Server():
terminating(false),
requestCount(0),
2023-11-23 19:57:32 +00:00
serverName(std::nullopt),
2023-12-07 20:32:43 +00:00
router(),
2023-12-29 17:40:00 +00:00
pool(DB::Pool::create()),
2023-12-23 20:23:38 +00:00
sessions()
2023-11-23 19:57:32 +00:00
{
2023-12-07 20:32:43 +00:00
std::cout << "Startig pica..." << std::endl;
std::cout << "Database type: MySQL" << std::endl;
2023-12-29 17:40:00 +00:00
pool->addInterfaces(
DB::Interface::Type::mysql,
dbConnectionsCount,
dbLogin,
dbPassword,
dbName,
dbPath
);
2023-12-07 20:32:43 +00:00
2023-12-29 17:40:00 +00:00
DB::Resource db = pool->request();
2023-12-11 23:29:55 +00:00
db->migrate(currentDbVesion);
2023-12-08 22:26:16 +00:00
2023-12-13 20:33:11 +00:00
router.addRoute(std::make_unique<Handler::Info>());
router.addRoute(std::make_unique<Handler::Env>());
2023-12-20 22:42:13 +00:00
router.addRoute(std::make_unique<Handler::Register>(this));
2023-12-22 23:25:20 +00:00
router.addRoute(std::make_unique<Handler::Login>(this));
2023-11-23 19:57:32 +00:00
}
2023-11-21 22:19:08 +00:00
Server::~Server() {}
void Server::run(int socketDescriptor) {
while (!terminating) {
std::unique_ptr<Request> request = std::make_unique<Request>();
bool result = request->wait(socketDescriptor);
if (!result) {
std::cerr << "Error accepting a request" << std::endl;
return;
}
handleRequest(std::move(request));
}
}
void Server::handleRequest(std::unique_ptr<Request> request) {
++requestCount;
if (!serverName) {
try {
serverName = request->getServerName();
std::cout << "received server name " << serverName.value() << std::endl;
} catch (...) {
std::cerr << "failed to read server name" << std::endl;
2023-12-22 23:25:20 +00:00
Response& error = request->createResponse(Response::Status::internalError);
2023-12-13 20:33:11 +00:00
error.send();
2023-11-21 22:19:08 +00:00
return;
}
}
2023-12-28 20:26:08 +00:00
request->readPath(serverName.value());
router.route(std::move(request));
2023-11-23 19:57:32 +00:00
}
2023-12-20 22:42:13 +00:00
std::string Server::generateRandomString(std::size_t length) {
std::random_device rd;
std::mt19937 gen(rd());
2023-12-23 20:23:38 +00:00
std::uniform_int_distribution<uint8_t> distribution(0, std::strlen(randomChars) - 1);
2023-12-20 22:42:13 +00:00
std::string result(length, 0);
for (size_t i = 0; i < length; ++i)
result[i] = randomChars[distribution(gen)];
return result;
}
unsigned int Server::registerAccount(const std::string& login, const std::string& password) {
std::size_t encSize = argon2_encodedlen(
hashIterations, hashMemoryCost,
hashParallel, saltSize, hashSize, Argon2_id
);
std::string hash(encSize, 0);
std::string salt = generateRandomString(saltSize);
std::string spiced = password + pepper;
int result = argon2id_hash_encoded(
hashIterations, hashMemoryCost, hashParallel,
spiced.data(), spiced.size(),
salt.data(), saltSize,
hashSize, hash.data(), encSize
);
if (result != ARGON2_OK)
throw std::runtime_error(std::string("Hashing failed: ") + argon2_error_message(result));
2023-12-29 17:40:00 +00:00
DB::Resource db = pool->request();
2023-12-20 22:42:13 +00:00
return db->registerAccount(login, hash);
}
2023-12-22 23:25:20 +00:00
bool Server::validatePassword(const std::string& login, const std::string& password) {
2023-12-29 17:40:00 +00:00
DB::Resource db = pool->request();
2023-12-22 23:25:20 +00:00
std::string hash = db->getAccountHash(login);
std::string spiced = password + pepper;
int result = argon2id_verify(hash.data(), spiced.data(), spiced.size());
switch (result) {
case ARGON2_OK:
return true;
case ARGON2_VERIFY_MISMATCH:
return false;
default:
throw std::runtime_error(std::string("Failed to verify password: ") + argon2_error_message(result));
}
}
2023-12-23 20:23:38 +00:00
Session& Server::openSession(const std::string& login) {
2023-12-28 20:26:08 +00:00
std::string accessToken, renewToken;
unsigned int sessionId = 0;
int counter = 10;
do {
try {
accessToken = generateRandomString(32);
renewToken = generateRandomString(32);
2023-12-29 17:40:00 +00:00
DB::Resource db = pool->request();
2023-12-28 20:26:08 +00:00
sessionId = db->createSession(login, accessToken, renewToken);
break;
2023-12-29 17:40:00 +00:00
} catch (const DB::Duplicate& e) {
2023-12-28 20:26:08 +00:00
std::cout << "Duplicate on creating session, trying again with different tokens";
}
} while (--counter != 0);
if (sessionId == 0)
throw std::runtime_error("Couldn't create session, ran out of attempts");
2023-12-23 20:23:38 +00:00
std::unique_ptr<Session>& session = sessions[accessToken] = std::make_unique<Session>(sessionId, accessToken, renewToken);
return *session.get();
}