25 ordered_unique<tag<login_request_pub_key_index>,
26 member<login_request, chain::public_key_type, &login_request::server_ephemeral_pub_key>>,
27 ordered_non_unique<tag<login_request_time_index>,
28 member<login_request, chain::time_point_sec, &login_request::expiration_time>>
40 for (
auto it = index.begin(); it != index.end() && it->expiration_time < now; it = index.erase(it))
50 (
"max-login-requests", bpo::value<uint32_t>()->default_value(1000000),
51 "The maximum number of pending login requests")
52 (
"max-login-timeout", bpo::value<uint32_t>()->default_value(60),
53 "The maximum timeout for pending login requests (in seconds)");
57 my->max_login_requests = options.at(
"max-login-requests").as<
uint32_t>();
58 my->max_login_timeout = options.at(
"max-login-timeout").as<
uint32_t>();
61#define CALL(call_name, http_response_code) \
63 std::string("/v1/login/" #call_name), [this](string, string body, url_response_callback cb) mutable { \
67 fc::variant result( call_name(fc::json::from_string(body).as<login_plugin::call_name##_params>()) ); \
68 cb(http_response_code, std::move(result)); \
70 http_plugin::handle_exception("login", #call_name, body, cb); \
76 ilog(
"starting login_plugin");
90 my->expire_requests();
92 "Requested expiration time ${expiration_time} is in the past",
93 (
"expiration_time",
params.expiration_time));
94 SYS_ASSERT(my->requests.size() < my->max_login_requests, fc::timeout_exception,
"Too many pending login requests");
97 request.server_ephemeral_pub_key = request.server_ephemeral_priv_key.get_public_key();
98 request.expiration_time =
100 my->requests.insert(request);
101 return {request.server_ephemeral_pub_key};
107 my->expire_requests();
109 auto it = index.find(
params.server_ephemeral_pub_key);
110 if (it == index.end()) {
111 result.error =
"server_ephemeral_pub_key expired or not found";
117 auto shared_secret = request.server_ephemeral_priv_key.generate_shared_secret(
params.client_ephemeral_pub_key);
124 combined_data.resize(sig_data_ds.tellp());
126 result.digest = chain::sha256::hash(combined_data);
127 for (
auto& sig :
params.signatures)
133 chain.get_authorization_manager().check_authorization(
136 result.permission_satisfied =
true;
138 result.error =
"keys do not satisfy permission";
147 return {priv.get_public_key(), priv};
152 return {
params.priv_key.sign(chain::sha256::hash(
params.data))};
157 return {
params.priv_key.generate_shared_secret(
params.pub_key)};
#define SYS_ASSERT(expr, exc_type, FORMAT,...)
abstract_plugin & get_plugin(const string &name) const
static private_key generate_r1()
login_request_container requests
uint32_t max_login_timeout
uint32_t max_login_requests
void plugin_initialize(const variables_map &)
do_not_use_gen_r1_key_results do_not_use_gen_r1_key(const do_not_use_gen_r1_key_params &)
start_login_request_results start_login_request(const start_login_request_params &)
do_not_use_sign_results do_not_use_sign(const do_not_use_sign_params &)
do_not_use_get_secret_results do_not_use_get_secret(const do_not_use_get_secret_params &)
virtual void set_program_options(options_description &, options_description &) override
finalize_login_request_results finalize_login_request(const finalize_login_request_params &)
#define CALL(call_name, http_response_code)
void pack(Stream &s, const std::deque< T > &value)
boost::multi_index_container< login_request, indexed_by< ordered_unique< tag< login_request_pub_key_index >, member< login_request, chain::public_key_type, &login_request::server_ephemeral_pub_key > >, ordered_non_unique< tag< login_request_time_index >, member< login_request, chain::time_point_sec, &login_request::expiration_time > > > > login_request_container
chain::private_key_type server_ephemeral_priv_key
chain::time_point_sec expiration_time
chain::public_key_type server_ephemeral_pub_key
1.12.0