From e3086573d2244def22ecbe1e6b4b3da8b47e0f14 Mon Sep 17 00:00:00 2001 From: Stefan Boberg Date: Tue, 2 May 2023 12:31:53 +0200 Subject: move auth code from zenserver into zenhttp (#265) this code should be usable outside of zenserver, so this moves it out into zenhttp where it can be used from lower level components --- src/zenhttp/include/zenhttp/auth/authmgr.h | 56 +++++++++++++++++++ src/zenhttp/include/zenhttp/auth/authservice.h | 25 +++++++++ src/zenhttp/include/zenhttp/auth/oidc.h | 76 ++++++++++++++++++++++++++ 3 files changed, 157 insertions(+) create mode 100644 src/zenhttp/include/zenhttp/auth/authmgr.h create mode 100644 src/zenhttp/include/zenhttp/auth/authservice.h create mode 100644 src/zenhttp/include/zenhttp/auth/oidc.h (limited to 'src/zenhttp/include') diff --git a/src/zenhttp/include/zenhttp/auth/authmgr.h b/src/zenhttp/include/zenhttp/auth/authmgr.h new file mode 100644 index 000000000..054588ab9 --- /dev/null +++ b/src/zenhttp/include/zenhttp/auth/authmgr.h @@ -0,0 +1,56 @@ +// Copyright Epic Games, Inc. All Rights Reserved. + +#pragma once + +#include +#include +#include + +#include +#include +#include + +namespace zen { + +struct AuthConfig +{ + std::filesystem::path RootDirectory; + std::chrono::seconds UpdateInterval{30}; + AesKey256Bit EncryptionKey; + AesIV128Bit EncryptionIV; +}; + +class AuthMgr +{ +public: + virtual ~AuthMgr() = default; + + struct AddOpenIdProviderParams + { + std::string_view Name; + std::string_view Url; + std::string_view ClientId; + }; + + virtual void AddOpenIdProvider(const AddOpenIdProviderParams& Params) = 0; + + struct AddOpenIdTokenParams + { + std::string_view ProviderName; + std::string_view RefreshToken; + }; + + virtual bool AddOpenIdToken(const AddOpenIdTokenParams& Params) = 0; + + struct OpenIdAccessToken + { + std::string AccessToken; + std::chrono::system_clock::time_point ExpireTime{}; + }; + + virtual OpenIdAccessToken GetOpenIdAccessToken(std::string_view ProviderName) = 0; + + static std::unique_ptr Create(const AuthConfig& Config); +}; + +} // namespace zen diff --git a/src/zenhttp/include/zenhttp/auth/authservice.h b/src/zenhttp/include/zenhttp/auth/authservice.h new file mode 100644 index 000000000..64b86e21f --- /dev/null +++ b/src/zenhttp/include/zenhttp/auth/authservice.h @@ -0,0 +1,25 @@ +// Copyright Epic Games, Inc. All Rights Reserved. + +#pragma once + +#include + +namespace zen { + +class AuthMgr; + +class HttpAuthService final : public zen::HttpService +{ +public: + HttpAuthService(AuthMgr& AuthMgr); + virtual ~HttpAuthService(); + + virtual const char* BaseUri() const override; + virtual void HandleRequest(zen::HttpServerRequest& Request) override; + +private: + AuthMgr& m_AuthMgr; + HttpRequestRouter m_Router; +}; + +} // namespace zen diff --git a/src/zenhttp/include/zenhttp/auth/oidc.h b/src/zenhttp/include/zenhttp/auth/oidc.h new file mode 100644 index 000000000..f43ae3cd7 --- /dev/null +++ b/src/zenhttp/include/zenhttp/auth/oidc.h @@ -0,0 +1,76 @@ +// Copyright Epic Games, Inc. All Rights Reserved. + +#pragma once + +#include + +#include + +namespace zen { + +class OidcClient +{ +public: + struct Options + { + std::string_view BaseUrl; + std::string_view ClientId; + }; + + OidcClient(const Options& Options); + ~OidcClient() = default; + + OidcClient(const OidcClient&) = delete; + OidcClient& operator=(const OidcClient&) = delete; + + struct Result + { + std::string Reason; + bool Ok = false; + }; + + using InitResult = Result; + + InitResult Initialize(); + + struct RefreshTokenResult + { + std::string TokenType; + std::string AccessToken; + std::string RefreshToken; + std::string IdentityToken; + std::string Scope; + std::string Reason; + int64_t ExpiresInSeconds{}; + bool Ok = false; + }; + + RefreshTokenResult RefreshToken(std::string_view RefreshToken); + +private: + using StringArray = std::vector; + + struct OpenIdConfiguration + { + std::string Issuer; + std::string AuthorizationEndpoint; + std::string TokenEndpoint; + std::string UserInfoEndpoint; + std::string RegistrationEndpoint; + std::string EndSessionEndpoint; + std::string DeviceAuthorizationEndpoint; + std::string JwksUri; + StringArray SupportedResponseTypes; + StringArray SupportedResponseModes; + StringArray SupportedGrantTypes; + StringArray SupportedScopes; + StringArray SupportedTokenEndpointAuthMethods; + StringArray SupportedClaims; + }; + + std::string m_BaseUrl; + std::string m_ClientId; + OpenIdConfiguration m_Config; +}; + +} // namespace zen -- cgit v1.2.3