Finished authentication
This commit is contained in:
parent
32f3e6fb86
commit
c0639dfa0c
@ -33,14 +33,14 @@ We use sha3 to hash authentication tokens. It is not in the crypto standard libr
|
||||
|
||||
---
|
||||
|
||||
# keybd_event
|
||||
# sendkeys
|
||||
|
||||
|
||||
In order to avoid coding key press simulation for every major platform, we use [keybd_event](https://github.com/micmonay/keybd_event). This is a cross-platform library that uses the OS's native key press simulation.
|
||||
In order to avoid coding key press simulation for every major platform, we use [sendkeys](https://github.com/yunginnanet/sendkeys). This is a cross-platform library that uses the OS's native key press simulation using [keybd_event](https://github.com/micmonay/keybd_event)
|
||||
|
||||
--- keybd_event import string
|
||||
--- sendkeys import string
|
||||
|
||||
"github.com/micmonay/keybd_event"
|
||||
"github.com/EgosOwn/sendkeys"
|
||||
|
||||
---
|
||||
|
||||
|
@ -50,6 +50,7 @@ First, we call
|
||||
--- entrypoint
|
||||
|
||||
func main(){
|
||||
auth.ProvisionToken()
|
||||
server.StartServer()
|
||||
}
|
||||
|
||||
@ -61,6 +62,7 @@ First, we call
|
||||
|
||||
import(
|
||||
"keyboard.voidnet.tech/server"
|
||||
"keyboard.voidnet.tech/auth"
|
||||
)
|
||||
|
||||
|
||||
|
37
Server.md
37
Server.md
@ -36,7 +36,7 @@ if unixSocketPathExists {
|
||||
--- start websocket server
|
||||
|
||||
func clientConnected(w http.ResponseWriter, r *http.Request) {
|
||||
kb, err := keybd_event.NewKeyBonding()
|
||||
keyboard, err := sendkeys.NewKBWrapWithOptions(sendkeys.Noisy)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
@ -47,7 +47,22 @@ func clientConnected(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
defer c.Close()
|
||||
|
||||
// get auth token
|
||||
_, message, err := c.ReadMessage()
|
||||
if err != nil {
|
||||
log.Println("read:", err)
|
||||
return
|
||||
}
|
||||
|
||||
if auth.CheckAuthToken(string(message)) != nil {
|
||||
log.Println("invalid token")
|
||||
return
|
||||
}
|
||||
c.WriteMessage(websocket.TextMessage, []byte("authenticated"))
|
||||
|
||||
|
||||
for {
|
||||
time.Sleep(25 * time.Millisecond)
|
||||
_, message, err := c.ReadMessage()
|
||||
if err != nil {
|
||||
log.Println("read:", err)
|
||||
@ -55,16 +70,11 @@ func clientConnected(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
log.Printf("recv: %s", message)
|
||||
message_string := string(message)
|
||||
for _, char := range message_string {
|
||||
// make sure that the char is a number
|
||||
number, err := strconv.Atoi(string(char))
|
||||
if err == nil {
|
||||
kb.SetKeys(number)
|
||||
}
|
||||
err = keyboard.Type(message_string)
|
||||
if err != nil {
|
||||
log.Println("type:", err)
|
||||
break
|
||||
}
|
||||
// sendkeys
|
||||
//kb.SetKeys(30, 32, 33)
|
||||
go kb.Launching()
|
||||
}
|
||||
}
|
||||
|
||||
@ -80,18 +90,20 @@ func StartServer() {
|
||||
|
||||
|
||||
---
|
||||
```
|
||||
|
||||
|
||||
--- /server/server.go
|
||||
package server
|
||||
|
||||
import(
|
||||
"net"
|
||||
"time"
|
||||
"os"
|
||||
"net/http"
|
||||
"log"
|
||||
"keyboard.voidnet.tech/auth"
|
||||
@{gorilla/websocket import string}
|
||||
@{keybd_event import string}
|
||||
@{sendkeys import string}
|
||||
)
|
||||
|
||||
var listener net.Listener
|
||||
@ -101,3 +113,4 @@ var upgrader = websocket.Upgrader{} // use default options
|
||||
|
||||
@{start websocket server}
|
||||
---
|
||||
```
|
@ -14,6 +14,8 @@ KDF.
|
||||
--- token generation
|
||||
authToken = uuid.New().String() + uuid.New().String()
|
||||
hashedID := sha3.Sum256([]byte(authToken))
|
||||
|
||||
fmt.Println("This is your authentication token, it will only be shown once: " + authToken)
|
||||
---
|
||||
```
|
||||
|
||||
@ -43,9 +45,12 @@ if authTokenFileIsSet == false {
|
||||
|
||||
When a client connects, the [websocket server](Server.md) checks the token they send against the stored token.
|
||||
|
||||
We use a constant time comparison to avoid timing attacks.
|
||||
|
||||
|
||||
``` go
|
||||
--- check token
|
||||
func checkAuthToken(token string) error {
|
||||
--- check token function
|
||||
func CheckAuthToken(token string) error {
|
||||
@{define authentication token file}
|
||||
// compare sha3_256 hash to hash in file
|
||||
hashedToken := sha3.Sum256([]byte(token))
|
||||
@ -60,12 +65,42 @@ func checkAuthToken(token string) error {
|
||||
}
|
||||
---
|
||||
|
||||
--- provision token function
|
||||
func ProvisionToken() (error){
|
||||
@{define authentication token file}
|
||||
|
||||
if _, err := os.Stat(authTokenFile); err == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
@{token generation}
|
||||
|
||||
// create directories if they don't exist
|
||||
os.MkdirAll(filepath.Dir(authTokenFile), 0700)
|
||||
fo, err := os.Create(authTokenFile)
|
||||
defer fo.Close()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fo.Write(hashedID[:])
|
||||
return nil
|
||||
}
|
||||
---
|
||||
|
||||
## Putting it all together
|
||||
|
||||
The following is the structure of the authentication package.
|
||||
|
||||
Both CheckAuthToken and ProvisionToken are exported.
|
||||
The former is used by the server on client connect and the latter is called on startup.
|
||||
|
||||
--- /auth/auth.go
|
||||
package auth
|
||||
|
||||
import(
|
||||
"os"
|
||||
"path/filepath"
|
||||
"fmt"
|
||||
"errors"
|
||||
"crypto/subtle"
|
||||
@{sha3 import string}
|
||||
@ -75,25 +110,9 @@ import(
|
||||
|
||||
var authToken = ""
|
||||
|
||||
func provisionToken() (error){
|
||||
@{define authentication token file}
|
||||
@{provision token function}
|
||||
|
||||
if _, err := os.Stat(authTokenFile); err == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
@{token generation}
|
||||
|
||||
fo, err := os.Create(authTokenFile)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fo.Write(hashedID[:])
|
||||
fo.Close()
|
||||
return nil
|
||||
}
|
||||
|
||||
@{check token}
|
||||
@{check token function}
|
||||
---
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user