jfinn
/
jitsi_corner4
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1365 Commits
3 Branches
Tree: 531b81cce3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '531b81cce3'
${ noResults }
jitsi_corner4/prosody-plugins/token/util.lib.lua

util.lib.lua 2.1KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. -- Token authentication

  2. -- Copyright (C) 2015 Atlassian

  3. 

  4. local hashes = require "util.hashes";

  5. 

  6. local _M = {};

  7. 

  8. local function calc_hash(password, appId, appSecret)

  9. 	local hash, room, ts = string.match(password, "(%w+)_(%w+)_(%d+)");

  10. 	if hash ~= nil and room ~= nil and ts ~= nil then

  11. 		log("debug", "Hash: '%s' room: '%s', ts: '%s'", hash, room, ts);

  12.                 local toHash = room .. ts .. appId .. appSecret;

  13. 		log("debug", "to be hashed: '%s'", toHash);

  14. 		local hash = hashes.sha256(toHash, true);

  15. 		log("debug", "hash: '%s'", hash);

  16. 		return hash;

  17. 	else

  18. 		log("error", "Invalid password format: '%s'", password);

  19. 		return nil;

  20. 	end

  21. end

  22. 

  23. local function extract_hash(password)

  24. 	local hash, room, ts = string.match(password, "(%w+)_(%w+)_(%d+)");

  25. 	return hash;

  26. end

  27. 

  28. local function extract_ts(password)

  29. 	local hash, room, ts = string.match(password, "(%w+)_(%w+)_(%d+)");

  30. 	return ts;

  31. end

  32. 

  33. local function get_utc_timestamp()

  34.         return os.time(os.date("!*t")) * 1000;

  35. end

  36. 

  37. local function verify_timestamp(ts, tokenLifetime)

  38. 	return get_utc_timestamp() - ts <= tokenLifetime;

  39. end

  40. 

  41. local function verify_password_impl(password, appId, appSecret, tokenLifetime)

  42. 

  43. 	if password == nil then

  44.    		return nil, "password is missing";

  45.         end

  46. 

  47. 	if tokenLifetime == nil then

  48. 		tokenLifetime = 24 * 60 * 60 * 1000;

  49. 	end

  50. 

  51. 	local ts = extract_ts(password);	

  52. 	if ts == nil then

  53. 		return nil, "timestamp not found in the password";

  54. 	end

  55.        	local os_ts = get_utc_timestamp();

  56. 	log("debug", "System TS: '%s' user TS: %s", tostring(os_ts), tostring(ts));

  57. 	local isValid = verify_timestamp(ts, tokenLifetime);

  58. 	if not isValid then

  59. 		return nil, "token expired";

  60. 	end

  61. 

  62. 	local realHash = calc_hash(password, appId, appSecret);

  63. 	local givenhash = extract_hash(password);

  64.         log("debug", "Compare '%s' to '%s'", tostring(realHash), tostring(givenhash));

  65. 	if realHash == givenhash then

  66. 		return true;

  67. 	else

  68. 		return nil, "invalid hash";

  69. 	end

  70. end

  71. 

  72. function _M.verify_password(password, appId, appSecret, tokenLifetime)

  73. 	return verify_password_impl(password, appId, appSecret, tokenLifetime);

  74. end

  75. 

  76. return _M;