First step toward a session-auth plugin.

(See #1, and cburschka/cadence#31)

4 files changed, 86 insertions, 0 deletions

diff --git a/plugins/session/BridgeSession.php b/plugins/session/BridgeSession.php
new file mode 100644
index 0000000..700d545
--- /dev/null
+++ b/plugins/session/BridgeSession.php
@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * Implements EjabberdAuthBridge.
+ */
+class BridgeSession extends EjabberdAuthBridge {
+  function __const($pdo, $config) {
+    $this->db = $pdo;
+    $this->timeout = $config['timeout'];
+    $this->table = mysqli::escape_string($config['mysql'['tablename']);
+    $this->_isuser = $this->db->prepare(sprintf('SELECT COUNT(*) FROM `%s` WHERE `username` = :user AND `created` >= :limit;', $this->table));
+    $this->_auth = $this->db->prepare(sprintf('DELETE COUNT(*) FROM `%s` WHERE `username` = :user AND `secret` = :secret AND `created` >= :limit;', $this->table));
+    $this->_prune = $this->db->prepare(sprintf('DELETE COUNT(*) FROM `%s` WHERE `created` < :limit;', $this->table));
+    $this->_create = $this->db->prepare(sprintf('INSERT INTO `%s` (`username`, `secret`, `created`) VALUES (:user, :secret, :time);', $this->table));
+  }
+
+  function create($entry) {
+    $this->_create->execute([':user' => $entry['user'], ':secret' => $entry['secret'], ':time' => $entry['time']]);
+  }
+
+  function prune() {
+    $this->_prune->execute([':limit' => time() - $this->timeout]);
+  }
+
+  function isuser($username, $server) {
+    $this->prune();
+    return $this->_isuser->execute([':user' => $username, ':limit' => time() - $this->timeout])->fetch()[0] > 0;
+  }
+
+  function auth($username, $server, $password) {
+    $this->prune();
+    return $this->_auth->execute([[':useer' => $username, ':secret' => $password, ':limit' => time() - $this->timeout])->rowCount() > 0;
+  }
+
+  function setpass($username, $server, $password) {
+    return FALSE;
+  }
+
+  function tryregister($username, $server, $password) {
+    return FALSE;
+  }
+
+  function removeuser($username, $server) {
+    return FALSE;
+  }
+}
diff --git a/plugins/session/install.sql b/plugins/session/install.sql
new file mode 100644
index 0000000..074e4a9
--- /dev/null
+++ b/plugins/session/install.sql
@@ -0,0 +1,5 @@
+CREATE TABLE `{TAB}` (
+	username TEXT PRIMARY KEY,
+	secret VARCHAR(40) PRIMARY KEY,
+	created INT INDEX,
+);
diff --git a/plugins/session/session.module b/plugins/session/session.module
new file mode 100644
index 0000000..ed1771c
--- /dev/null
+++ b/plugins/session/session.module
@@ -0,0 +1,10 @@
+<?php
+
+function session_init($config) {
+  $v = $config['mysql'];
+  $options = [PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'];
+  $pdo = new PDO($v['dsn'], $v['username'], $v['password'], $options);
+
+  require_once __DIR__ . '/BridgeSession.php';
+  return new BridgeSession($pdo, $config);
+}
diff --git a/plugins/session/www/rpc.php b/plugins/session/www/rpc.php
new file mode 100644
index 0000000..58f3634
--- /dev/null
+++ b/plugins/session/www/rpc.php
@@ -0,0 +1,25 @@
+<?php
+
+define('ROOT', __DIR__ . '/../../../');
+define('SESS_ROOT' , __DIR__ . '/../');
+
+main();
+
+function main() {
+  require_once ROOT . 'config.php';
+  require_once SESS_ROOT . 'session.module';
+  $bridge = session_init($config['session']);
+  $plugin = $config['session']['plugin'];
+  $plugin_conf = $config['session']['plugins'][$plugin_conf];
+  $plugin_id = $plugin_conf['file'];
+  require_once SESS_ROOT . 'plugins/' . $plugin_id . '/' . $plugin_id . '.module';
+  $function = $plugin_id . '_authenticate';
+  $username = $function($plugin_conf);
+  if ($username) {
+    $entry = ['user' => $username, 'secret' => sha1($_POST['salt'] . time() . mt_rand()), 'time' => time()];
+    $bridge->create($entry);
+    header('Content-type: text/plain; charset=UTF-8');
+    print json_encode($entry);
+  }
+  else header('HTTP/1.1 403 Forbidden');
+}