Domain-locked web tokens. (#5894)
* Domain-locking web tokens. * JS part. * Fix linting issues.
This commit is contained in:
Tomasz Drwięga
Gav Wood
@@ -16,6 +16,7 @@
|
||||
|
||||
use std::sync::Arc;
|
||||
use std::ops::Deref;
|
||||
use http::Origin;
|
||||
use util::Mutex;
|
||||
use transient_hashmap::TransientHashMap;
|
||||
|
||||
@@ -29,7 +30,7 @@ const TOKEN_LIFETIME_SECS: u32 = 3600;
|
||||
pub struct SignerService {
|
||||
is_enabled: bool,
|
||||
queue: Arc<ConfirmationsQueue>,
|
||||
web_proxy_tokens: Mutex<TransientHashMap<String, ()>>,
|
||||
web_proxy_tokens: Mutex<TransientHashMap<String, Origin>>,
|
||||
generate_new_token: Box<Fn() -> Result<String, String> + Send + Sync + 'static>,
|
||||
}
|
||||
|
||||
@@ -46,16 +47,16 @@ impl SignerService {
|
||||
}
|
||||
|
||||
/// Checks if the token is valid web proxy access token.
|
||||
pub fn is_valid_web_proxy_access_token(&self, token: &String) -> bool {
|
||||
self.web_proxy_tokens.lock().contains_key(&token)
|
||||
pub fn web_proxy_access_token_domain(&self, token: &String) -> Option<Origin> {
|
||||
self.web_proxy_tokens.lock().get(token).cloned()
|
||||
}
|
||||
|
||||
/// Generates a new web proxy access token.
|
||||
pub fn generate_web_proxy_access_token(&self) -> String {
|
||||
pub fn generate_web_proxy_access_token(&self, domain: Origin) -> String {
|
||||
let token = random_string(16);
|
||||
let mut tokens = self.web_proxy_tokens.lock();
|
||||
tokens.prune();
|
||||
tokens.insert(token.clone(), ());
|
||||
tokens.insert(token.clone(), domain);
|
||||
token
|
||||
}
|
||||
|
||||
|
||||
@@ -245,8 +245,8 @@ impl<D: Dispatcher + 'static> Signer for SignerClient<D> {
|
||||
.map_err(|e| errors::token(e))
|
||||
}
|
||||
|
||||
fn generate_web_proxy_token(&self) -> Result<String, Error> {
|
||||
Ok(self.signer.generate_web_proxy_access_token())
|
||||
fn generate_web_proxy_token(&self, domain: String) -> Result<String, Error> {
|
||||
Ok(self.signer.generate_web_proxy_access_token(domain.into()))
|
||||
}
|
||||
|
||||
fn subscribe_pending(&self, _meta: Self::Metadata, sub: Subscriber<Vec<ConfirmationRequest>>) {
|
||||
|
||||
@@ -51,9 +51,9 @@ build_rpc_trait! {
|
||||
#[rpc(name = "signer_generateAuthorizationToken")]
|
||||
fn generate_token(&self) -> Result<String, Error>;
|
||||
|
||||
/// Generates new web proxy access token.
|
||||
/// Generates new web proxy access token for particular domain.
|
||||
#[rpc(name = "signer_generateWebProxyAccessToken")]
|
||||
fn generate_web_proxy_token(&self) -> Result<String, Error>;
|
||||
fn generate_web_proxy_token(&self, String) -> Result<String, Error>;
|
||||
|
||||
#[pubsub(name = "signer_pending")] {
|
||||
/// Subscribe to new pending requests on signer interface.
|
||||
|
||||
Reference in New Issue
Block a user