Add Bearer Authentication to REST API

d6d132a9 · Torsten Grote · 98d1ea77 · d6d132a9 · d6d132a9
Commit d6d132a9 authored Sep 19, 2018 by Torsten Grote
2 changed files
--- a/briar-headless/src/main/java/org/briarproject/briar/headless/Main.kt
+++ b/briar-headless/src/main/java/org/briarproject/briar/headless/Main.kt
@@ -17,6 +17,7 @@ import java.lang.System.setProperty
 import java.nio.file.Files.setPosixFilePermissions
 import java.nio.file.attribute.PosixFilePermission
 import java.nio.file.attribute.PosixFilePermission.*
+import java.util.UUID.randomUUID
 import java.util.logging.Level.*
 import java.util.logging.LogManager

@@ -63,14 +64,17 @@ class Main : CliktCommand(
        setProperty(DEFAULT_LOG_LEVEL_KEY, levelSlf4j);
        LogManager.getLogManager().getLogger("").level = level

+        val dataDir = getDataDir()
+        val authToken = getOrCreateAuthToken(dataDir)
+
        val app =
-            DaggerBriarHeadlessApp.builder().headlessModule(HeadlessModule(getDataDir())).build()
+            DaggerBriarHeadlessApp.builder().headlessModule(HeadlessModule(dataDir)).build()
        // We need to load the eager singletons directly after making the
        // dependency graphs
        BrambleCoreModule.initEagerSingletons(app)
        BriarCoreModule.initEagerSingletons(app)

-        app.router().start(port, debug)
+        app.router().start(authToken, port, debug)
    }

    private fun getDataDir(): File {
@@ -87,6 +91,19 @@ class Main : CliktCommand(
        setPosixFilePermissions(file.toPath(), perms);
        return file
    }
+
+    private fun getOrCreateAuthToken(dataDir: File): String {
+        val tokenFile = File(dataDir, "auth_token")
+        return if (tokenFile.isFile) {
+            tokenFile.readText()
+        } else {
+            // TODO use better way of getting random token?
+            val authToken = randomUUID().toString()
+            tokenFile.writeText(authToken)
+            authToken
+        }
+    }
+
 }

 fun main(args: Array<String>) = Main().main(args)
--- a/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt
+++ b/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt
@@ -25,7 +25,7 @@ constructor(
    private val blogController: BlogController
 ) {

-    fun start(port: Int, debug: Boolean) {
+    fun start(authToken: String, port: Int, debug: Boolean) {
        briarService.start()
        getRuntime().addShutdownHook(Thread(Runnable { briarService.stop() }))

@@ -39,6 +39,13 @@ constructor(
        if (debug) app.enableDebugLogging()
        app.start()

+        app.accessManager { handler, ctx, _ ->
+            if (ctx.header("Authorization") == "Bearer $authToken") {
+                handler.handle(ctx)
+            } else {
+                ctx.status(401).result("Unauthorized")
+            }
+        }
        app.routes {
            path("/v1") {
                path("/contacts") {