mirror of
https://github.com/ilyakooo0/urbit.git
synced 2024-12-24 23:44:56 +03:00
jael, eyre: Add a way to reset the web login code
Jael now stores a `step` that is combined with the original salt to produce a new code. A `%step` card is used to increment that value, and effectively resetting the keys. Because the first `step` is zero, the first code is the same as before. Eyre was changed to be notified with `%code-changed` so it can forget old cookies, sessions and discard all the existing channels. A new generator was added |code, that does both querying and resetting the code |code :: shows current code, step and help |code %reset :: changes the code The old +code generator still works correctly.
This commit is contained in:
parent
3ab634a788
commit
df868e2c4f
30
pkg/arvo/gen/hood/code.hoon
Normal file
30
pkg/arvo/gen/hood/code.hoon
Normal file
@ -0,0 +1,30 @@
|
||||
:: Helm: query or reset login code for web
|
||||
::
|
||||
:::: /hoon/code/hood/gen
|
||||
::
|
||||
/? 310
|
||||
::
|
||||
::::
|
||||
::
|
||||
:- %say
|
||||
|= $: [now=@da eny=@uvJ bec=beak]
|
||||
[arg=?(~ [%reset ~]) ~]
|
||||
==
|
||||
=* our p.bec
|
||||
:- %helm-code
|
||||
?~ arg
|
||||
=/ code=tape
|
||||
%+ slag 1
|
||||
%+ scow %p
|
||||
.^(@p %j /(scot %p our)/code/(scot %da now)/(scot %p our))
|
||||
=/ step=tape
|
||||
%+ scow %ud
|
||||
.^(@ud %j /(scot %p our)/step/(scot %da now)/(scot %p our))
|
||||
%- %- slog
|
||||
:~ [%leaf code]
|
||||
[%leaf (weld "current step=" step)]
|
||||
[%leaf "use |code %reset to invalidate this and generate a new code"]
|
||||
==
|
||||
~
|
||||
?> =(%reset -.arg)
|
||||
%reset
|
@ -79,6 +79,13 @@
|
||||
this
|
||||
(emit %pass / %arvo %j %moon u.sed)
|
||||
::
|
||||
++ poke-code
|
||||
|= act=?(~ %reset)
|
||||
=< abet
|
||||
?~ act
|
||||
this
|
||||
(emit %pass / %arvo %j %step ~)
|
||||
::
|
||||
++ poke-mass
|
||||
|= ~ =< abet
|
||||
(emit %pass /heft %arvo %d %flog %heft ~)
|
||||
@ -213,6 +220,7 @@
|
||||
%helm-atom =;(f (f !<(_+<.f vase)) poke-atom)
|
||||
%helm-automass =;(f (f !<(_+<.f vase)) poke-automass)
|
||||
%helm-cancel-automass =;(f (f !<(_+<.f vase)) poke-cancel-automass)
|
||||
%helm-code =;(f (f !<(_+<.f vase)) poke-code)
|
||||
%helm-hi =;(f (f !<(_+<.f vase)) poke-hi)
|
||||
%helm-knob =;(f (f !<(_+<.f vase)) poke-knob)
|
||||
%helm-mass =;(f (f !<(_+<.f vase)) poke-mass)
|
||||
|
@ -1960,6 +1960,31 @@
|
||||
::
|
||||
closed-connections
|
||||
==
|
||||
::
|
||||
?: ?=(%code-changed -.task)
|
||||
~> %slog.[0 leaf+"eyre: code-changed: throwing away old cookies"]
|
||||
=. authentication-state.server-state.ax *authentication-state
|
||||
::
|
||||
=/ event-args [[our eny duct now scry-gate] server-state.ax]
|
||||
=* by-channel by-channel:(per-server-event event-args)
|
||||
=* channel-state channel-state.server-state.ax
|
||||
::
|
||||
=/ channel-ids=(list @t) ~(tap in ~(key by session.channel-state))
|
||||
?: =(~ channel-ids)
|
||||
[~ http-server-gate]
|
||||
::
|
||||
=/ len=tape (scow %ud (lent channel-ids))
|
||||
~> %slog.[0 leaf+"eyre: code-changed: closing {len} channels"]
|
||||
::
|
||||
=| moves=(list (list move))
|
||||
|- ^- [(list move) _http-server-gate]
|
||||
?~ channel-ids
|
||||
[(zing (flop moves)) http-server-gate]
|
||||
:: discard channel state, and cancel any active gall subscriptions
|
||||
::
|
||||
=^ mov server-state.ax (discard-channel:by-channel i.channel-ids |)
|
||||
$(moves [mov moves], channel-ids t.channel-ids)
|
||||
::
|
||||
:: all other commands operate on a per-server-event
|
||||
::
|
||||
=/ event-args [[our eny duct now scry-gate] server-state.ax]
|
||||
|
@ -35,12 +35,19 @@
|
||||
:: manage subscriptions efficiently.
|
||||
::
|
||||
=> |%
|
||||
+$ state :: all vane state
|
||||
$: ver=$0 :: vane version
|
||||
pki=state-pki ::
|
||||
+$ any-state $%(state-0 state-1)
|
||||
::
|
||||
+$ state-0
|
||||
$: %0
|
||||
pki=state-pki-0 ::
|
||||
etn=state-eth-node :: eth connection state
|
||||
== ::
|
||||
+$ state-pki :: urbit metadata
|
||||
+$ state-1
|
||||
$: %1
|
||||
pki=state-pki-1 ::
|
||||
etn=state-eth-node :: eth connection state
|
||||
== ::
|
||||
+$ state-pki-0 :: urbit metadata
|
||||
$: $= own :: vault (vein)
|
||||
$: yen=(set duct) :: trackers
|
||||
sig=(unit oath) :: for a moon
|
||||
@ -59,6 +66,26 @@
|
||||
pos=(map ship point) :: on-chain ship state
|
||||
== ::
|
||||
== ::
|
||||
+$ state-pki-1 :: urbit metadata
|
||||
$: $= own :: vault (vein)
|
||||
$: yen=(set duct) :: trackers
|
||||
sig=(unit oath) :: for a moon
|
||||
tuf=(list turf) :: domains
|
||||
boq=@ud :: boot block
|
||||
nod=purl:eyre :: eth gateway
|
||||
fak=_| :: fake keys
|
||||
lyf=life :: version
|
||||
step=@ud :: login code step
|
||||
jaw=(map life ring) :: private keys
|
||||
== ::
|
||||
$= zim :: public
|
||||
$: yen=(jug duct ship) :: trackers
|
||||
ney=(jug ship duct) :: reverse trackers
|
||||
nel=(set duct) :: trackers of all
|
||||
dns=dnses :: on-chain dns state
|
||||
pos=(map ship point) :: on-chain ship state
|
||||
== ::
|
||||
== ::
|
||||
+$ message :: message to her jael
|
||||
$% [%nuke whos=(set ship)] :: cancel trackers
|
||||
[%public-keys whos=(set ship)] :: view ethereum events
|
||||
@ -80,6 +107,9 @@
|
||||
$: %b :: to %behn
|
||||
$>(%wait task:able:behn) :: set timer
|
||||
== ::
|
||||
$: %e :: to %eyre
|
||||
[%code-changed ~] :: notify code changed
|
||||
== ::
|
||||
$: %g :: to %gall
|
||||
$>(%deal task:able:gall) :: talk to app
|
||||
== ::
|
||||
@ -179,7 +209,7 @@
|
||||
==
|
||||
:: all vane state
|
||||
::
|
||||
state
|
||||
state-1
|
||||
==
|
||||
:: lex: all durable state
|
||||
:: moz: pending actions
|
||||
@ -446,6 +476,14 @@
|
||||
%- curd =< abet
|
||||
(~(new-event su hen our now pki etn) [ship udiff]:tac)
|
||||
::
|
||||
:: rotate web login code
|
||||
::
|
||||
%step
|
||||
%= +>.$
|
||||
step.own.pki +(step.own.pki)
|
||||
moz [[hen %pass / %e %code-changed ~] moz]
|
||||
==
|
||||
::
|
||||
:: watch public keys
|
||||
:: [%public-keys ships=(set ship)]
|
||||
::
|
||||
@ -578,7 +616,7 @@
|
||||
:: :: ++curd:of
|
||||
++ curd :: relative moves
|
||||
|= $: moz/(list move)
|
||||
pki/state-pki
|
||||
pki/state-pki-1
|
||||
etn/state-eth-node
|
||||
==
|
||||
+>(pki pki, etn etn, moz (weld (flop moz) ^moz))
|
||||
@ -599,7 +637,7 @@
|
||||
=| $: hen=duct
|
||||
our=ship
|
||||
now=@da
|
||||
state-pki
|
||||
state-pki-1
|
||||
state-eth-node
|
||||
==
|
||||
:: moz: moves in reverse order
|
||||
@ -955,7 +993,7 @@
|
||||
::
|
||||
:: lex: all durable %jael state
|
||||
::
|
||||
=| lex/state
|
||||
=| lex/state-1
|
||||
|= $: ::
|
||||
:: our: identity
|
||||
:: now: current time
|
||||
@ -991,11 +1029,15 @@
|
||||
|= $: :: old: previous state
|
||||
::
|
||||
:: old/*
|
||||
old/state
|
||||
old/any-state
|
||||
==
|
||||
^+ ..^$
|
||||
:: ..^$
|
||||
..^$(lex old)
|
||||
=/ new=state-1
|
||||
?- -.old
|
||||
%0 old(- %1, |7.own.pki [step=0 |7.own.pki.old])
|
||||
%1 old
|
||||
==
|
||||
..^$(lex new)
|
||||
:: :: ++scry
|
||||
++ scry :: inspect
|
||||
|= $: :: fur: event security
|
||||
@ -1025,6 +1067,14 @@
|
||||
``mass+!>(maz)
|
||||
?+ syd
|
||||
~
|
||||
::
|
||||
%step
|
||||
?. ?=([@ ~] tyl) [~ ~]
|
||||
?. =([%& our] why)
|
||||
[~ ~]
|
||||
=/ who (slaw %p i.tyl)
|
||||
?~ who [~ ~]
|
||||
``[%noun !>(step.own.pki.lex)]
|
||||
::
|
||||
%code
|
||||
?. ?=([@ ~] tyl) [~ ~]
|
||||
@ -1036,7 +1086,8 @@
|
||||
=/ cub (nol:nu:crub:crypto sec)
|
||||
:: XX use pac:ex:cub?
|
||||
::
|
||||
``[%noun !>((end 6 1 (shaf %pass (shax sec:ex:cub))))]
|
||||
=/ sal (add %pass step.own.pki.lex)
|
||||
``[%noun !>((end 6 1 (shaf sal (shax sec:ex:cub))))]
|
||||
::
|
||||
%life
|
||||
?. ?=([@ ~] tyl) [~ ~]
|
||||
|
@ -1268,6 +1268,9 @@
|
||||
:: the first place.
|
||||
::
|
||||
[%disconnect =binding]
|
||||
:: notifies us that web login code changed
|
||||
::
|
||||
[%code-changed ~]
|
||||
==
|
||||
::
|
||||
--
|
||||
@ -1953,6 +1956,7 @@
|
||||
[%turf ~] :: view domains
|
||||
$>(%vega vane-task) :: report upgrade
|
||||
$>(%plea vane-task) :: ames request
|
||||
[%step ~] :: reset web login code
|
||||
== ::
|
||||
::
|
||||
+$ dawn-event
|
||||
|
Loading…
Reference in New Issue
Block a user