goldwarden/agent/actions/actions.go

127 lines
3.8 KiB
Go
Raw Normal View History

2023-07-17 04:23:26 +03:00
package actions
import (
2023-07-18 23:08:09 +03:00
"context"
"github.com/quexten/goldwarden/agent/bitwarden"
"github.com/quexten/goldwarden/agent/bitwarden/crypto"
2023-07-17 04:23:26 +03:00
"github.com/quexten/goldwarden/agent/config"
"github.com/quexten/goldwarden/agent/sockets"
2023-09-12 19:56:35 +03:00
"github.com/quexten/goldwarden/agent/systemauth"
2023-07-17 04:23:26 +03:00
"github.com/quexten/goldwarden/agent/vault"
2023-09-20 04:05:44 +03:00
"github.com/quexten/goldwarden/ipc/messages"
2023-07-17 04:23:26 +03:00
)
var AgentActionsRegistry = newActionsRegistry()
2023-09-20 04:05:44 +03:00
type Action func(messages.IPCMessage, *config.Config, *vault.Vault, *sockets.CallingContext) (messages.IPCMessage, error)
2023-07-17 04:23:26 +03:00
type ActionsRegistry struct {
2023-09-20 04:05:44 +03:00
actions map[messages.IPCMessageType]Action
2023-07-17 04:23:26 +03:00
}
func newActionsRegistry() *ActionsRegistry {
return &ActionsRegistry{
2023-09-20 04:05:44 +03:00
actions: make(map[messages.IPCMessageType]Action),
2023-07-17 04:23:26 +03:00
}
}
2023-09-20 04:05:44 +03:00
func (registry *ActionsRegistry) Register(messageType messages.IPCMessageType, action Action) {
2023-07-17 04:23:26 +03:00
registry.actions[messageType] = action
}
2023-09-20 04:05:44 +03:00
func (registry *ActionsRegistry) Get(messageType messages.IPCMessageType) (Action, bool) {
2023-07-17 04:23:26 +03:00
action, ok := registry.actions[messageType]
return action, ok
}
func ensureIsLoggedIn(action Action) Action {
2023-09-20 04:05:44 +03:00
return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
2023-07-17 04:23:26 +03:00
if hash, err := cfg.GetMasterPasswordHash(); err != nil || len(hash) == 0 {
2024-01-19 10:24:26 +03:00
actionsLog.Error("EnsureIsLoggedIn - %s", err.Error())
2023-09-20 04:05:44 +03:00
return messages.IPCMessageFromPayload(messages.ActionResponse{
2023-07-17 04:23:26 +03:00
Success: false,
Message: "Not logged in",
})
}
return action(request, cfg, vault, ctx)
}
}
2023-07-18 23:08:09 +03:00
func sync(ctx context.Context, vault *vault.Vault, cfg *config.Config) bool {
token, err := cfg.GetToken()
if err == nil {
if token.AccessToken != "" {
2024-01-04 23:53:38 +03:00
refreshed := bitwarden.RefreshToken(ctx, cfg)
if !refreshed {
return false
}
2023-07-18 23:08:09 +03:00
userSymmetricKey, err := cfg.GetUserSymmetricKey()
if err != nil {
return false
}
2023-12-22 10:02:23 +03:00
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
if vault.Keyring.IsMemguard {
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmetricKey)
} else {
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmetricKey)
}
if err != nil {
return false
}
2023-07-18 23:08:09 +03:00
err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, cfg, &protectedUserSymetricKey, true)
if err != nil {
return false
}
}
}
return true
}
2023-07-17 04:23:26 +03:00
func ensureIsNotLocked(action Action) Action {
2023-09-20 04:05:44 +03:00
return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
2023-07-17 04:23:26 +03:00
if cfg.IsLocked() {
err := cfg.TryUnlock(vault)
2023-07-18 23:08:09 +03:00
ctx1 := context.Background()
success := sync(ctx1, vault, cfg)
if err != nil || !success {
2024-01-04 23:53:38 +03:00
if err != nil {
return messages.IPCMessageFromPayload(messages.ActionResponse{
Success: false,
Message: err.Error(),
})
} else {
return messages.IPCMessageFromPayload(messages.ActionResponse{
Success: false,
Message: "Could not sync vault",
})
}
2023-07-17 04:23:26 +03:00
}
2023-09-12 19:56:35 +03:00
2023-09-19 22:49:56 +03:00
systemauth.CreatePinSession(*ctx)
2023-07-17 04:23:26 +03:00
}
return action(request, cfg, vault, ctx)
}
}
2023-09-19 22:49:56 +03:00
func ensureBiometricsAuthorized(approvalType systemauth.SessionType, action Action) Action {
2023-09-20 04:05:44 +03:00
return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
2023-09-19 22:49:56 +03:00
if permission, err := systemauth.GetPermission(approvalType, *ctx, cfg); err != nil || !permission {
2023-09-20 04:05:44 +03:00
return messages.IPCMessageFromPayload(messages.ActionResponse{
2023-07-17 04:23:26 +03:00
Success: false,
Message: "Polkit authorization failed required",
})
}
return action(request, cfg, vault, ctx)
}
}
2023-09-19 22:49:56 +03:00
func ensureEverything(approvalType systemauth.SessionType, action Action) Action {
2023-07-17 04:23:26 +03:00
return ensureIsNotLocked(ensureIsLoggedIn(ensureBiometricsAuthorized(approvalType, action)))
}