Carneiro
/
stream_auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use es256 for key

This commit is contained in:
Carneiro 2023-10-05 12:07:31 -03:00
parent afc25ff16b
commit 95daba5c8a
5 changed files with 35 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -5,7 +5,7 @@ teste.py
old old
link.sh link.sh
*.key* *.key*
dbs/* dbs/
# Created by https://www.toptal.com/developers/gitignore/api/python,pycharm+all # Created by https://www.toptal.com/developers/gitignore/api/python,pycharm+all
# Edit at https://www.toptal.com/developers/gitignore?templates=python,pycharm+all # Edit at https://www.toptal.com/developers/gitignore?templates=python,pycharm+all

7
src/stream_auth/keys/generate_keys.sh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
openssl ec -in streamkeyEC256.key -pubout -outform PEM -out streamkeyEC256.key.pub
ssh-keygen -t ecdsa -b 256 -m PEM -f streamkeyEC256.key

21
src/stream_auth/middlewares/jwt.py
View File

@ -11,11 +11,26 @@ def read_key(path):
JWT_PRIV_KEY = read_key(settings.JWT_PRIV_PATH) JWT_PRIV_KEY = read_key(settings.JWT_PRIV_PATH)
JWT_PUB_KEY = read_key(settings.JWT_PUB_PATH) JWT_PUB_KEY = read_key(settings.JWT_PUB_PATH)
STREAM_KEY_PRIV_KEY = read_key(settings.STREAM_KEY_PRIV_PATH)
STREAM_KEY_PUB_KEY = read_key(settings.STREAM_KEY_PRIV_PATH)
def create_stream_key(username: str): def create_stream_key(username: str):
payload = {'username': username} payload = {'username': username}
return jwtlib.encode(payload, JWT_PRIV_KEY, algorithm="RS256") return jwtlib.encode(payload, STREAM_KEY_PRIV_KEY, algorithm="ES256")
def verify_stream_key(stream_key: str):
try:
jwtlib.decode(stream_key, STREAM_KEY_PUB_KEY, algorithms=["ES256"])
except (jwtlib.exceptions.ExpiredSignatureError, jwtlib.InvalidTokenError):
return False
return True
def decode_stream_key(stream_key: str):
return jwtlib.decode(stream_key, STREAM_KEY_PUB_KEY, algorithms=["RS256"])
def create_token(username: str, stream_key: str, exp: int = settings.JWT_EXP_TIME): def create_token(username: str, stream_key: str, exp: int = settings.JWT_EXP_TIME):
@ -24,11 +39,11 @@ def create_token(username: str, stream_key: str, exp: int = settings.JWT_EXP_TIM
return jwtlib.encode(payload, JWT_PRIV_KEY, algorithm="RS256") return jwtlib.encode(payload, JWT_PRIV_KEY, algorithm="RS256")
def verify(token: str): def verify_token(token: str):
# return jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"]) # return jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
try: try:
jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"]) jwtlib.decode(token, JWT_PUB_KEY, algorithms=["RS256"])
except (jwtlib.exceptions.ExpiredSignatureError, jwt.InvalidTokenError): except (jwtlib.exceptions.ExpiredSignatureError, jwtlib.InvalidTokenError):
return False return False
return True return True

9
src/stream_auth/routes/stream.py
View File

@ -22,18 +22,19 @@ def create_stream():
StreamModel(username, title, description) StreamModel(username, title, description)
@stream.route('/publish_check') @stream.route('/publish_check', methods=['POST'])
def publish_check(): def publish_check():
# TODO: check if user created stream # TODO: check if user created stream
# get user # get user
stream_key = request.args.get('stream_key') stream_key = request.form.get('stream_key')
username = request.form.get('name') username = request.form.get('name')
print(username, stream_key)
try: try:
stream_user = user.search_user(username)[0] stream_user = user.search_user(username)[0]
if username != stream_user['username'] or not jwt.verify(stream_key): if username != stream_user['username'] or not jwt.verify_stream_key(stream_key):
raise ValueError('Invalid Token') raise ValueError('Invalid Token')
except (IndexError, ValueError): except (IndexError, ValueError):
@ -46,7 +47,7 @@ def publish_check():
def test(): def test():
stream_key = request.args.get('stream_key') stream_key = request.args.get('stream_key')
if jwt.verify(stream_key): if jwt.verify_token(stream_key):
return Response('OK', 200) return Response('OK', 200)
return Response('Invalid Stream Key', 401) return Response('Invalid Stream Key', 401)

5
src/stream_auth/settings.py
View File

@ -11,10 +11,13 @@ KEY_DIR = os.path.join(APP_DIR, 'keys')
JWT_PRIV_PATH = os.path.join(KEY_DIR, 'jwtRS256.key') JWT_PRIV_PATH = os.path.join(KEY_DIR, 'jwtRS256.key')
JWT_PUB_PATH = os.path.join(KEY_DIR, 'jwtRS256.key.pub') JWT_PUB_PATH = os.path.join(KEY_DIR, 'jwtRS256.key.pub')
STREAM_KEY_PRIV_PATH = os.path.join(KEY_DIR, 'streamkeyEC256.key')
STREAM_KEY_PUB_PATH = os.path.join(KEY_DIR, 'streamkeyEC256.key.pub')
JWT_EXP_TIME = 2592000 JWT_EXP_TIME = 2592000
DBS_PATH = os.path.join(APP_DIR, 'dbs') DBS_PATH = os.path.join(APP_DIR, 'dbs')
os.path.join(DBS_PATH, 'x.json')
USER_DATABASE = os.path.join(DBS_PATH, 'users.json') USER_DATABASE = os.path.join(DBS_PATH, 'users.json')
STREAM_DATABASE = os.path.join(DBS_PATH, 'streams.json') STREAM_DATABASE = os.path.join(DBS_PATH, 'streams.json')
LIVE_STREAM_DATABASE = os.path.join(DBS_PATH, 'live_streams.json') LIVE_STREAM_DATABASE = os.path.join(DBS_PATH, 'live_streams.json')
STREAM_KEY_LENGTH = 32 STREAM_KEY_LENGTH = 32