-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
All RPC requests to the daemon now have attached Client and Auth PASETO tokens. The former is for validating that the RPC connection is who it says it is. The latter is for validating that the user is who they say they are. It is now possible to get an auth token from logging in through `/ws/auth` endpoint. Though there's nothing yet in place to use it. The idea is that websocket connections (and HTTP generally as well) will work this way: 1) auth and get a PASETO token for the player that is auth'd to. 2) subsequent calls to the system -- such as a websocket attach, or a request to retrieve a property or verb, etc.) will attach the auth token in a `X-Moor-Auth-Token` header on each request. TODO: * validate the player inside the Scheduler/Task layer before launching a task (and return E_PERM etc.) * add a websocket connect that uses the authorization header to skip login, and remove the Basic-Auth (which can't work from a browser now anyways) (#30)
- Loading branch information
Showing
16 changed files
with
790 additions
and
223 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.