git-annex/P2P/Auth.hs

67 lines
2 KiB
Haskell
Raw Permalink Normal View History

2016-11-30 18:35:24 +00:00
{- P2P authtokens
2016-11-22 18:37:19 +00:00
-
- Copyright 2016 Joey Hess <id@joeyh.name>
-
- Licensed under the GNU AGPL version 3 or higher.
2016-11-22 18:37:19 +00:00
-}
module P2P.Auth where
2016-11-30 18:35:24 +00:00
import Annex.Common
import Creds
import P2P.Address
2016-11-22 18:37:19 +00:00
import Utility.AuthToken
import Utility.Tor
import Utility.Env
2016-11-22 18:37:19 +00:00
import qualified Data.Text as T
2016-11-30 18:35:24 +00:00
-- | Load authtokens that are accepted by this repository.
loadP2PAuthTokens :: Annex AllowedAuthTokens
loadP2PAuthTokens = allowedAuthTokens <$> loadP2PAuthTokens'
2016-11-22 18:37:19 +00:00
2016-11-30 18:35:24 +00:00
loadP2PAuthTokens' :: Annex [AuthToken]
loadP2PAuthTokens' = mapMaybe toAuthToken
. map T.pack
. lines
. fromMaybe []
<$> readCreds p2pAuthCredsFile
2016-11-22 18:37:19 +00:00
-- | Stores an AuthToken, making it be accepted by this repository.
2016-11-30 18:35:24 +00:00
storeP2PAuthToken :: AuthToken -> Annex ()
storeP2PAuthToken t = do
ts <- loadP2PAuthTokens'
unless (t `elem` ts) $ do
let d = unlines $ map (T.unpack . fromAuthToken) (t:ts)
writeCreds d p2pAuthCredsFile
2016-11-30 18:35:24 +00:00
p2pAuthCredsFile :: FilePath
p2pAuthCredsFile = "p2pauth"
-- | Loads the AuthToken to use when connecting with a given P2P address.
--
-- It's loaded from the first line of the creds file, but
-- GIT_ANNEX_P2P_AUTHTOKEN overrides.
loadP2PRemoteAuthToken :: P2PAddress -> Annex (Maybe AuthToken)
loadP2PRemoteAuthToken addr = maybe Nothing mk <$> getM id
[ liftIO $ getEnv "GIT_ANNEX_P2P_AUTHTOKEN"
, readCreds (addressCredsFile addr)
]
where
mk = toAuthToken . T.pack . takeWhile (/= '\n')
p2pAuthTokenEnv :: String
p2pAuthTokenEnv = "GIT_ANNEX_P2P_AUTHTOKEN"
-- | Stores the AuthToken to use when connecting with a given P2P address.
storeP2PRemoteAuthToken :: P2PAddress -> AuthToken -> Annex ()
storeP2PRemoteAuthToken addr t = writeCreds
(T.unpack $ fromAuthToken t)
(addressCredsFile addr)
addressCredsFile :: P2PAddress -> FilePath
-- We can omit the port and just use the onion address for the creds file,
-- because any given tor hidden service runs on a single port and has a
-- unique onion address.
addressCredsFile (TorAnnex (OnionAddress onionaddr) _port) = onionaddr