Home Explore Help
Register Sign In
Apq
/
sftpgo
mirror of https://github.com/drakkan/sftpgo.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 04c9a5c008
Branches Tags
sftpgo
/
examples
/
OTP
/
authy
/
keyint
/
main.go

main.go 3.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"bufio"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"fmt"
    7. 

  7. 	"io/ioutil"
    8. 

  8. 	"net/http"
    9. 

  9. 	"os"
    10. 

  10. 	"time"
    11. 

  11. )
    12. 

  12. 

  13. type userMapping struct {
    14. 

  14. 	SFTPGoUsername string
    15. 

  15. 	AuthyID        int64
    16. 

  16. 	AuthyAPIKey    string
    17. 

  17. }
    18. 

  18. 

  19. type keyboardAuthHookResponse struct {
    20. 

  20. 	Instruction string   `json:"instruction,omitempty"`
    21. 

  21. 	Questions   []string `json:"questions,omitempty"`
    22. 

  22. 	Echos       []bool   `json:"echos,omitempty"`
    23. 

  23. 	AuthResult  int      `json:"auth_result"`
    24. 

  24. 	CheckPwd    int      `json:"check_password,omitempty"`
    25. 

  25. }
    26. 

  26. 

  27. var (
    28. 

  28. 	mapping []userMapping
    29. 

  29. )
    30. 

  30. 

  31. func init() {
    32. 

  32. 	// this is for demo only, you probably want to get this mapping dynamically, for example using a database query
    33. 

  33. 	mapping = append(mapping, userMapping{
    34. 

  34. 		SFTPGoUsername: "<SFTPGo username>",
    35. 

  35. 		AuthyID:        1234567,
    36. 

  36. 		AuthyAPIKey:    "<your api key>",
    37. 

  37. 	})
    38. 

  38. }
    39. 

  39. 

  40. func printAuthResponse(result int) {
    41. 

  41. 	resp, _ := json.Marshal(keyboardAuthHookResponse{
    42. 

  42. 		AuthResult: result,
    43. 

  43. 	})
    44. 

  44. 	fmt.Printf("%v\n", string(resp))
    45. 

  45. 	if result == 1 {
    46. 

  46. 		os.Exit(0)
    47. 

  47. 	} else {
    48. 

  48. 		os.Exit(1)
    49. 

  49. 	}
    50. 

  50. }
    51. 

  51. 

  52. func main() {
    53. 

  53. 	// get credentials from env vars
    54. 

  54. 	username := os.Getenv("SFTPGO_AUTHD_USERNAME")
    55. 

  55. 	var userMap userMapping
    56. 

  56. 	for _, m := range mapping {
    57. 

  57. 		if m.SFTPGoUsername == username {
    58. 

  58. 			userMap = m
    59. 

  59. 			break
    60. 

  60. 		}
    61. 

  61. 	}
    62. 

  62. 

  63. 	if userMap.SFTPGoUsername != username {
    64. 

  64. 		// no mapping found
    65. 

  65. 		os.Exit(1)
    66. 

  66. 	}
    67. 

  67. 

  68. 	checkPwdQuestion := keyboardAuthHookResponse{
    69. 

  69. 		Instruction: "This is a sample keyboard authentication program that ask for your password + Authy token",
    70. 

  70. 		Questions:   []string{"Your password: "},
    71. 

  71. 		Echos:       []bool{false},
    72. 

  72. 		CheckPwd:    1,
    73. 

  73. 		AuthResult:  0,
    74. 

  74. 	}
    75. 

  75. 

  76. 	q, _ := json.Marshal(checkPwdQuestion)
    77. 

  77. 	fmt.Printf("%v\n", string(q))
    78. 

  78. 

  79. 	// in a real world app you probably want to use a read timeout
    80. 

  80. 	scanner := bufio.NewScanner(os.Stdin)
    81. 

  81. 	scanner.Scan()
    82. 

  82. 	if scanner.Err() != nil {
    83. 

  83. 		printAuthResponse(-1)
    84. 

  84. 	}
    85. 

  85. 	response := scanner.Text()
    86. 

  86. 	if response != "OK" {
    87. 

  87. 		printAuthResponse(-1)
    88. 

  88. 	}
    89. 

  89. 

  90. 	checkTokenQuestion := keyboardAuthHookResponse{
    91. 

  91. 		Instruction: "",
    92. 

  92. 		Questions:   []string{"Authy token: "},
    93. 

  93. 		Echos:       []bool{false},
    94. 

  94. 		CheckPwd:    0,
    95. 

  95. 		AuthResult:  0,
    96. 

  96. 	}
    97. 

  97. 

  98. 	q, _ = json.Marshal(checkTokenQuestion)
    99. 

  99. 	fmt.Printf("%v\n", string(q))
    100. 

  100. 	scanner.Scan()
    101. 

  101. 	if scanner.Err() != nil {
    102. 

  102. 		printAuthResponse(-1)
    103. 

  103. 	}
    104. 

  104. 	authyToken := scanner.Text()
    105. 

  105. 

  106. 	url := fmt.Sprintf("https://api.authy.com/protected/json/verify/%v/%v", authyToken, userMap.AuthyID)
    107. 

  107. 	req, err := http.NewRequest(http.MethodGet, url, nil)
    108. 

  108. 	if err != nil {
    109. 

  109. 		printAuthResponse(-1)
    110. 

  110. 	}
    111. 

  111. 	req.Header.Set("X-Authy-API-Key", userMap.AuthyAPIKey)
    112. 

  112. 	httpClient := &http.Client{
    113. 

  113. 		Timeout: 10 * time.Second,
    114. 

  114. 	}
    115. 

  115. 	resp, err := httpClient.Do(req)
    116. 

  116. 	if err != nil {
    117. 

  117. 		printAuthResponse(-1)
    118. 

  118. 	}
    119. 

  119. 	defer resp.Body.Close()
    120. 

  120. 	if resp.StatusCode != http.StatusOK {
    121. 

  121. 		// status code 200 is expected
    122. 

  122. 		printAuthResponse(-1)
    123. 

  123. 	}
    124. 

  124. 	var authyResponse map[string]interface{}
    125. 

  125. 	respBody, err := ioutil.ReadAll(resp.Body)
    126. 

  126. 	if err != nil {
    127. 

  127. 		printAuthResponse(-1)
    128. 

  128. 	}
    129. 

  129. 	err = json.Unmarshal(respBody, &authyResponse)
    130. 

  130. 	if err != nil {
    131. 

  131. 		printAuthResponse(-1)
    132. 

  132. 	}
    133. 

  133. 	if authyResponse["success"].(string) == "true" {
    134. 

  134. 		printAuthResponse(1)
    135. 

  135. 	}
    136. 

  136. 	printAuthResponse(-1)
    137. 

  137. }
    138.