6#include <userver/server/handlers/auth/auth_checker_base.hpp>
14#include <userver/crypto/hash.hpp>
15#include <userver/rcu/rcu_map.hpp>
16#include <userver/server/handlers/auth/digest/auth_checker_settings.hpp>
17#include <userver/server/handlers/auth/digest/directives_parser.hpp>
18#include <userver/server/http/http_request.hpp>
19#include <userver/server/http/http_response.hpp>
20#include <userver/server/http/http_status.hpp>
21#include <userver/server/request/request_context.hpp>
22#include <userver/storages/secdist/secdist.hpp>
24USERVER_NAMESPACE_BEGIN
26namespace server::handlers::auth::digest {
28using TimePoint = std::chrono::time_point<std::chrono::system_clock>;
29using SecdistConfig = storages::
secdist::SecdistConfig;
30using ServerDigestAuthSecret = utils::NonLoggable<
class DigestSecretKeyTag, std::string>;
39 Hasher(std::string_view algorithm,
const SecdistConfig& secdist_config);
46 std::string
GetHash(std::string_view data)
const;
49 using HashAlgorithm = std::function<std::string(std::string_view, crypto::hash::OutputEncoding)>;
50 HashAlgorithm hash_algorithm_;
51 const SecdistConfig& secdist_config_;
55struct UserData
final {
56 using HA1 = utils::NonLoggable<
class HA1Tag, std::string>;
58 UserData(HA1 ha1, std::string nonce, TimePoint timestamp, std::int64_t nonce_count);
63 std::int64_t nonce_count{};
78 const SecdistConfig& secdist_config
86 ~AuthCheckerBase()
override;
99 virtual std::optional<UserData>
FetchUserData(
const std::string& username)
const = 0;
103 const std::string& username,
104 const std::string& nonce,
105 std::int64_t nonce_count,
106 TimePoint nonce_creation_time
116 enum class ValidateResult { kOk, kWrongUserData, kDuplicateRequest };
117 ValidateResult ValidateUserData(
const ContextFromClient& client_context,
const UserData& user_data)
const;
120 std::string CalculateDigest(
121 const UserData::HA1& ha1_non_loggable,
122 http::HttpMethod request_method,
126 std::string ConstructAuthInfoHeader(
const ContextFromClient& client_context, std::string_view etag)
const;
128 std::string ConstructResponseDirectives(std::string_view nonce,
bool stale)
const;
131 StartNewAuthSession(std::string username, std::string&& nonce,
bool stale,
http::HttpResponse& response)
const;
133 const std::string qops_;
134 const std::string realm_;
135 const std::string domains_;
136 std::string_view algorithm_;
137 const bool is_session_;
138 const bool is_proxy_;
139 const std::chrono::milliseconds nonce_ttl_;
141 const Hasher digest_hasher_;
143 const std::string authenticate_header_;
144 const std::string authorization_header_;
145 const std::string authenticate_info_header_;
146 const http::HttpStatus unauthorized_status_;