6#include <userver/server/handlers/auth/auth_checker_base.hpp>
14#include <userver/crypto/hash.hpp>
15#include <userver/rcu/rcu_map.hpp>
16#include <userver/server/handlers/auth/digest/auth_checker_settings.hpp>
17#include <userver/server/handlers/auth/digest/directives_parser.hpp>
18#include <userver/server/handlers/auth/digest/types.hpp>
19#include <userver/server/http/http_request.hpp>
20#include <userver/server/http/http_response.hpp>
21#include <userver/server/http/http_status.hpp>
22#include <userver/server/request/request_context.hpp>
23#include <userver/storages/secdist/secdist.hpp>
25USERVER_NAMESPACE_BEGIN
27namespace server::handlers::auth::digest {
29using TimePoint = std::chrono::time_point<std::chrono::system_clock>;
30using SecdistConfig = storages::secdist::SecdistConfig;
31using ServerDigestAuthSecret = utils::NonLoggable<
class DigestSecretKeyTag, std::string>;
40 Hasher(std::string_view algorithm,
const SecdistConfig& secdist_config);
47 std::string
GetHash(std::string_view data)
const;
50 std::string
GetHash(std::initializer_list<std::string_view> data)
const;
54 const SecdistConfig& secdist_config_;
58struct UserData
final {
59 using HA1 = utils::NonLoggable<
class HA1Tag, std::string>;
61 UserData(HA1 ha1, std::string nonce, TimePoint timestamp, std::int64_t nonce_count);
66 std::int64_t nonce_count{};
81 const SecdistConfig& secdist_config
89 ~AuthCheckerBase()
override;
102 virtual std::optional<UserData>
FetchUserData(
const std::string& username)
const = 0;
106 const std::string& username,
107 const std::string& nonce,
108 std::int64_t nonce_count,
109 TimePoint nonce_creation_time
119 enum class ValidateResult { kOk, kWrongUserData, kDuplicateRequest };
120 ValidateResult ValidateUserData(
const ContextFromClient& client_context,
const UserData& user_data)
const;
123 std::string CalculateDigest(
124 const UserData::HA1& ha1_non_loggable,
125 http::HttpMethod request_method,
129 std::string ConstructAuthInfoHeader(
const ContextFromClient& client_context, std::string_view etag)
const;
131 std::string ConstructResponseDirectives(std::string_view nonce,
bool stale)
const;
134 StartNewAuthSession(std::string username, std::string&& nonce,
bool stale, http::HttpResponse& response)
const;
136 const std::string qops_;
137 const std::string realm_;
138 const std::string domains_;
139 std::string_view algorithm_;
140 const bool is_session_;
141 const bool is_proxy_;
142 const std::chrono::milliseconds nonce_ttl_;
144 const Hasher digest_hasher_;
146 const std::string authenticate_header_;
147 const std::string authorization_header_;
148 const std::string authenticate_info_header_;
149 const http::HttpStatus unauthorized_status_;