6#include <userver/server/handlers/auth/auth_checker_base.hpp>
14#include <userver/crypto/hash.hpp>
15#include <userver/rcu/rcu_map.hpp>
16#include <userver/server/handlers/auth/digest/auth_checker_settings.hpp>
17#include <userver/server/handlers/auth/digest/directives_parser.hpp>
18#include <userver/server/http/http_request.hpp>
19#include <userver/server/http/http_response.hpp>
20#include <userver/server/http/http_status.hpp>
21#include <userver/server/request/request_context.hpp>
22#include <userver/storages/secdist/secdist.hpp>
24USERVER_NAMESPACE_BEGIN
26namespace server::handlers::
auth::digest {
28using TimePoint = std::chrono::time_point<std::chrono::system_clock>;
30using ServerDigestAuthSecret =
31 utils::NonLoggable<
class DigestSecretKeyTag, std::string>;
40 Hasher(std::string_view algorithm,
const SecdistConfig& secdist_config);
47 std::string
GetHash(std::string_view data)
const;
50 using HashAlgorithm = std::function<std::string(
51 std::string_view, crypto::hash::OutputEncoding)>;
52 HashAlgorithm hash_algorithm_;
53 const SecdistConfig& secdist_config_;
57struct UserData
final {
58 using HA1 = utils::NonLoggable<
class HA1Tag, std::string>;
60 UserData(HA1 ha1, std::string nonce, TimePoint timestamp,
61 std::int64_t nonce_count);
66 std::int64_t nonce_count{};
79 std::string&& realm,
const SecdistConfig& secdist_config);
86 ~AuthCheckerBase()
override;
90 const http::HttpRequest& request,
91 request::RequestContext& request_context)
const final;
101 const std::string& username)
const = 0;
105 const std::string& nonce, std::int64_t nonce_count,
106 TimePoint nonce_creation_time)
const = 0;
116 enum class ValidateResult { kOk, kWrongUserData, kDuplicateRequest };
118 const UserData& user_data)
const;
121 std::string CalculateDigest(
const UserData::HA1& ha1_non_loggable,
126 std::string_view etag)
const;
128 std::string ConstructResponseDirectives(std::string_view nonce,
131 AuthCheckResult StartNewAuthSession(std::string username, std::string&& nonce,
133 http::HttpResponse& response)
const;
135 const std::string qops_;
136 const std::string realm_;
137 const std::string domains_;
138 std::string_view algorithm_;
139 const bool is_session_;
140 const bool is_proxy_;
141 const std::chrono::milliseconds nonce_ttl_;
143 const Hasher digest_hasher_;
145 const std::string authenticate_header_;
146 const std::string authorization_header_;
147 const std::string authenticate_info_header_;