mirror of
https://github.com/scottlamb/moonfire-nvr.git
synced 2024-12-26 23:25:55 -05:00
small adjustments to auth schema
Nothing uses the user and user_session tables yet; I'm trying to anticipate what auth will need before freezing schema version 3.
This commit is contained in:
parent
b0071515e0
commit
9982c0b080
@ -322,7 +322,7 @@ create table user (
|
||||
|
||||
-- Updated lazily on database flush; reset when password_id is incremented.
|
||||
-- This could be used to automatically disable the password on hitting a threshold.
|
||||
password_failure_count integer not null,
|
||||
password_failure_count integer not null default 0,
|
||||
|
||||
-- If set, a Unix UID that is accepted for authentication when using HTTP over
|
||||
-- a Unix domain socket. (Additionally, the UID running Moonfire NVR can authenticate
|
||||
@ -332,20 +332,35 @@ create table user (
|
||||
);
|
||||
|
||||
-- A single session, whether for browser or robot use.
|
||||
-- These map at the HTTP layer to two cookies (exact format described
|
||||
-- elsewhere):
|
||||
--
|
||||
-- * "s" holds the session id and an encrypted sequence number for replay
|
||||
-- protection. To decrease chance of leaks, it's normally marked as
|
||||
-- HttpOnly, preventing client-side Javascript from accessing it.
|
||||
--
|
||||
-- * "sc" holds state needed by client Javascript, such as a CSRF token (which
|
||||
-- should be copied into POST request bodies) and username (which should be
|
||||
-- presented in the UI). It should never be marked HttpOnly.
|
||||
create table user_session (
|
||||
-- The session id is a 48-byte blob (which is base64 encoded to 64 bytes in the HTTP cookie).
|
||||
-- This is the unencoded SHA3-256 of the unencoded session id. Much like `password_hash`,
|
||||
-- a hash is used here so that a leaked database backup can't be trivially used to steal
|
||||
-- credentials. The hash is unsalted; unlike passwords designed for humans to
|
||||
-- remember, the session id is assumed to itself have sufficient entropy.
|
||||
-- The session id is a 20-byte blob. This is the unencoded, unsalted Blake2b-160
|
||||
-- (also 20 bytes) of the unencoded session id. Much like `password_hash`, a
|
||||
-- hash is used here so that a leaked database backup can't be trivially used
|
||||
-- to steal credentials.
|
||||
session_id_hash blob primary key not null,
|
||||
|
||||
user_id integer references user (id) not null,
|
||||
|
||||
-- A bitwise mask of flags, currently all properties of the HTTP cookie used to hold the session:
|
||||
-- 1: HttpOnly
|
||||
-- 2: Secure
|
||||
-- 4: SameSite (lax)
|
||||
-- A TBD-byte random number. Used to derive keys for the replay protection
|
||||
-- and CSRF tokens.
|
||||
seed blob not null,
|
||||
|
||||
-- A bitwise mask of flags, currently all properties of the HTTP cookies
|
||||
-- used to hold the session:
|
||||
-- 1: HttpOnly ("s" cookie only)
|
||||
-- 2: Secure (both cookies)
|
||||
-- 4: SameSite=Lax (both cookies)
|
||||
-- 8: SameSite=Strict ("s" cookie only) - 4 must also be set.
|
||||
flags integer not null,
|
||||
|
||||
-- The domain of the HTTP cookie used to store this session. The outbound
|
||||
@ -359,8 +374,8 @@ create table user_session (
|
||||
|
||||
creation_password_id integer, -- the id it was created from, if created via password
|
||||
creation_time_sec integer not null, -- sec since epoch
|
||||
creation_peer_addr blob, -- IPv4 or IPv6 address, or null for Unix socket.
|
||||
creation_user_agent text, -- User-Agent header from inbound HTTP request.
|
||||
creation_peer_addr blob, -- IPv4 or IPv6 address, or null for Unix socket.
|
||||
|
||||
revocation_time_sec integer, -- sec since epoch
|
||||
revocation_user_agent text, -- User-Agent header from inbound HTTP request.
|
||||
@ -383,7 +398,7 @@ create table user_session (
|
||||
last_use_time_sec integer, -- sec since epoch
|
||||
last_use_user_agent text, -- User-Agent header from inbound HTTP request.
|
||||
last_use_peer_addr blob, -- IPv4 or IPv6 address, or null for Unix socket.
|
||||
use_count not null
|
||||
use_count not null default 0
|
||||
) without rowid;
|
||||
|
||||
create index user_session_uid on user_session (user_id);
|
||||
|
@ -73,19 +73,20 @@ pub fn run(args: &super::Args, tx: &rusqlite::Transaction) -> Result<(), Error>
|
||||
flags integer not null,
|
||||
password_hash text,
|
||||
password_id integer not null default 0,
|
||||
password_failure_count integer not null,
|
||||
password_failure_count integer not null default 0,
|
||||
unix_uid integer
|
||||
);
|
||||
create table user_session (
|
||||
session_id_hash blob primary key not null,
|
||||
user_id integer references user (id) not null,
|
||||
seed blob not null,
|
||||
flags integer not null,
|
||||
domain text,
|
||||
description text,
|
||||
creation_password_id integer,
|
||||
creation_peer_addr blob,
|
||||
creation_time_sec integer not null,
|
||||
creation_user_agent text,
|
||||
creation_peer_addr blob,
|
||||
revocation_time_sec integer,
|
||||
revocation_user_agent text,
|
||||
revocation_peer_addr blob,
|
||||
@ -94,7 +95,7 @@ pub fn run(args: &super::Args, tx: &rusqlite::Transaction) -> Result<(), Error>
|
||||
last_use_time_sec integer,
|
||||
last_use_user_agent text,
|
||||
last_use_peer_addr blob,
|
||||
use_count not null
|
||||
use_count not null default 0
|
||||
) without rowid;
|
||||
"#)?;
|
||||
let db_uuid = ::uuid::Uuid::new_v4();
|
||||
|
Loading…
Reference in New Issue
Block a user