thijn/SqMod
1
0
Fork 0
mirror of https://github.com/VCMP-SqMod/SqMod.git synced 2025-07-03 23:47:12 +02:00
Code Releases Activity

Major plugin refactor and cleanup.

Browse Source 
Switched to POCO library for unified platform/library interface.
Deprecated the external module API. It was creating more problems than solving.
Removed most built-in libraries in favor of system libraries for easier maintenance.
Cleaned and secured code with help from static analyzers.
This commit is contained in:
Sandu Liviu Catalin
2021-01-30 08:51:39 +02:00
parent e0e34b4030
commit 4a6bfc086c
6219 changed files with 1209835 additions and 454916 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
vendor/POCO/JWT/include/Poco/JWT/JWT.h vendored Normal file
View File

@ -0,0 +1,62 @@
//
// JWT.h
//
// Library: JWT
// Package: JWT
// Module: JWT
//
// Basic definitions for the Poco JWT library.
// This file must be the first file included by every other JWT
// header file.
//
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef JWT_JWT_INCLUDED
#define JWT_JWT_INCLUDED
#include "Poco/Foundation.h"
//
// The following block is the standard way of creating macros which make exporting
// from a DLL simpler. All files within this DLL are compiled with the JWT_EXPORTS
// symbol defined on the command line. this symbol should not be defined on any project
// that uses this DLL. This way any other project whose source files include this file see
// JWT_API functions as being imported from a DLL, whereas this DLL sees symbols
// defined with this macro as being exported.
//
#if defined(_WIN32) && defined(POCO_DLL)
#if defined(JWT_EXPORTS)
#define JWT_API __declspec(dllexport)
#else
#define JWT_API __declspec(dllimport)
#endif
#endif
#if !defined(JWT_API)
#if !defined(POCO_NO_GCC_API_ATTRIBUTE) && defined (__GNUC__) && (__GNUC__ >= 4)
#define JWT_API __attribute__ ((visibility ("default")))
#else
#define JWT_API
#endif
#endif
//
// Automatically link JWT library.
//
#if defined(_MSC_VER)
#if !defined(POCO_NO_AUTOMATIC_LIBS) && !defined(JWT_EXPORTS)
#pragma comment(lib, "PocoJWT" POCO_LIB_SUFFIX)
#endif
#endif
#endif // JWT_JWT_INCLUDED

41
vendor/POCO/JWT/include/Poco/JWT/JWTException.h vendored Normal file
View File

@ -0,0 +1,41 @@
//
// JWTException.h
//
// Library: JWT
// Package: JWT
// Module: JWTException
//
// Definition of the JWTException class.
//
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef JWT_JWTException_INCLUDED
#define JWT_JWTException_INCLUDED
#include "Poco/JWT/JWT.h"
#include "Poco/Exception.h"
namespace Poco {
namespace JWT {
POCO_DECLARE_EXCEPTION(JWT_API, JWTException, Poco::Exception)
POCO_DECLARE_EXCEPTION(JWT_API, ParseException, JWTException)
POCO_DECLARE_EXCEPTION(JWT_API, UnsupportedAlgorithmException, JWTException)
POCO_DECLARE_EXCEPTION(JWT_API, UnallowedAlgorithmException, JWTException)
POCO_DECLARE_EXCEPTION(JWT_API, SignatureException, JWTException)
POCO_DECLARE_EXCEPTION(JWT_API, SignatureVerificationException, SignatureException)
POCO_DECLARE_EXCEPTION(JWT_API, SignatureGenerationException, SignatureException)
} } // namespace Poco::JWT
#endif // JWT_JWTException_INCLUDED

53
vendor/POCO/JWT/include/Poco/JWT/Serializer.h vendored Normal file
View File

@ -0,0 +1,53 @@
//
// Serializer.h
//
// Library: JWT
// Package: JWT
// Module: Serializer
//
// Definition of the Serializer class.
//
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef JWT_Serializer_INCLUDED
#define JWT_Serializer_INCLUDED
#include "Poco/JWT/JWT.h"
#include "Poco/JSON/Object.h"
namespace Poco {
namespace JWT {
class JWT_API Serializer
/// A helper class for serializing and deserializing JWTs.
{
public:
static std::string serialize(const Poco::JSON::Object& object);
/// Serializes and base64-encodes a JSON object.
static void serialize(const Poco::JSON::Object& object, std::ostream& stream);
/// Serializes and base64-encodes a JSON object.
static Poco::JSON::Object::Ptr deserialize(const std::string& serialized);
/// Attempts to deserialize a base64-encoded serialized JSON object.
static Poco::JSON::Object::Ptr deserialize(std::istream& stream);
/// Attempts to deserialize a base64-encoded serialized JSON object.
static std::vector<std::string> split(const std::string& token);
/// Splits a serialized JWT into its components.
};
} } // namespace Poco::JWT
#endif // JWT_Serializer_INCLUDED

196
vendor/POCO/JWT/include/Poco/JWT/Signer.h vendored Normal file
View File

@ -0,0 +1,196 @@
//
// Signer.h
//
// Library: JWT
// Package: JWT
// Module: Signer
//
// Definition of the Signer class.
//
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef JWT_Signer_INCLUDED
#define JWT_Signer_INCLUDED
#include "Poco/JWT/JWT.h"
#include "Poco/JWT/Token.h"
#include "Poco/Crypto/RSAKey.h"
#include "Poco/Crypto/ECKey.h"
#include "Poco/DigestEngine.h"
#include <set>
namespace Poco {
namespace JWT {
class JWT_API Signer
/// This class signs and verifies the signature of JSON Web Tokens.
///
/// The following signing algorithms are supported:
/// - HS256 (HMAC using SHA256)
/// - HS384 (HMAC using SHA384)
/// - HS512 (HMAC using SHA512)
/// - RS256 (RSA SSA PKCS1 v1.5 using SHA256)
/// - RS384 (RSA SSA PKCS1 v1.5 using SHA384)
/// - RS512 (RSA SSA PKCS1 v1.5 using SHA512)
/// - ES256 (ECDSA using P-256 and SHA-256)
/// - ES384 (ECDSA using P-256 and SHA-384)
/// - ES512 (ECDSA using P-256 and SHA-512)
{
public:
Signer();
/// Creates a Signer.
///
/// For signing and verification, a key must be set using the
/// setHMACKey(), setRSAKey() or setECKey() methods.
///
/// Sets HS256 as the only allowed algorithm.
/// Call setAlgorithms() or addAlgorithm() to allow additional
/// algorithms for verification.
explicit Signer(const std::string& hmacKey);
/// Creates the Signer using the given secret/key for HMAC-based signing and verification.
///
/// Sets HS256 as the only allowed algorithm.
/// Call setAlgorithms() or addAlgorithm() to allow additional
/// algorithms for verification.
explicit Signer(const Poco::SharedPtr<Poco::Crypto::RSAKey>& pRSAKey);
/// Creates the Signer using the given secret/key for RSA-based signing and verification.
///
/// Sets HS256 as the only allowed algorithm.
/// Call setAlgorithms() or addAlgorithm() to allow additional
/// algorithms for verification.
explicit Signer(const Poco::SharedPtr<Poco::Crypto::ECKey>& pECKey);
/// Creates the Signer using the given secret/key for EC-based signing and verification.
///
/// Sets HS256 as the only allowed algorithm.
/// Call setAlgorithms() or addAlgorithm() to allow additional
/// algorithms for verification.
~Signer();
/// Destroys the Signer.
Signer& setAlgorithms(const std::set<std::string>& algorithms);
/// Sets the allowed algorithms for signing.
///
/// When verifying JWTs, the algorithm used for signing
/// must be one of the allowed algorithms.
const std::set<std::string>& getAlgorithms() const;
/// Returns the allowed algorithms for signing.
Signer& addAlgorithm(const std::string& algorithm);
/// Adds an algorithm to the set of allowed algorithms.
Signer& addAllAlgorithms();
/// Adds all supported algorithm to the set of allowed algorithms.
Signer& setHMACKey(const std::string& key);
/// Sets the key used for HMAC-based signing and verification.
const std::string getHMACKey() const;
/// Returns the key used for HMAC-based signing and verification.
Signer& setRSAKey(const Poco::SharedPtr<Poco::Crypto::RSAKey>& pKey);
/// Sets the key used for RSA-based signing and verification.
Poco::SharedPtr<Poco::Crypto::RSAKey> getRSAKey() const;
/// Returns the key used for RSA-based signing and verification.
Signer& setECKey(const Poco::SharedPtr<Poco::Crypto::ECKey>& pKey);
/// Sets the key used for EC-based signing and verification.
Poco::SharedPtr<Poco::Crypto::ECKey> getECKey() const;
/// Returns the key used for EC-based signing and verification.
std::string sign(Token& token, const std::string& algorithm) const;
/// Signs the given token using the given algorithm.
///
/// An appropriate key must have been provided prior to calling sign().
///
/// Returns the serialized JWT including the signature.
Token verify(const std::string& jwt) const;
/// Verifies the given serialized JSON Web Token.
///
/// An appropriate key must have been provided prior to calling verify().
///
/// If successful, returns a Token object.
/// If not successful, throws a SignatureVerificationException.
bool tryVerify(const std::string& jwt, Token& token) const;
/// Verifies the given serialized JSON Web Token and stores
/// it in the given Token object.
///
/// An appropriate key must have been provided prior to calling verify().
///
/// If successful, returns true, otherwise false.
static const std::string ALGO_NONE;
static const std::string ALGO_HS256;
static const std::string ALGO_HS384;
static const std::string ALGO_HS512;
static const std::string ALGO_RS256;
static const std::string ALGO_RS384;
static const std::string ALGO_RS512;
static const std::string ALGO_ES256;
static const std::string ALGO_ES384;
static const std::string ALGO_ES512;
protected:
static std::string encode(const Poco::DigestEngine::Digest& digest);
static Poco::DigestEngine::Digest decode(const std::string& signature);
private:
Signer(const Signer&);
Signer& operator = (const Signer&);
std::set<std::string> _algorithms;
std::string _hmacKey;
Poco::SharedPtr<Poco::Crypto::RSAKey> _pRSAKey;
Poco::SharedPtr<Poco::Crypto::ECKey> _pECKey;
};
//
// inlines
//
inline const std::set<std::string>& Signer::getAlgorithms() const
{
return _algorithms;
}
inline const std::string Signer::getHMACKey() const
{
return _hmacKey;
}
inline Poco::SharedPtr<Poco::Crypto::RSAKey> Signer::getRSAKey() const
{
return _pRSAKey;
}
inline Poco::SharedPtr<Poco::Crypto::ECKey> Signer::getECKey() const
{
return _pECKey;
}
} } // namespace Poco::JWT
#endif // JWT_Signer_INCLUDED

342
vendor/POCO/JWT/include/Poco/JWT/Token.h vendored Normal file
View File

@ -0,0 +1,342 @@
//
// Token.h
//
// Library: JWT
// Package: JWT
// Module: Token
//
// Definition of the Token class.
//
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef JWT_Token_INCLUDED
#define JWT_Token_INCLUDED
#include "Poco/JWT/JWT.h"
#include "Poco/JSON/Object.h"
#include "Poco/Timestamp.h"
namespace Poco {
namespace JWT {
class JWT_API Token
/// This class represents a JSON Web Token (JWT) according to RFC 7519.
///
/// To create and sign a JWT (using the Signer class):
///
/// Token token;
/// token.setType("JWT");
/// token.setSubject("1234567890");
/// token.payload().set("name", std::string("John Doe"));
/// token.setIssuedAt(Poco::Timestamp()));
///
/// Signer signer("0123456789ABCDEF0123456789ABCDEF");
/// std::string jwt = signer.sign(token, Signer::ALGO_HS256);
///
/// To verify a signed token:
///
/// std::string jwt(
/// "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
/// "eyJpYXQiOjE1MTYyMzkwMjIsIm5hbWUiOiJKb2huIERvZSIsInN1YiI6IjEyMzQ1Njc4OTAifQ."
/// "qn9G7NwFEOjIh-7hfCUDZA1aJeQmf7I7YvzCBcdenGw");
///
/// Signer signer("0123456789ABCDEF0123456789ABCDEF");
/// Token token = signer.verify(jwt);
{
public:
Token();
/// Creates an empty JSON Web Token.
explicit Token(const std::string& token);
/// Creates a JSON Web Token from its serialized string representation.
Token(const Token& token);
/// Creates a JSON Web Token by copying another one.
Token(Token&& token) noexcept;
/// Creates a JSON Web Token by moving another one.
~Token();
/// Destroys the Token.
Token& operator = (const Token& token);
/// Assignment operator.
Token& operator = (Token&& token) noexcept;
/// Move assignment operator.
Token& operator = (const std::string& token);
/// Parses and assigns serialized JWT.
std::string toString() const;
/// Returns the serialized string representation of the JSON Web Token.
const Poco::JSON::Object& header() const;
/// Returns the header JSON object.
Poco::JSON::Object& header();
/// Returns the header JSON object.
const Poco::JSON::Object& payload() const;
/// Returns the payload JSON object.
Poco::JSON::Object& payload();
/// Returns the payload JSON object.
const std::string& signature() const;
/// Returns the signature string.
void setIssuer(const std::string& issuer);
/// Sets the issuer ("iss" claim in payload).
std::string getIssuer() const;
/// Returns the issuer, or an empty string if no issuer has been specified.
void setSubject(const std::string& subject);
/// Sets the subject ("sub" claim in paylod).
std::string getSubject() const;
/// Returns the subject, or an empty string if no issuer has been specified.
void setAudience(const std::string& audience);
/// Sets the audience ("aud" claim in payload) to a single value.
void setAudience(const std::vector<std::string>& audience);
/// Sets the audience ("aud" claim in payload).
std::vector<std::string> getAudience() const;
/// Returns the audience.
void setExpiration(const Poco::Timestamp& expiration);
/// Sets the expiration ("exp" claim in payload).
Poco::Timestamp getExpiration() const;
/// Returns the expiration, or a zero Poco::Timestamp if no expiration has been specified.
void setNotBefore(const Poco::Timestamp& notBefore);
/// Sets the not-before time ("nbf" claim in payload).
Poco::Timestamp getNotBefore() const;
/// Returns the not-before time, or a zero Poco::Timestamp if no not-before time has been specified.
void setIssuedAt(const Poco::Timestamp& issuedAt);
/// Sets the issued-at time ("iat" claim in payload).
Poco::Timestamp getIssuedAt() const;
/// Returns the issued-at time, or a zero Poco::Timestamp if no issued-at time has been specified.
void setId(const std::string& id);
/// Sets the JWT ID ("jti" claim in payload).
std::string getId() const;
/// Returns the JWT ID, or an empty string if no JWT ID has been specified.
void setType(const std::string& type);
/// Sets the JWT type ("typ" claim in payload).
std::string getType() const;
/// Returns the JWT type or an empty string if no type has been specified.
void setAlgorithm(const std::string& algorithm);
/// Sets the JWT signature algorithm ("alg" claim in header).
std::string getAlgorithm() const;
/// Returns the JWT signature algorithm, or an empty string if no algorithm has been specified.
void setContentType(const std::string& contentType);
/// Sets the JWT content type ("cty" claim in header").
std::string getContentType() const;
/// Returns the JWT content type, or an empty string if no content type has been specified.
static const std::string CLAIM_ISSUER;
static const std::string CLAIM_SUBJECT;
static const std::string CLAIM_AUDIENCE;
static const std::string CLAIM_EXPIRATION;
static const std::string CLAIM_NOT_BEFORE;
static const std::string CLAIM_ISSUED_AT;
static const std::string CLAIM_JWT_ID;
static const std::string CLAIM_TYPE;
static const std::string CLAIM_ALGORITHM;
static const std::string CLAIM_CONTENT_TYPE;
protected:
Token(const std::string& header, const std::string& payload, const std::string& signature);
void sign(const std::string& signature);
void setTimestamp(const std::string& claim, const Poco::Timestamp& ts);
Poco::Timestamp getTimestamp(const std::string& claim) const;
void assign(const std::string& header, const std::string& payload, const std::string& signature);
private:
Poco::JSON::Object::Ptr _pHeader;
Poco::JSON::Object::Ptr _pPayload;
std::string _signature;
static const std::string EMPTY;
friend class Signer;
};
//
// inlines
//
inline const Poco::JSON::Object& Token::header() const
{
return *_pHeader;
}
inline Poco::JSON::Object& Token::header()
{
return *_pHeader;
}
inline const Poco::JSON::Object& Token::payload() const
{
return *_pPayload;
}
inline Poco::JSON::Object& Token::payload()
{
return *_pPayload;
}
inline const std::string& Token::signature() const
{
return _signature;
}
inline void Token::setIssuer(const std::string& issuer)
{
_pPayload->set(CLAIM_ISSUER, issuer);
}
inline std::string Token::getIssuer() const
{
return _pPayload->optValue(CLAIM_ISSUER, EMPTY);
}
inline void Token::setSubject(const std::string& subject)
{
_pPayload->set(CLAIM_SUBJECT, subject);
}
inline std::string Token::getSubject() const
{
return _pPayload->optValue(CLAIM_SUBJECT, EMPTY);
}
inline void Token::setAudience(const std::string& audience)
{
_pPayload->set(CLAIM_AUDIENCE, audience);
}
inline void Token::setExpiration(const Poco::Timestamp& expiration)
{
setTimestamp(CLAIM_EXPIRATION, expiration);
}
inline Poco::Timestamp Token::getExpiration() const
{
return getTimestamp(CLAIM_EXPIRATION);
}
inline void Token::setNotBefore(const Poco::Timestamp& notBefore)
{
setTimestamp(CLAIM_NOT_BEFORE, notBefore);
}
inline Poco::Timestamp Token::getNotBefore() const
{
return getTimestamp(CLAIM_NOT_BEFORE);
}
inline void Token::setIssuedAt(const Poco::Timestamp& issuedAt)
{
setTimestamp(CLAIM_ISSUED_AT, issuedAt);
}
inline Poco::Timestamp Token::getIssuedAt() const
{
return getTimestamp(CLAIM_ISSUED_AT);
}
inline void Token::setId(const std::string& id)
{
_pPayload->set(CLAIM_JWT_ID, id);
}
inline std::string Token::getId() const
{
return _pPayload->optValue(CLAIM_JWT_ID, EMPTY);
}
inline void Token::setType(const std::string& type)
{
_pHeader->set(CLAIM_TYPE, type);
}
inline std::string Token::getType() const
{
return _pHeader->optValue(CLAIM_TYPE, EMPTY);
}
inline void Token::setAlgorithm(const std::string& algorithm)
{
_pHeader->set(CLAIM_ALGORITHM, algorithm);
}
inline std::string Token::getAlgorithm() const
{
return _pHeader->optValue(CLAIM_ALGORITHM, EMPTY);
}
inline void Token::setContentType(const std::string& contentType)
{
_pHeader->set(CLAIM_CONTENT_TYPE, contentType);
}
inline std::string Token::getContentType() const
{
return _pHeader->optValue(CLAIM_CONTENT_TYPE, EMPTY);
}
} } // namespace Poco::JWT
#endif // JWT_Token_INCLUDED