Bot-Cobalt
3 results

 view release on metacpan or  search on metacpan

lib/Bot/Cobalt/Plugin/Auth.pm  view on Meta::CPAN 

### These can also be used to read/write arbitrary authdbs

sub _read_access_list {
  my ($self, $authdb) = @_;
  ## Default to $self->_db_path
  $authdb = $self->_db_path unless $authdb;
  ## read authdb, spit out hash

  unless (-f $authdb) {
    logger->debug("did not find authdb at $authdb");
    logger->info("No existing authdb, creating empty access list.");

    return { }
  }

  my $serializer = Bot::Cobalt::Serializer->new();

  my $accesslist;
  try {
    $accesslist = $serializer->readfile($authdb);
  } catch {
    logger->error("readfile() failure; $authdb $_");
  };

  return $accesslist
}

sub _write_access_list {
  my ($self, $authdb, $alist) = @_;
  $authdb = $self->_db_path unless $authdb;
  $alist  = $self->AccessList unless $alist;

  ## we don't want to write superusers back out
  ## copy from ref to a fresh hash:
  my $cloned = dclone($alist);
  delete $cloned->{'-ALL'};

  for my $context (keys %$cloned) {
    for my $user (keys %{ $cloned->{$context} }) {
      if ( $cloned->{$context}->{$user}->{Flags}->{SUPERUSER} ) {
        ## FIXME
        ##  sync superusers too so we can preserve flags?
        ##  need to check/delete them at load time if there's a change
        delete $cloned->{$context}->{$user};
      }
    }
    ## don't need to write empty contexts either:
    delete $cloned->{$context} unless keys %{ $cloned->{$context} };
  }

  ## don't need to write empty access lists to disk ...
  return $authdb unless keys %$cloned;

  my $serializer = Bot::Cobalt::Serializer->new();

  return $authdb if try {
    $serializer->writefile($authdb, $cloned);

    my $p_cfg = plugin_cfg( $self );
    my $perms = oct( $p_cfg->{Opts}->{AuthDB_Perms} // '0600' );
    chmod($perms, $authdb);
    1
  };

  logger->error("writefile() failure; $authdb $_");
  return
}

1;
__END__


=pod

=head1 NAME

Bot::Cobalt::Plugin::Auth -- User management and auth plugin

=head1 DESCRIPTION

This plugin provides the standard authorization and access control
functionality for L<Bot::Cobalt>.

=head1 CONFIGURATION

=head2 plugins.conf

A basic plugins.conf entry for this plugin:

  Auth:
    Module: Bot::Cobalt::Plugin::Auth
    Config: auth.conf

=head2 auth.conf

C<auth.conf> is the central configuration file for this plugin, 
including statically-configured superuser auth entries.

=head3 SuperUsers

The B<SuperUsers> directive specifies statically configured superusers, 
who receive access level 9999 by default and typically have access to 
the totality of the bot's functionality.

Users are specified per-context. Multiple masks can be specified as a 
list:

  SuperUsers:
    Main:
      'avenj':
        Mask:
          - '*avenj@*.oppresses.us'
          - '*avenj@*.cobaltirc.org'
        Password: '$2a$08$W19087w4d(. . . .)'

B<Password> should be a hashed password. You can create them from the 
command line via C<bmkpasswd> from L<App::bmkpasswd>, which this 
distribution depends on.

=head3 Opts



( run in 0.683 second using v1.01-cache-2.11-cpan-39bf76dae61 )