New app with MFA

app_2025.psgi

@@ -0,0 +1,87 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use FindBin;
+use lib "$FindBin::Bin/lib/", "$FindBin::Bin/lib/pause_2017", "$FindBin::Bin/lib/pause_2025", "$FindBin::Bin/../pause-private/lib", "$FindBin::Bin/privatelib";
+use Plack::Builder;
+use Plack::App::Directory::Apaxy;
+use Path::Tiny;
+my $AppRoot = path(__FILE__)->parent->realpath;
+Log::Dispatch::Config->configure("$AppRoot/etc/plack_log.conf.".($ENV{PLACK_ENV} // 'development'));
+
+$ENV{MOJO_REVERSE_PROXY} = 1;
+$ENV{MOJO_HOME} = $AppRoot;
+
+# preload stuff
+use PAUSE::Web::Context;
+use PAUSE::Web;
+use PAUSE::Web::App::Disabled;
+use PAUSE::Web2025;
+use PAUSE::Web2025::Context;
+
+use BSD::Resource ();
+#BSD::Resource::setrlimit(BSD::Resource::RLIMIT_CPU(),
+#                         60*10, 60*10);
+#BSD::Resource::setrlimit(BSD::Resource::RLIMIT_DATA(),
+#                         40*1024*1024, 40*1024*1024);
+BSD::Resource::setrlimit(BSD::Resource::RLIMIT_CORE(),
+                         40*1024*1024, 40*1024*1024);
+
+my $builder = eval {
+
+my $context = PAUSE::Web::Context->new(root => $AppRoot);
+$context->init;
+
+my $context2025 = PAUSE::Web2025::Context->new(root => $AppRoot);
+$context2025->init;
+
+my $pause_app = PAUSE::Web->new(pause => $context);
+my $pause2025_app = PAUSE::Web2025->new(pause => $context2025);
+my $disabled_app = PAUSE::Web::App::Disabled->new->to_app;
+
+builder {
+  enable 'LogDispatch', logger => $context->logger;
+  enable 'ReverseProxy';
+  enable 'ServerStatus::Tiny', path => '/status';
+
+  if (-f "/etc/PAUSE.CLOSED") {
+    mount '/' => builder { $disabled_app };
+  } else {
+    # Static files are serverd by us; maybe some day we want to change that
+    enable 'Static',
+        path => qr{(?:(?<!index)\.(js|css|gif|jpg|png|pod|html)$|^/\.well-known/)},
+        root => "$FindBin::Bin/htdocs",
+        pass_through => 1;
+
+    mount '/pub/PAUSE' => builder {
+        enable '+PAUSE::Web::Middleware::Auth::Basic', context => $context;
+        Plack::App::Directory::Apaxy->new(root => $PAUSE::Config->{FTPPUB});
+    };
+
+    mount '/incoming' => builder {
+        enable '+PAUSE::Web::Middleware::Auth::Basic', context => $context;
+        Plack::App::Directory::Apaxy->new(root => $PAUSE::Config->{INCOMING_LOC});
+    };
+
+    mount '/pause' => builder {
+        enable_if {$_[0]->{PATH_INFO} =~ /authenquery/ ? 1 : 0} '+PAUSE::Web::Middleware::Auth::Basic', context => $context;
+        $pause_app->start('psgi');
+    };
+
+    mount '/' => builder {
+        $pause2025_app->start('psgi');
+    };
+  }
+};
+
+};
+
+if ($@) {
+  Log::Dispatch::Config->instance->log(
+    level => 'error',
+    message => "$@",
+  );
+}
+
+$builder;

cpanfile

@@ -1,4 +1,5 @@
 requires 'Apache::Session::Counted';
+requires 'Auth::GoogleAuth', '1.05';
 requires 'BSD::Resource';
 requires 'CPAN::Checksums', '1.050';
 requires 'CPAN::DistnameInfo';
@@ -22,6 +23,7 @@ requires 'HTML::Entities';
 requires 'HTTP::Date';
 requires 'HTTP::Status';
 requires 'HTTP::Tiny', '0.059';
+requires 'Imager::QRCode';
 requires 'IO::Socket::SSL', '1.56';
 requires 'IPC::Run3';
 requires 'JSON';
@@ -34,7 +36,7 @@ requires 'Log::Dispatchouli';
 requires 'Module::Signature';
 requires 'MojoX::Log::Dispatch::Simple';
 requires 'Mojolicious';
-requires 'Mojolicious::Plugin::WithCSRFProtection';
+requires 'Mojolicious::Plugin::WithCSRFProtection'; #, '1.02';
 requires 'Net::SSLeay', '1.49';
 requires 'Parallel::Runner';
 requires 'Parse::CPAN::Packages';

doc/authen_pause.schema.txt

@@ -56,6 +56,9 @@ CREATE TABLE usertable (
   `changed` int(11) DEFAULT NULL,
   changedby char(10) DEFAULT NULL,
   lastvisit datetime DEFAULT NULL,
+  mfa tinyint(1) DEFAULT 0,
+  mfa_secret32 varchar(16) DEFAULT NULL,
+  mfa_recovery_codes text DEFAULT NULL,
   PRIMARY KEY (`user`),
   KEY usertable_password (`password`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1 PACK_KEYS=1;

doc/schemas/authen_pause.schema.sqlite

@@ -36,6 +36,9 @@ CREATE TABLE usertable (
   changed int(11) DEFAULT NULL,
   changedby char(10) DEFAULT NULL,
   lastvisit datetime DEFAULT NULL,
+  mfa tinyint(1) DEFAULT 0,
+  mfa_secret32 varchar(16) DEFAULT NULL,
+  mfa_recovery_codes text DEFAULT NULL,
   PRIMARY KEY (user)
 );
 

htdocs/pause/pause_2025.css

@@ -0,0 +1,191 @@
+body {
+  color: #000000;
+  background: white;
+}
+a { color: #0000cc; }
+a:visited { color: #0000bb; }
+a:active { color: #ff0000; }
+p { padding: 0.5em; margin: 0; }
+
+h1.logo { font-size:1em; margin: 0; padding: 0 }
+div.menu {
+  padding-right: 0.5em;
+}
+div.menu p {
+  margin: 0;
+  padding: 0.2em 0.3em 0.2em 0.3em;
+}
+div.menu p.menuheading { padding-top: 0.5em; padding-bottom: 0.3em; }
+nav {
+  border-right: 0.3em #f00 solid;
+  margin-right: 1em;
+}
+
+.actionresponse {
+  border: 3px #f3f dashed;
+  padding: 10px;
+  margin:  2px;
+  background-color: #eee;
+  color: black;
+}
+
+.line1, .line2, .line3 { color: black; }
+.line1 { background-color: #ffe0e0; }
+.line2 { background-color: #e0ffe0; }
+.line3 { background-color: #e0e0ff; }
+
+
+.activemenu { background: #bfb; font-size: small; line-height: 1.5; }
+.alternate1 {
+  background: #f8f8f8;
+  padding: 0.5em;
+  }
+.alternate2 {
+  background: #ddd;
+  padding: 0.5em;
+  }
+.explain { font-size: small; }
+.firstheader { margin: 0 0 5%; }
+.menuheading { background: white;
+               font-size: small; }
+.menuitem { background: #ddf; font-size: small; line-height: 1.5; }
+.menupointer { color: green; }
+.messages { text-align: left; border: 2px dashed red; padding: 2ex; }
+.userstatus { text-align: center;
+               font-size: small;
+                 padding: 0.2em;
+                   float: right; }
+.statusencr { background: #bfb;
+                  border: green solid 2px; }
+.statusunencr { background: #fbb;
+                    border: red solid 2px; }
+.xexplain { font-size: x-small; }
+a.activemenu { text-decoration: none; }
+a.activemenu:hover { text-decoration: underline; }
+a.menuitem { text-decoration: none; }
+a.menuitem:hover { text-decoration: underline; }
+h4.altering { margin: 0 0 12px; }
+p.motd { margin: 10px 1in; padding: 5px; color: black; background: yellow; font-size: small; }
+p.versionspecial { margin: 10px 1in; padding: 5px; color: white; background: gray; font-size: small; }
+a.versionspecial { color: yellow; }
+a.versionspecial:hover { color: red; }
+p.activemenu { border: green solid 1px; }
+
+.texttable { border: black solid 1px; }
+
+.orange_button {
+ background:#FF6600 none repeat scroll 0%;
+ border-color:#FFCC99 rgb(102, 51, 0) rgb(51, 51, 0) rgb(255, 153, 102);
+ border-style:solid;
+ border-width:1px;
+ color:#FFFFFF;
+ font-family:verdana,sans-serif;
+ font-size:10px;
+ font-size-adjust:none;
+ font-stretch:normal;
+ font-style:normal;
+ font-variant:normal;
+ font-weight:bold;
+ line-height:normal;
+ margin:0pt;
+ padding:0pt 3px;
+ text-decoration:none;
+}
+#contentBox {
+ width:600px;
+ height:auto;
+}
+td.administration {
+  border-top: 2px grey solid;
+  border-left: 2px grey solid;
+}
+
+.sort:after {
+  width: 0;
+  height: 0;
+  border-left: 5px solid transparent;
+  border-right: 5px solid transparent;
+  border-bottom: 5px solid transparent;
+  content:"";
+  position: relative;
+  top:-10px;
+  right:-5px;
+}
+.sort.asc:after {
+  width: 0;
+  height: 0;
+  border-left: 0.3em solid transparent;
+  border-right: 0.3em solid transparent;
+  border-top: 0.3em solid #000;
+  content:"";
+  position: relative;
+  top:0.8em;
+  right:-0.3em;
+}
+.sort.desc:after {
+  width: 0;
+  height: 0;
+  border-left: 0.3em solid transparent;
+  border-right: 0.3em solid transparent;
+  border-bottom: 0.3em solid #000;
+  content:"";
+  position: relative;
+  top:-0.8em;
+  right:-0.3em;
+}
+
+.pagination { padding: 0; margin: 0.3em; display: inline-block; }
+.pagination li {
+  display: inline-block;
+  margin: 0;
+  padding-right: 0.5em;
+  font-size: 0.8em;
+}
+.pagination li.active {
+  font-weight: bold;
+}
+.pagination:before {
+  content: "Page: ";
+  font-size: 0.8em;
+}
+
+.table.compact { font-size: small; }
+.table th,.table td{ padding: 0.3em; text-align: left; vertical-align: top; }
+.table tbody>:nth-child(2n-1){ background: #ddd }
+input, textarea { background: #fff; }
+td.checkbox { padding: 0em; text-align: center; vertical-align: middle; }
+.http_upload { background: #e0ffff; }
+.url_upload { background: #ffe0ff; }
+
+p.notice {
+  font-weight: bold;
+}
+div.info {
+  color: #004085;
+  background-color: #cce5ff;
+  border-color: #b8daff;
+}
+div.warning {
+  color: #856404;
+  background-color: #fff3cd;
+  border-color: #ffeeba;
+}
+div.error {
+  color: #721c24;
+  background-color: #f8d7da;
+  border-color: #f5c6cb;
+}
+div.messagebox {
+  padding: 0.75rem 1.25rem;
+  margin-bottom: 1rem;
+  border: 1px solid transparent;
+  border-radius: 0.25rem;
+}
+td.indexed {
+  font-weight: bold
+}
+.row {
+  margin-left: 1em;
+  margin-right: 1em;
+}
+h1.logo img { margin-right: 0.5em; }