i,dZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZdZdZd Zd Zd Zd Zd Ze d dZdededdfdZGddZdS)a DM Pairing System Code-based approval flow for authorizing new users on messaging platforms. Instead of static allowlists with user IDs, unknown users receive a one-time pairing code that the bot owner approves via the CLI. Security features (based on OWASP + NIST SP 800-63-4 guidance): - 8-char codes from 32-char unambiguous alphabet (no 0/O/1/I) - Cryptographic randomness via secrets.choice() - 1-hour code expiry - Max 3 pending codes per platform - Rate limiting: 1 request per user per 10 minutes - Lockout after 5 failed approval attempts (1 hour) - File permissions: chmod 0600 on all data files - Codes are never logged to stdout Storage: ~/.hermes/pairing/ N)Path)Optional)get_hermes_dir)atomic_replace ABCDEFGHJKLMNPQRSTUVWXYZ23456789iiXzplatforms/pairingpairingpathdatareturncj|jddtjt |jd\}} t j|dd5}|||t j | dddn #1swxYwYt|| t j |d dS#t$rYdSwxYw#t$r( t j|n#t$rYnwxYwwxYw) uWrite data to file with restrictive permissions (owner read/write only). Uses a temp-file + atomic rename so readers always see either the old complete file or the new one — never a partial write. Tparentsexist_okz.tmp)dirsuffixwutf-8encodingNi)parentmkdirtempfilemkstempstrosfdopenwriteflushfsyncfilenorchmodOSError BaseExceptionunlink)r r fdtmp_pathfs 4/home/ubuntu/.hermes/hermes-agent/gateway/pairing.py _secure_writer,2s  KdT222#DK(8(8HHHLB Yr3 1 1 1 !Q GGDMMM GGIII HQXXZZ  ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! x&&&  HT5 ! ! ! ! !    DD    Ih        D  ss D AB<0 D<CDCDC// C=9D<C==D D2 D D2 D-*D2,D--D2c eZdZdZdZdedefdZdedefdZdefdZ dede fd Z ded e dd fd Z ded ede fdZd dedefdZd!ded ededd fdZded ede fdZ d!ded ededeefdZdededee fdZd dedefdZd dedefdZded ede fdZded edd fdZdede fdZdedd fdZdedd fdZdedefdZd S)" PairingStorea Manages pairing codes and approved user lists. Data files per platform: - {platform}-pending.json : pending pairing requests - {platform}-approved.json : approved (paired) users - _rate_limits.json : rate limit tracking cntddtj|_dS)NTr) PAIRING_DIRr threadingRLock_lockselfs r+__init__zPairingStore.__init__Vs0$666_&& platformrct|dz S)Nz -pending.jsonr0r5r8s r+ _pending_pathzPairingStore._pending_path\s77777r7ct|dz S)Nz-approved.jsonr:r;s r+_approved_pathzPairingStore._approved_path_s88888r7ctdz S)Nz_rate_limits.jsonr:r4s r+_rate_limit_pathzPairingStore._rate_limit_pathbs000r7r c|rG tj|dS#tjt f$ricYSwxYwiS)Nrr)existsjsonloads read_textJSONDecodeErrorr%)r5r s r+ _load_jsonzPairingStore._load_jsonesf ;;==  z$..'."B"BCCC('2      s'>AAr NcPt|tj|dddS)NF)indent ensure_ascii)r,rCdumps)r5r r s r+ _save_jsonzPairingStore._save_jsonms)dDJtAEJJJKKKKKr7user_idcZ|||}||vS)z3Check if a user is approved (paired) on a platform.)rGr>)r5r8rNapproveds r+ is_approvedzPairingStore.is_approvedrs,??4#6#6x#@#@AA(""r7cg}|r|gn|d}|D]^}|||}|D]\}}|||d| _|S)z5List approved users, optionally filtered by platform.rP)r8rN)_all_platformsrGr>itemsappend)r5r8results platformsprPuidinfos r+ list_approvedzPairingStore.list_approvedws"*OXJJ0C0CJ0O0O  H HAt':':1'='=>>H%^^-- H H TA#FFFGGGG Hr7 user_namec|||}|tjd||<||||dS)zAAdd a user to the approved list. Must be called under self._lock.)r] approved_atN)rGr>timerM)r5r8rNr]rPs r+ _approve_userzPairingStore._approve_usersh??4#6#6x#@#@AA"9;;   ++H55x@@@@@r7c||}|j5||}||vr'||=||| ddddS dddn #1swxYwYdS)zr3rGrM)r5r8rNr rPs r+revokezPairingStore.revokes""8,, Z  t,,H(""W%h///         "                us4A++A/2A/c|j5||||r ddddS|||r ddddS|||}t |tkr ddddSddttD}||tj d||<| |||| |||cdddS#1swxYwYdS)a Generate a pairing code for a new user. Returns the code string, or None if: - User is rate-limited (too recent request) - Max pending codes reached for this platform - User/platform is in lockout due to failed attempts Nr\c3HK|]}tjtVdSN)secretschoiceALPHABET).0_s r+ z-PairingStore.generate_code..s,PP7>(33PPPPPPr7)rNr] created_at)r3_cleanup_expired_is_locked_out_is_rate_limitedrGr<lenMAX_PENDING_PER_PLATFORMjoinrange CODE_LENGTHr`rM_record_rate_limit)r5r8rNr]pendingcodes r+ generate_codezPairingStore.generate_codesZ    ! !( + + +""8,,          $$Xw77         ood&8&8&B&BCCG7||777        "77PPU;=O=OPPPPPD#&"ikkGDM OOD..x88' B B B  # #Hg 6 6 6=                  s%,E E %AE 3B E  EErxc t|j5|||}|||}||vr#|| ddddS||}||||| ||d| dd|d| dddcdddS#1swxYwYdS)z Approve a pairing code. Adds the user to the approved list. Returns {user_id, user_name} on success, None if code is invalid/expired. NrNr]r\)rNr]) r3rnupperstriprGr<_record_failed_attemptpoprMraget)r5r8rxrwentrys r+ approve_codezPairingStore.approve_codes Z    ! !( + + +::<<%%''Dood&8&8&B&BCCG7""++H555        KK%%E OOD..x88' B B B   xy)9599[RT;U;U V V V!+"YY{B77                  sA>D-B D--D14D1c g}|r|gn|d}|D]}|||||}|D]f\}}t t j|dz dz }||||d|dd|dg|S)z?List pending pairing requests, optionally filtered by platform.rwrm<rNr]r\)r8rxrNr] age_minutes) rSrnrGr<rTintr`rUr) r5r8rVrWrXrwrxrZage_mins r+ list_pendingzPairingStore.list_pendings"*NXJJ0C0CI0N0N   A  ! !! $ $ $ood&8&8&;&;<z1PairingStore._cleanup_expired..%s=   T4d<((,<<< <<>*;f*;*;*;R@@**3///$$X...r7rf)r\)__name__ __module__ __qualname____doc__r6rrr<r>r@dictrGrMboolrQlistr[rarcrryrrrrrprvror}rnrSr7r+r.r.Ls5''' 8c8d88889s9t99991$1111tLtL4LDLLLL #C###$#### cTAAcACACAQUAAAA s S T    =?)))&))69) #))))VS4SD$  c S    AAsAtAAAA93999999+s+t++++ 9s 9t 9 9 9 9 + + + + + +STr7r.)rrCrrgrr1r`pathlibrtypingrhermes_constantsrutilsrrirurrrrrrr0rr,r.rr7r+rs6(  ++++++  . n0)<< CD4jjjjjjjjjjr7