BjX/dZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZdZdZd Zd Zd Zd Zd Ze d dZdededdfdZGddZy)a DM Pairing System Code-based approval flow for authorizing new users on messaging platforms. Instead of static allowlists with user IDs, unknown users receive a one-time pairing code that the bot owner approves via the CLI. Security features (based on OWASP + NIST SP 800-63-4 guidance): - 8-char codes from 32-char unambiguous alphabet (no 0/O/1/I) - Cryptographic randomness via secrets.choice() - 1-hour code expiry - Max 3 pending codes per platform - Rate limiting: 1 request per user per 10 minutes - Lockout after 5 failed approval attempts (1 hour) - File permissions: chmod 0600 on all data files - Codes are never logged to stdout Storage: ~/.hermes/pairing/ N)Path)Optional)get_hermes_dir)atomic_replace ABCDEFGHJKLMNPQRSTUVWXYZ23456789iiXzplatforms/pairingpairingpathdatareturncF|jjddtjt |jd\}} t j |dd5}|j||jt j|jdddt|| t j|d y#1swY-xYw#t$rYywxYw#t$r' t j|#t$rYwxYwwxYw) uWrite data to file with restrictive permissions (owner read/write only). Uses a temp-file + atomic rename so readers always see either the old complete file or the new one — never a partial write. Tparentsexist_okz.tmp)dirsuffixwutf-8encodingNi)parentmkdirtempfilemkstempstrosfdopenwriteflushfsyncfilenorchmodOSError BaseExceptionunlink)r r fdtmp_pathfs 4/home/ubuntu/.hermes/hermes-agent/gateway/pairing.py _secure_writer,2s  KKdT2##DKK(8HLB YYr3 1 !Q GGDM GGI HHQXXZ  ! x&  HHT5 !  ! !      IIh      sg C0$AC)C0>C!CC0! C-*C0,C--C00 D :DD  DD DD c eZdZdZdZdedefdZdedefdZdefdZ dede fd Z ded e dd fd Z ded ede fdZddedefdZd ded ededd fdZded ede fdZ d ded ededeefdZdededee fdZddedefdZddedefdZded ede fdZded edd fdZdede fdZdedd fdZdedd fdZdedefdZy )! PairingStorea Manages pairing codes and approved user lists. Data files per platform: - {platform}-pending.json : pending pairing requests - {platform}-approved.json : approved (paired) users - _rate_limits.json : rate limit tracking cdtjddtj|_y)NTr) PAIRING_DIRr threadingRLock_lockselfs r+__init__zPairingStore.__init__Vs%$6__& platformrct|dz S)Nz -pending.jsonr0r5r8s r+ _pending_pathzPairingStore._pending_path\sz777r7ct|dz S)Nz-approved.jsonr:r;s r+_approved_pathzPairingStore._approved_path_sz888r7ctdz S)Nz_rate_limits.jsonr:r4s r+_rate_limit_pathzPairingStore._rate_limit_pathbs000r7r c|jr& tj|jdSiS#tjt f$ricYSwxYw)Nrr)existsjsonloads read_textJSONDecodeErrorr%)r5r s r+ _load_jsonzPairingStore._load_jsonesR ;;= zz$..'."BCC (('2   s$9AAr NcHt|tj|ddy)NF)indent ensure_ascii)r,rCdumps)r5r r s r+ _save_jsonzPairingStore._save_jsonmsdDJJtAEJKr7user_idcJ|j|j|}||vS)z3Check if a user is approved (paired) on a platform.)rGr>)r5r8rNapproveds r+ is_approvedzPairingStore.is_approvedrs&??4#6#6x#@A(""r7cg}|r|gn|jd}|D]P}|j|j|}|jD]\}}|j ||d|R|S)z5List approved users, optionally filtered by platform.rP)r8rN)_all_platformsrGr>itemsappend)r5r8results platformsprPuidinfos r+ list_approvedzPairingStore.list_approvedws"*XJ0C0CJ0O  HAt':':1'=>H%^^- H TA#FFG H Hr7 user_namec|j|j|}|tjd||<|j|j||y)zAAdd a user to the approved list. Must be called under self._lock.)r\ approved_atN)rGr>timerM)r5r8rNr\rPs r+ _approve_userzPairingStore._approve_usersN??4#6#6x#@A"99;  ++H5x@r7c|j|}|j5|j|}||vr||=|j|| dddy dddy#1swYyxYw)zr3rGrM)r5r8rNr rPs r+revokezPairingStore.revokeso""8, ZZ t,H("W%h/   "     s ,AA&c8|j5|j||j|r dddy|j||r dddy|j |j |}t |tk\r dddydjdttD}||tjd||<|j|j |||j|||cdddS#1swYyxYw)a Generate a pairing code for a new user. Returns the code string, or None if: - User is rate-limited (too recent request) - Max pending codes reached for this platform - User/platform is in lockout due to failed attempts Nc3NK|]}tjtywN)secretschoiceALPHABET).0_s r+ z-PairingStore.generate_code..sP7>>(3Ps#%)rNr\ created_at)r3_cleanup_expired_is_locked_out_is_rate_limitedrGr<lenMAX_PENDING_PER_PLATFORMjoinrange CODE_LENGTHr_rM_record_rate_limit)r5r8rNr\pendingcodes r+ generate_codezPairingStore.generate_codesZZ   ! !( +""8,   $$Xw7  ood&8&8&BCG7|77  "77PU;=OPPD#&"iikGDM OOD..x8' B  # #Hg 6=   s$DD3DA4DDrxc 8|j5|j||jj}|j |r dddy|j |j |}||vr|j| dddy|j|}|j|j |||j||d|jdd|d|jdddcdddS#1swYyxYw)aT Approve a pairing code. Adds the user to the approved list. Returns {user_id, user_name} on success, None if code is invalid/expired OR the platform is currently locked out after ``MAX_FAILED_ATTEMPTS`` failed approvals (#10195). Callers can disambiguate with ``_is_locked_out(platform)``. NrNr\rd)rNr\) r3rnupperstriprorGr<_record_failed_attemptpoprMr`get)r5r8rxrwentrys r+ approve_codezPairingStore.approve_codesZZ   ! !( +::<%%'D""8,  ood&8&8&BCG7"++H5  "KK%E OOD..x8' B   xy)9599[RT;U V!+"YY{B7/   sAD6DA/DDc vg}|r|gn|jd}|D]}|j||j|j|}|j D]U\}}t t j |dz dz }|j|||d|jdd|dW|S)z?List pending pairing requests, optionally filtered by platform.rwrm<rNr\rd)r8rxrNr\ age_minutes) rSrnrGr<rTintr_rUr) r5r8rVrWrXrwrxrZage_mins r+ list_pendingzPairingStore.list_pendings"*XJ0C0CI0N  A  ! !! $ood&8&8&;>AfXU*;R@**3/$$X.  / r7rf)rd)__name__ __module__ __qualname____doc__r6rrr<r>r@dictrGrMboolrQlistr[r`rbrryrrrrrprvror}rnrSr7r+r.r.Ls' 8c8d89s9t91$1tLtL4LDL #C###$# cTAcACACAQUA s S T =?))&))69) #)V#S###JSD$ c S AAsAtA93999+s+t+ 9s 9t 9 + + +STr7r.)rrCrrgrr1r_pathlibrtypingrhermes_constantsrutilsrrirurrrrrrr0rr,r.rr7r+rs(  +  . 0)< CD4uur7