add test support for authentication tokens
This commit is contained in:
Mystikfluu
parent
af52f0eb4c
commit
4302684c57
@ -5,27 +5,69 @@ const config = JSON.parse(fs.readFileSync("server_config.json"));
|
|||||||
const HASHES_DB = config.cookies.server_hashes;
|
const HASHES_DB = config.cookies.server_hashes;
|
||||||
const HASHES_COOKIE = config.cookies.client_hashes;
|
const HASHES_COOKIE = config.cookies.client_hashes;
|
||||||
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE;
|
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE;
|
||||||
|
|
||||||
export const setup = function (router, con, server) {
|
export const setup = function (router, con, server) {
|
||||||
router.use("/*", function (req, res, next) {
|
router.use("/*", async function (req, res, next) {
|
||||||
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
|
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
|
||||||
let unsigned;
|
let unsigned;
|
||||||
if (req.body.user == undefined || req.body.pass == undefined) {
|
if (req.body.user == undefined || req.body.pass == undefined) {
|
||||||
if(!req.cookies.AUTH_COOKIE) {
|
if(req.body.auth != undefined) {
|
||||||
next()
|
if(
|
||||||
return
|
typeof req.body.auth !== "object" ||
|
||||||
}
|
typeof req.body.auth.secret !== "string" ||
|
||||||
unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
|
typeof req.body.auth.appid !== "number" ||
|
||||||
if (!unsigned){
|
typeof req.body.auth.auth_token !== "string" ||
|
||||||
next()
|
req.body.auth.secret.length !== 200 ||
|
||||||
return
|
req.body.auth.auth_token.length !== 100 ||
|
||||||
|
Buffer.from(req.body.auth.secret,"base64").length !== 150
|
||||||
|
) {
|
||||||
|
res.status(420).send("invalid authentication object")
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
//secret : string(200 chars)
|
||||||
|
//appid : number
|
||||||
|
//auth_token: string(100 chars)
|
||||||
|
let sql = "select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from auth_tokens inner join application on auth_token_isfrom_application_id=application_id inner join users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?"
|
||||||
|
con.query(sql,[SHA256(req.body.auth.auth_token,req.body.auth.appid, HASHES_DB),SHA256(req.body.auth.secret,req.body.auth.appid, HASHES_DB),req.body.auth.appid],(err,result) => {
|
||||||
|
if(err) throw err;
|
||||||
|
|
||||||
|
if(result.length != 1) {
|
||||||
|
res.status(420).send("invalid authentication object (or server error?)")
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
res.locals.userid = result[0].User_ID;
|
||||||
|
res.locals.username = result[0].User_Name;
|
||||||
|
res.locals.bio = result[0].User_Bio || "";
|
||||||
|
res.locals.avatar = result[0].User_Avatar || "";
|
||||||
|
res.locals.settings = JSON.parse(result[0].User_Settings) || {};
|
||||||
|
|
||||||
|
res.locals.isbot = true; //only apps/bots use auth tokens
|
||||||
|
|
||||||
|
next()
|
||||||
|
})
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if(!req.cookies.AUTH_COOKIE) {
|
||||||
|
next()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
|
||||||
|
if (!unsigned){
|
||||||
|
next()
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
unsigned = `${req.body.user} ${SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
|
unsigned = `${req.body.user} ${SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
|
||||||
|
res.set("message","user+pass authentication is deprecated as of february 2023, consider switching to auth tokens")
|
||||||
//basically we generate the unsigned cookie
|
//basically we generate the unsigned cookie
|
||||||
res.locals.isbot = true; //only bots use user+pass
|
res.locals.isbot = true; //only bots use user+pass
|
||||||
}
|
}
|
||||||
let sql = `select User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`;
|
let sql = `select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`;
|
||||||
let values = unsigned.split(" ");
|
let values = unsigned.split(" ");
|
||||||
values[1] = SHA256(values[1], values[0], HASHES_DIFF);
|
values[1] = SHA256(values[1], values[0], HASHES_DIFF);
|
||||||
res.locals.bio = "";
|
res.locals.bio = "";
|
||||||
@ -35,14 +77,12 @@ export const setup = function (router, con, server) {
|
|||||||
if (err)
|
if (err)
|
||||||
throw err;
|
throw err;
|
||||||
if (result[0] && result[0].User_Name && result[0].User_Name == values[0]) {
|
if (result[0] && result[0].User_Name && result[0].User_Name == values[0]) {
|
||||||
res.locals.username = values[0];
|
|
||||||
res.locals.bio = result[0].User_Bio || "";
|
res.locals.userid = result[0].User_ID;
|
||||||
res.locals.avatar = result[0].User_Avatar || "";
|
res.locals.username = result[0].User_Name;
|
||||||
res.locals.settings = JSON.parse(result[0].User_Settings);
|
res.locals.bio = result[0].User_Bio || "";
|
||||||
if (res.locals.settings == "null")
|
res.locals.avatar = result[0].User_Avatar || "";
|
||||||
res.locals.settings = {};
|
res.locals.settings = JSON.parse(result[0].User_Settings) || {};
|
||||||
if (res.locals.settings === null)
|
|
||||||
res.locals.settings = {};
|
|
||||||
|
|
||||||
}
|
}
|
||||||
next()
|
next()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user