auth.js
1 import utils from './utils.js' 2 import events from './events.js' 3 import cryptoUtils from '../crypto.js' 4 import state from './state.js' 5 import chalk from 'chalk' 6 7 const getIdSecret = function(identifier){ 8 var ownerId, secret 9 10 try { 11 identifier = identifier.toLowerCase() 12 } catch (err) { 13 14 } 15 16 state.serverState.members.forEach( member => { 17 let name 18 try { 19 name = member.name.toLowerCase() 20 } catch (err) { 21 22 } 23 if (name === identifier || member.memberId === identifier){ 24 ownerId = member.memberId 25 secret = member.secret 26 console.log('found member', member) 27 } 28 }) 29 30 31 state.serverState.resources.forEach( resource => { 32 if (resource.name === identifier || resource.resourceId === identifier) { 33 ownerId = resource.resourceId 34 secret = resource.secret 35 } 36 }) 37 38 return {ownerId, secret} 39 } 40 41 function socketAuth(socket, data, callback){ 42 let authorized 43 state.serverState.sessions.forEach(session => { 44 if (session.token === data.token){ 45 authorized = true 46 } 47 }) 48 callback(null, authorized) 49 } 50 51 async function serverAuth(req, res, next){ 52 const {ownerId, secret} = getIdSecret(req.headers.name) 53 if (secret && req.headers.authorization && req.headers.session){ 54 let sessionKey = await cryptoUtils.buf2hex(await cryptoUtils.createHash(req.headers.session + secret)) 55 let token = await cryptoUtils.HMAC(sessionKey, req.headers.session) 56 if (token === req.headers.authorization){ 57 events.sessionCreated(ownerId, req.headers.session, token, utils.buildResCallback(res)) 58 } else { 59 res.status(401).end('unauthorized') 60 } 61 } else { 62 let authorized = false 63 state.serverState.sessions.some(session => { 64 if (session.token === req.headers.authorization){ 65 authorized = true 66 req.reqOwner = session.ownerId 67 } 68 return authorized 69 }) 70 if (authorized){ 71 next() 72 } else { 73 res.status(401).end('unauthorized') 74 } 75 } 76 } 77 78 export default { 79 socketAuth, 80 serverAuth 81 }