Start updating auth dependencies

This commit is contained in:
calzoneman 2013-08-16 11:01:31 -05:00
parent f523649f54
commit f46169fbe3
3 changed files with 161 additions and 103 deletions

52
acp.js
View File

@ -9,8 +9,6 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
var Auth = require("./auth");
module.exports = function (Server) { module.exports = function (Server) {
var db = Server.db; var db = Server.db;
var ActionLog = require("./actionlog")(Server); var ActionLog = require("./actionlog")(Server);
@ -68,24 +66,26 @@ module.exports = function (Server) {
}); });
user.socket.on("acp-reset-password", function(data) { user.socket.on("acp-reset-password", function(data) {
if(Auth.getGlobalRank(data.name) >= user.global_rank) db.getGlobalRank(data.name, function (err, rank) {
return; if(err || rank >= user.global_rank)
return;
db.genPasswordReset(user.ip, data.name, data.email, db.genPasswordReset(user.ip, data.name, data.email,
function (err, hash) { function (err, hash) {
var pkt = { var pkt = {
success: !err success: !err
}; };
if(err) { if(err) {
pkt.error = err; pkt.error = err;
} else { } else {
pkt.hash = hash; pkt.hash = hash;
} }
user.socket.emit("acp-reset-password", pkt); user.socket.emit("acp-reset-password", pkt);
ActionLog.record(user.ip, user.name, ActionLog.record(user.ip, user.name,
"acp-reset-password", data.name); "acp-reset-password", data.name);
});
}); });
}); });
@ -93,15 +93,17 @@ module.exports = function (Server) {
if(data.rank < 1 || data.rank >= user.global_rank) if(data.rank < 1 || data.rank >= user.global_rank)
return; return;
if(Auth.getGlobalRank(data.name) >= user.global_rank) db.getGlobalRank(data.name, function (err, rank) {
return; if(err || rank >= user.global_rank)
return;
db.setGlobalRank(data.name, data.rank, function (err, res) { db.setGlobalRank(data.name, data.rank,
function (err, res) {
ActionLog.record(user.ip, user.name, "acp-set-rank", ActionLog.record(user.ip, user.name, "acp-set-rank",
data); data);
if(!err) if(!err)
user.socket.emit("acp-set-rank", data); user.socket.emit("acp-set-rank", data);
});
}); });
}); });

153
api.js
View File

@ -9,7 +9,6 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
var Auth = require("./auth");
var Logger = require("./logger"); var Logger = require("./logger");
var ActionLog = require("./actionlog"); var ActionLog = require("./actionlog");
var fs = require("fs"); var fs = require("fs");
@ -94,21 +93,40 @@ module.exports = function (Server) {
if(filter !== "public") { if(filter !== "public") {
var name = query.name || ""; var name = query.name || "";
var session = query.session || ""; var session = query.session || "";
var row = Auth.login(name, "", session); db.userLoginSession(name, session, function (err, row) {
if(!row || row.global_rank < 255) { if(err) {
res.send(403); if(err !== "Invalid session" &&
return; err !== "Session expired") {
} res.send(500);
} else {
res.send(403);
}
return;
}
if(row.global_rank < 255) {
res.send(403);
return;
}
var channels = [];
for(var key in Server.channels) {
var channel = Server.channels[key];
channels.push(getChannelData(channel));
}
res.type("application/jsonp");
res.jsonp(channels);
});
} }
// If we get here, the filter is public channels
var channels = []; var channels = [];
for(var key in Server.channels) { for(var key in Server.channels) {
var channel = Server.channels[key]; var channel = Server.channels[key];
if(channel.opts.show_public) { if(channel.opts.show_public)
channels.push(getChannelData(channel)); channels.push(getChannelData(channel));
} else if(filter !== "public") {
channels.push(getChannelData(channel));
}
} }
res.type("application/jsonp"); res.type("application/jsonp");
@ -136,33 +154,26 @@ module.exports = function (Server) {
return; return;
} }
var row = Auth.login(name, pw, session); db.userLogin(name, pw, session, function (err, row) {
if(!row) { if(err) {
if(session && !pw) { if(err !== "Session expired")
ActionLog.record(getIP(req), name, "login-failure");
res.jsonp({ res.jsonp({
success: false, success: false,
error: "Session expired" error: err
});
return;
} else {
ActionLog.record(getIP(req), name, "login-failure",
"invalid_password");
res.jsonp({
success: false,
error: "Provided username/password pair is invalid"
}); });
return; return;
} }
}
// record the login if the user is an administrator // Only record login-success for admins
if(row.global_rank >= 255) if(row.global_rank >= 255)
ActionLog.record(getIP(req), name, "login-success"); ActionLog.record(getIP(req), name, "login-success");
res.jsonp({ res.jsonp({
success: true, success: true,
name: name, name: name,
session: row.session_hash session: row.session_hash
});
}); });
}); });
@ -195,7 +206,8 @@ module.exports = function (Server) {
return; return;
} }
if(!Auth.validateName(name)) {
if(!$util.isValidUserName(name)) {
ActionLog.record(ip, name, "register-failure", "Invalid name"); ActionLog.record(ip, name, "register-failure", "Invalid name");
res.jsonp({ res.jsonp({
success: false, success: false,
@ -206,29 +218,21 @@ module.exports = function (Server) {
return; return;
} }
if(Auth.isRegistered(name)) { // db.registerUser checks if the name is taken already
ActionLog.record(ip, name, "register-failure", "Name taken"); db.registerUser(name, pw, function (err, session) {
res.jsonp({ if(err) {
success: false, res.jsonp({
error: "That username is already taken" success: false,
}); error: err
return; });
} return;
}
var session = Auth.register(name, pw); ActionLog.record(ip, name, "register-success");
if(!session) {
res.jsonp({ res.jsonp({
success: false, success: true,
error: "Registration error. Contact an administrator "+ session: session
"for assistance."
}); });
return;
}
ActionLog.record(ip, name, "register-success");
res.jsonp({
success: true,
session: session
}); });
}); });
@ -248,30 +252,29 @@ module.exports = function (Server) {
return; return;
} }
var row = Auth.login(name, oldpw, ""); db.userLoginPassword(name, oldpw, function (err, row) {
if(!row) { if(err) {
res.jsonp({ res.jsonp({
success: false, success: false,
error: "Invalid username/password combination" error: err
});
return;
}
db.setUserPassword(name, newpw, function (err, row) {
if(err) {
res.jsonp({
success: false,
error: err
});
return;
}
ActionLog.record(getIP(req), name, "password-change");
res.jsonp({
success: true
});
}); });
return;
}
ActionLog.record(getIP(req), name, "password-change");
var success = Auth.setUserPassword(name, newpw);
if(!success) {
res.jsonp({
success: false,
error: "Server error. Please try again or ask an "+
"administrator for assistance."
});
return;
}
res.jsonp({
success: true,
session: row.session_hash
}); });
}); });
@ -393,11 +396,11 @@ module.exports = function (Server) {
app.post("/api/account/profile", function (req, res) { app.post("/api/account/profile", function (req, res) {
res.type("application/jsonp"); res.type("application/jsonp");
var name = req.body.name; var name = req.body.name;
var pw = req.body.pw;
var session = req.body.session; var session = req.body.session;
var img = req.body.profile_image; var img = req.body.profile_image;
var text = req.body.profile_text; var text = req.body.profile_text;
db.userLoginSession(name, session, function (err, row) {
var row = Auth.login(name, pw, session); var row = Auth.login(name, pw, session);
if(!row) { if(!row) {
res.jsonp({ res.jsonp({

View File

@ -682,6 +682,24 @@ Database.prototype.registerUser = function (name, pw, callback) {
return; return;
} }
var postRegister = function (err, res) {
if(err) {
callback(err, null);
return;
}
self.createLoginSession(name, function (err, hash) {
if(err) {
// Don't confuse people into thinking the registration
// failed when it was the session that failed
callback(null, "");
return;
}
callback(null, hash);
});
};
self.isUsernameTaken(name, function (err, taken) { self.isUsernameTaken(name, function (err, taken) {
if(err) { if(err) {
callback(err, null); callback(err, null);
@ -702,9 +720,7 @@ Database.prototype.registerUser = function (name, pw, callback) {
var query = "INSERT INTO registrations VALUES " + var query = "INSERT INTO registrations VALUES " +
"(NULL, ?, ?, 1, '', 0, '', '', '')"; "(NULL, ?, ?, 1, '', 0, '', '', '')";
self.query(query, [name, hash], function (err, res) { self.query(query, [name, hash], postRegister);
callback(err, res);
});
}); });
}); });
}; };
@ -842,6 +858,43 @@ Database.prototype.createLoginSession = function (name, callback) {
}); });
}; };
Database.prototype.setUserPassword = function (name, pw, callback) {
var self = this;
if(typeof callback !== "function")
callback = blackHole;
bcrypt.hash(pw, 10, function (err, hash) {
if(err) {
callback(err, null);
return;
}
var query = "UPDATE registrations SET pw=? WHERE uname=?";
self.query(query, [hash, name], callback);
});
};
Database.prototype.getGlobalRank = function (name, callback) {
var self = this;
if(typeof callback !== "function")
return;
var query = "SELECT global_rank FROM registrations WHERE uname=?";
self.query(query, function (err, res) {
if(err) {
callback(err, null);
return;
}
if(res.length == 0) {
callback("User does not exist", null);
return;
}
callback(null, res[0].global_rank);
});
};
/* END REGION */ /* END REGION */
/* REGION users */ /* REGION users */