sync/lib/session.js

51 lines
1.3 KiB
JavaScript

var dbAccounts = require("./database/accounts");
var util = require("./utilities");
var crypto = require("crypto");
function sha256(input) {
var hash = crypto.createHash("sha256");
hash.update(input);
return hash.digest("base64");
}
exports.genSession = function (account, expiration, cb) {
if (expiration instanceof Date) {
expiration = Date.parse(expiration);
}
var salt = crypto.pseudoRandomBytes(24).toString("base64");
var hashInput = [account.name, account.password, expiration, salt].join(":");
var hash = sha256(hashInput);
cb(null, [account.name, expiration, salt, hash].join(":"));
};
exports.verifySession = function (input, cb) {
var parts = input.split(":");
if (parts.length !== 4) {
return cb("Invalid auth string");
}
var name = parts[0];
var expiration = parts[1];
var salt = parts[2];
var hash = parts[3];
if (Date.now() > parseInt(expiration)) {
return cb("Session expired");
}
dbAccounts.getUser(name, function (err, account) {
if (err) {
return cb(err);
}
var hashInput = [account.name, account.password, expiration, salt].join(":");
if (sha256(hashInput) !== hash) {
return cb("Invalid auth string");
}
cb(null, account);
});
};