external/ShinobiCE
1
0
Fork 0
mirror of https://gitlab.com/Shinobi-Systems/ShinobiCE.git synced 2025-03-09 15:40:15 +00:00
Code Issues Releases Wiki Activity

Support Shinobi at https://licenses.shinobi.video/subscribe

Browse source
This commit is contained in:
Moe 2019-10-26 13:34:02 -07:00
parent ef40f3f231
commit 167603dfb0
118 changed files with 16152 additions and 5441 deletions
Download patch file Download diff file Expand all files Collapse all files

255
libs/auth.js
View file

@ -5,109 +5,184 @@ module.exports = function(s,config,lang){
s.superUsersApi = {}
s.factorAuth = {}
s.failedLoginAttempts = {}
//auth handler
//params = parameters
//cb = callback
//res = response, only needed for express (http server)
//request = request, only needed for express (http server)
s.auth = function(params,cb,res,req){
//
var getUserByUid = function(params,columns,callback){
if(!columns)columns = '*'
s.sqlQuery(`SELECT ${columns} FROM Users WHERE uid=? AND ke=?`,[params.uid,params.ke],function(err,r){
if(!r)r = []
var user = r[0]
callback(err,user)
})
}
var getUserBySessionKey = function(params,callback){
s.sqlQuery('SELECT * FROM Users WHERE auth=? AND ke=?',[params.auth,params.ke],function(err,r){
if(!r)r = []
var user = r[0]
callback(err,user)
})
}
var loginWithUsernameAndPassword = function(params,columns,callback){
if(!columns)columns = '*'
s.sqlQuery(`SELECT ${columns} FROM Users WHERE mail=? AND (pass=? OR pass=?) LIMIT 1`,[params.username,params.password,s.createHash(params.password)],function(err,r){
if(!r)r = []
var user = r[0]
callback(err,user)
})
}
var getApiKey = function(params,columns,callback){
if(!columns)columns = '*'
s.sqlQuery(`SELECT ${columns} FROM API WHERE code=? AND ke=?`,[params.auth,params.ke],function(err,r){
if(!r)r = []
var apiKey = r[0]
callback(err,apiKey)
})
}
var loginWithApiKey = function(params,callback){
getApiKey(params,'*',function(err,apiKey){
var isSessionKey = false
if(apiKey){
var sessionKey = params.auth
createSession(apiKey,{
auth: sessionKey,
permissions: s.parseJSON(apiKey.details),
details: {}
})
getUserByUid(apiKey,'mail,details',function(err,user){
if(user){
try{
editSession({
auth: sessionKey
},{
mail: user.mail,
details: s.parseJSON(user.details),
lang: s.getLanguageFile(user.details.lang)
})
}catch(er){
console.log('FAILED TO EDIT',er)
}
}
callback(err,s.api[params.auth])
})
}else{
getUserBySessionKey(params,function(err,user){
if(user){
isSessionKey = true
createSession(apiKey,{
details: JSON.parse(user.details),
permissions: {}
})
callback(err,user,isSessionKey)
}
})
}
})
}
var createSession = function(user,additionalData){
if(user){
var generatedId
if(!additionalData)additionalData = {}
if(!user.ip)user.ip = '0.0.0.0'
if(!user.auth && !user.code){
generatedId = s.gid(20)
}else{
generatedId = user.auth || user.code
}
user.details = s.parseJSON(user.details)
user.permissions = {}
s.api[generatedId] = Object.assign(user,additionalData)
return generatedId
}
}
var editSession = function(user,additionalData){
if(user){
if(!additionalData)additionalData = {}
Object.keys(additionalData).forEach(function(value,key){
s.api[user.auth][key] = value
})
}
}
var failHttpAuthentication = function(res,req,message){
if(!message)message = lang['Not Authorized']
res.end(s.prettyPrint({
ok: false,
msg: message
}))
}
var resetActiveSessionTimer = function(activeSession){
if(activeSession){
clearTimeout(activeSession.timeout)
activeSession.timeout = setTimeout(function(){
delete(activeSession)
},1000 * 60 * 5)
}
}
s.auth = function(params,onSuccessComplete,res,req){
if(req){
//express (http server) use of auth function
params.ip=req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var failed=function(){
if(!req.ret){req.ret={ok:false}}
req.ret.msg=lang['Not Authorized'];
res.end(s.s(req.ret));
params.ip = req.headers['cf-connecting-ip'] || req.headers['x-forwarded-for'] || req.connection.remoteAddress
var onFail = function(message){
failHttpAuthentication(res,req,message)
}
}else{
//socket.io use of auth function
var failed = function(){
var onFail = function(){
//maybe log
}
}
var clearAfterTime=function(){
//remove temp key from memory
clearTimeout(s.api[params.auth].timeout)
s.api[params.auth].timeout=setTimeout(function(){
delete(s.api[params.auth])
},1000*60*5)
}
//check IP address of connecting user
var finish=function(user){
if(s.api[params.auth].ip.indexOf('0.0.0.0')>-1||s.api[params.auth].ip.indexOf(params.ip)>-1){
var onSuccess = function(user){
var activeSession = s.api[params.auth]
if(
activeSession &&
(
activeSession.ip.indexOf('0.0.0.0') > -1 ||
activeSession.ip.indexOf(params.ip) > -1
)
){
if(!user.lang){
var details = s.parseJSON(user.details).lang
user.lang = s.getDefinitonFile(user.details.lang) || s.copySystemDefaultLanguage()
}
cb(user);
onSuccessComplete(user)
}else{
failed();
onFail()
}
}
//check if auth key is user's temporary session key
if(s.group[params.ke]&&s.group[params.ke].users&&s.group[params.ke].users[params.auth]){
s.group[params.ke].users[params.auth].permissions={};
if(!s.group[params.ke].users[params.auth].lang){
s.group[params.ke].users[params.auth].lang = s.copySystemDefaultLanguage()
if(s.group[params.ke] && s.group[params.ke].users && s.group[params.ke].users[params.auth]){
var activeSession = s.group[params.ke].users[params.auth]
activeSession.permissions = {}
if(!activeSession.lang){
activeSession.lang = s.copySystemDefaultLanguage()
}
cb(s.group[params.ke].users[params.auth])
onSuccessComplete(activeSession)
}else{
//check if key is already in memory to save query time
if(s.api[params.auth]&&s.api[params.auth].details){
finish(s.api[params.auth]);
if(s.api[params.auth].timeout){
clearAfterTime()
if(s.api[params.auth] && s.api[params.auth].details){
var activeSession = s.api[params.auth]
onSuccess(activeSession)
if(activeSession.timeout){
resetActiveSessionTimer(activeSession)
}
}else{
//no key in memory, query db to see if key exists
//check if using username and password in plain text or md5
if(params.username&&params.username!==''&&params.password&&params.password!==''){
s.sqlQuery('SELECT * FROM Users WHERE mail=? AND (pass=? OR pass=?)',[params.username,params.password,s.createHash(params.password)],function(err,r){
if(r&&r[0]){
r=r[0];
r.ip='0.0.0.0';
r.auth = s.gid(20);
params.auth = r.auth;
r.details=JSON.parse(r.details);
r.permissions = {};
s.api[r.auth]=r;
clearAfterTime();
finish(r);
if(params.username && params.username !== '' && params.password && params.password !== ''){
loginWithUsernameAndPassword(params,'*',function(err,user){
if(user){
params.auth = user.auth
createSession(user)
resetActiveSessionTimer(s.api[params.auth])
onSuccess(user)
}else{
failed();
onFail()
}
})
}else{
//not using plain login
s.sqlQuery('SELECT * FROM API WHERE code=? AND ke=?',[params.auth,params.ke],function(err,r){
if(r&&r[0]){
r=r[0];
s.api[params.auth]={ip:r.ip,uid:r.uid,ke:r.ke,permissions:JSON.parse(r.details),details:{}};
s.sqlQuery('SELECT mail,details FROM Users WHERE uid=? AND ke=?',[r.uid,r.ke],function(err,rr){
if(rr&&rr[0]){
rr=rr[0];
try{
s.api[params.auth].mail=rr.mail
s.api[params.auth].details=JSON.parse(rr.details)
s.api[params.auth].lang=s.getLanguageFile(s.api[params.auth].details.lang)
}catch(er){}
}
finish(s.api[params.auth]);
loginWithApiKey(params,function(err,user,isSessionKey){
if(isSessionKey)resetActiveSessionTimer(s.api[params.auth])
if(user){
createSession(user,{
auth: params.auth
})
onSuccess(s.api[params.auth])
}else{
s.sqlQuery('SELECT * FROM Users WHERE auth=? AND ke=?',[params.auth,params.ke],function(err,r){
if(r&&r[0]){
r=r[0];
r.ip='0.0.0.0'
s.api[params.auth]=r
s.api[params.auth].details=JSON.parse(r.details)
s.api[params.auth].permissions={}
clearAfterTime()
finish(r)
}else{
failed();
}
})
onFail()
}
})
}
@ -121,8 +196,10 @@ module.exports = function(s,config,lang){
var adminUsersSelected = null
try{
var success = function(){
var chosenConfig = config
if(req && res){
res.setHeader('Content-Type', 'application/json');
chosenConfig = s.getConfigWithBranding(req.hostname)
res.setHeader('Content-Type', 'application/json')
var ip = req.headers['cf-connecting-ip']||req.headers["CF-Connecting-IP"]||req.headers["'x-forwarded-for"]||req.connection.remoteAddress;
var resp = {
ok: userFound,
@ -141,9 +218,9 @@ module.exports = function(s,config,lang){
}
callback({
ip : ip,
$user:userSelected,
users:adminUsersSelected,
config:config,
$user: userSelected,
users: adminUsersSelected,
config: chosenConfig,
lang:lang
})
}
@ -199,4 +276,18 @@ module.exports = function(s,config,lang){
return false
}
}
s.basicOrApiAuthentication = function(username,password,callback){
var splitUsername = username.split('@')
if(splitUsername[1] && splitUsername[1].toLowerCase().indexOf('shinobi') > -1){
getApiKey({
auth: splitUsername[0],
ke: password
},'ke,uid',callback)
}else{
loginWithUsernameAndPassword({
username: username,
password: password
},'ke,uid',callback)
}
}
}