add msg in case unconsistent key
This commit is contained in:
@@ -1,4 +1,7 @@
|
||||
const conf = require(`../../conf/townconf.json`);
|
||||
const l=require('../tools/log.js');
|
||||
//l.showlog= true; // force log as well in prod and dev
|
||||
l.context="apxtri";
|
||||
/**
|
||||
* @api {get} http://header/CheckHeaders - CheckHeaders
|
||||
* @apiGroup Middlewares
|
||||
@@ -67,13 +70,13 @@ const checkHeaders = (req, res, next) => {
|
||||
// store in session the header information
|
||||
req.session.header = header;
|
||||
// Each header have to be declared
|
||||
if (missingheader != "") {
|
||||
if (missingheader.length>0) {
|
||||
// bad request
|
||||
return res.status(400).json({
|
||||
status:400,
|
||||
ref: "middlewares",
|
||||
msg: "missingheader",
|
||||
data: missingheader,
|
||||
data: {missingheader},
|
||||
});
|
||||
}
|
||||
//console.log( req.app.locals.tribeids )
|
||||
@@ -92,7 +95,9 @@ const checkHeaders = (req, res, next) => {
|
||||
});
|
||||
}
|
||||
if (!conf.api.languages.includes(header.xlang)) {
|
||||
console.log("warning language requested does not exist force to english");
|
||||
const info="warning language requested does not exist force to english";
|
||||
l.og(info);
|
||||
l.ogprod(req.header("xtribe"),info);
|
||||
header.xlang = "en";
|
||||
}
|
||||
//set anonymous profil
|
||||
|
||||
@@ -6,6 +6,9 @@ const glob = require("glob");
|
||||
// const openpgp = require("/media/phil/usbfarm/apxtri/node_modules/openpgp/dist/node/openpgp.js");
|
||||
const openpgp = require("openpgp");
|
||||
|
||||
const l=require('../tools/log.js');
|
||||
l.showlog= false; // force log as well in prod and dev
|
||||
l.context="isAuthenticated";
|
||||
/**
|
||||
* @api {get} http://header/istauthenticated - isAuthenticated
|
||||
* @apiGroup Middlewares
|
||||
@@ -28,21 +31,18 @@ const openpgp = require("openpgp");
|
||||
*
|
||||
**/
|
||||
const isAuthenticated = async (req, res, next) => {
|
||||
/*console.log('PASSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS')
|
||||
/*
|
||||
console.log(__dirname)
|
||||
console.log(path.resolve('../tmp/tokens'))
|
||||
if (fs.existsSync('../tmp/tokens')) console.log('pass A')
|
||||
if (fs.existsSync('../tmp/tokens')) console.log('pass B')
|
||||
*/
|
||||
const withlog = true;
|
||||
const currentday = dayjs().date();
|
||||
fs.ensureDirSync(`../tmp/tokens`);
|
||||
let menagedone = fs.existsSync(
|
||||
`../tmp/tokens/menagedone${currentday}`
|
||||
);
|
||||
|
||||
if (withlog)
|
||||
console.log(`menagedone${currentday} was it done today?:${menagedone}`);
|
||||
l.og(`menagedone${currentday} was it done today?:${menagedone}`);
|
||||
if (!menagedone) {
|
||||
// clean oldest
|
||||
const tsday = dayjs().valueOf(); // now in timestamp format
|
||||
@@ -57,13 +57,17 @@ const isAuthenticated = async (req, res, next) => {
|
||||
fs.remove(f);
|
||||
}
|
||||
});
|
||||
//clean tmp
|
||||
glob.sync(`../tmp/*.txt`).forEach((f) => {
|
||||
fs.remove(f);
|
||||
});
|
||||
fs.outputFile(
|
||||
`../tmp/tokens/menagedone${currentday}`,
|
||||
"done by middleware/isAUthenticated"
|
||||
);
|
||||
}
|
||||
//Check register in tmp/tokens/
|
||||
if (withlog) console.log("isAuthenticate?", req.session.header, req.body);
|
||||
l.og("isAuthenticate?", req.session.header, req.body);
|
||||
|
||||
const resnotauth = {
|
||||
ref: "middlewares",
|
||||
@@ -77,7 +81,7 @@ const isAuthenticated = async (req, res, next) => {
|
||||
req.session.header.xalias == "anonymous" ||
|
||||
req.session.header.xhash == "anonymous"
|
||||
) {
|
||||
if (withlog) console.log("alias anonymous means not auth");
|
||||
l.og("alias anonymous means not auth");
|
||||
resnotauth.status = 401;
|
||||
return res.status(resnotauth.status).json(resnotauth);
|
||||
}
|
||||
@@ -96,7 +100,7 @@ const isAuthenticated = async (req, res, next) => {
|
||||
const failstamp = `../tmp/tokens/${alias}.json`;
|
||||
if (action == "clean") {
|
||||
//to reinit bruteforce checker
|
||||
if (withlog) console.log("try to clean penalty file ", failstamp);
|
||||
l.og("try to clean penalty file ", failstamp);
|
||||
fs.remove(failstamp, (err) => {
|
||||
if (err) console.log("Check forcebrut ", err);
|
||||
});
|
||||
@@ -107,17 +111,17 @@ const isAuthenticated = async (req, res, next) => {
|
||||
stamp.lastfail = dayjs().format();
|
||||
stamp.numberfail += 1;
|
||||
fs.outputJSON(failstamp, stamp);
|
||||
if (withlog) console.log("penalty:", stamp);
|
||||
l.og("penalty:", stamp);
|
||||
await sleep(stamp.numberfail * 100); //increase of 0,1 second the answer time per fail
|
||||
if (withlog) console.log("time out penalty");
|
||||
l.og("time out penalty");
|
||||
}
|
||||
};
|
||||
if (!fs.existsSync(tmpfs)) {
|
||||
// need to check detached sign
|
||||
let publickey = "";
|
||||
console.log(process.cwd());
|
||||
console.log(process.env.PWD);
|
||||
console.log(__dirname);
|
||||
l.og(process.cwd());
|
||||
l.og(process.env.PWD);
|
||||
l.og(__dirname);
|
||||
const aliasinfo = `../nationchains/pagans/itm/${req.session.header.xalias}.json`;
|
||||
if (fs.existsSync(aliasinfo)) {
|
||||
publickey = fs.readJsonSync(aliasinfo).publickey;
|
||||
@@ -126,38 +130,41 @@ const isAuthenticated = async (req, res, next) => {
|
||||
publickey = req.body.publickey;
|
||||
}
|
||||
if (publickey == "") {
|
||||
if (withlog) console.log("alias unknown");
|
||||
l.og("alias unknown");
|
||||
resnotauth.status = 404;
|
||||
resnotauth.data.xaliasexists = false;
|
||||
return res.status(resnotauth.status).send(resnotauth);
|
||||
}
|
||||
if (withlog) console.log("publickey", publickey);
|
||||
l.og("publickey", publickey);
|
||||
if (publickey.substring(0, 31) !== "-----BEGIN PGP PUBLIC KEY BLOCK") {
|
||||
if (withlog)
|
||||
console.log("Publickey is not valid as armored key:", publickey);
|
||||
l.og("Publickey is not valid as armored key:", publickey);
|
||||
await bruteforcepenalty(req.session.header.xalias, "penalty");
|
||||
resnotauth.status = 404;
|
||||
return res.status(resnotauth.status).send(resnotauth);
|
||||
}
|
||||
const clearmsg = Buffer.from(req.session.header.xhash, "base64").toString();
|
||||
if (clearmsg.substring(0, 10) !== "-----BEGIN") {
|
||||
if (withlog)
|
||||
console.log("xhash conv is not valid as armored key:", clearmsg);
|
||||
l.og("xhash conv is not valid as armored key:", clearmsg);
|
||||
await bruteforcepenalty(req.session.header.xalias, "penalty");
|
||||
resnotauth.status = 404;
|
||||
return res.status(resnotauth.status).send(resnotauth);
|
||||
}
|
||||
if (withlog) console.log("clearmsg", clearmsg);
|
||||
l.og("clearmsg", clearmsg);
|
||||
let signedMessage=""
|
||||
const pubkey = await openpgp.readKey({ armoredKey: publickey });
|
||||
const signedMessage = await openpgp.readCleartextMessage({
|
||||
cleartextMessage: clearmsg,
|
||||
});
|
||||
try{
|
||||
signedMessage = await openpgp.readCleartextMessage({
|
||||
cleartextMessage: clearmsg,
|
||||
});
|
||||
}catch(err){
|
||||
return res.status(422).send({status:422,ref:"Middleware",msg:"unconsistentcleartextmessage",data:{xhash:req.session.header.xhash,clearmsg}})
|
||||
}
|
||||
const verificationResult = await openpgp.verify({
|
||||
message: signedMessage,
|
||||
verificationKeys: pubkey,
|
||||
});
|
||||
if (withlog) console.log(verificationResult);
|
||||
if (withlog) console.log(verificationResult.signatures[0].keyID.toHex());
|
||||
l.og(verificationResult);
|
||||
l.og(verificationResult.signatures[0].keyID.toHex());
|
||||
try {
|
||||
await verificationResult.signatures[0].verified;
|
||||
if (
|
||||
@@ -165,8 +172,7 @@ const isAuthenticated = async (req, res, next) => {
|
||||
`${req.session.header.xalias}_${req.session.header.xdays}`
|
||||
) {
|
||||
resnotauth.msg = "signaturefailled";
|
||||
if (withlog)
|
||||
console.log(
|
||||
l.og(
|
||||
`message recu:${verificationResult.data} , message attendu:${req.session.header.xalias}_${req.session.header.xdays}`
|
||||
);
|
||||
await bruteforcepenalty(req.session.header.xalias, "penalty");
|
||||
@@ -175,20 +181,18 @@ const isAuthenticated = async (req, res, next) => {
|
||||
}
|
||||
} catch (e) {
|
||||
resnotauth.msg = "signaturefailled";
|
||||
if (withlog) console.log("erreur", e);
|
||||
l.og("erreur", e);
|
||||
await bruteforcepenalty(req.session.header.xalias, "penalty");
|
||||
resnotauth.status = 401;
|
||||
return res.status(resnotauth.status).send(resnotauth);
|
||||
}
|
||||
// authenticated then get person profils (person = pagan for a xtrib)
|
||||
const person = `${process.env.dirtown}/tribes/${req.session.header.xtribe}/objects/persons/itm/${req.session.header.xalias}.json`;
|
||||
if (withlog) {
|
||||
console.log("Profils tribe/app management");
|
||||
console.log("person", person);
|
||||
}
|
||||
l.og("Profils tribe/app management");
|
||||
l.og("person", person);
|
||||
if (fs.existsSync(person)) {
|
||||
const infoperson = fs.readJSONSync(person);
|
||||
console.log(infoperson);
|
||||
l.og(infoperson);
|
||||
infoperson.profils.forEach((p) => {
|
||||
if (!req.session.header.xprofils.includes(p)) req.session.header.xprofils.push(p);
|
||||
})
|
||||
@@ -201,7 +205,7 @@ const isAuthenticated = async (req, res, next) => {
|
||||
req.session.header.xprofils = fs.readJSONSync(tmpfs);
|
||||
}
|
||||
bruteforcepenalty(req.session.header.xalias, "clean");
|
||||
console.log(`${req.session.header.xalias} Authenticated`);
|
||||
l.og(`${req.session.header.xalias} Authenticated`);
|
||||
next();
|
||||
};
|
||||
module.exports = isAuthenticated;
|
||||
|
||||
Reference in New Issue
Block a user