/
auth.js
183 lines (154 loc) · 6.23 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
/**
* Authentication server module
* @param{app} - Instance of express
* @param{DataStoreGate} - Instance of the google datastore connection
* @param{rngString} - Instance of randomstring
* @return - Itself
*/
module.exports = function(app, DataStoreGate, crypto, rngString) {
/** POST - for a user to login, and obtain a temporary key with a ttl of 2 hours
* Paramaters: (all mandaotry unless otherwise)
* username - the username of the admin
* password - the users password
* Response Structure: (JSON)
* Result: "OK" || "ERROR"
* Message: [error]
*/
app.post('/post/login', function(req, res) {
var username = req.query['username'] || req.body['username'];
// var email = req.query['email'] || req.body['email'];
var password = req.query['password'] || req.body['password'];
DataStoreGate.getObjFromStore("User", username, onReturn); // Find user in the datastore
/* Callback for searching datastore for user object TODO -> IMPROVE SECURITY
* @param {object} result - the user object from the datastoreGate
*/
function onReturn(err, user) {
if (err) { // If the returning object is undefined
// Send Back error with message
res.send(JSON.stringify({
Result: "ERROR",
Message: "Login failed"
}));
}
else {
if (user.password == password) {
// Check password to authenticate user
// Checky if the user already has a temp key, and its ttl is not up
if (user.tempKey.ttl > Date.now()) {
// If valid return the temporary key
res.send(JSON.stringify({
Result: "OK",
key: user.tempKey.key,
ttl: user.tempKey.ttl
}));
}
else {
// Create new key for user
user.tempKey.key = Date.now() + rngString.generate(); // Generate user temp key {Current time in milliseconds + a random 32 length string}
// New ttl for 2 hours
user.tempKey.ttl = Date.now() + 7200000;
// Update user in database
DataStoreGate.updateObjFromStore("User", user.username, user, function(err, data) {
if (!err) {
// If no error updating user object
res.send(JSON.stringify({
Result: "OK",
key: user.tempKey.key,
ttl: user.tempKey.ttl
})); // Send key and TTL to the user logging in
}
else {
// Send Back error with message
res.send(JSON.stringify({
Result: "ERROR",
Message: err
}));
}
});
}
}
else {
// Send Back error with message
res.send(JSON.stringify({
Result: "ERROR",
Message: "Login failed"
}));
}
}
}
});
/**
* Authenicates a user with their temp key
* PRE - the user must be logged in
* @param {String} username - the type of data being added to the datastore
* @param {String} tempKey - the value of the data being added
* @param {function} callback(valid) - callback function, passing if the transaction is valid
*/
this.authenticateUser = function(username, tempKey, callback) {
// Find user in the datastore
DataStoreGate.getObjFromStore("User", username, function(err, user) {
// If user is in datastore
if (!err) {
// If the key is not expired & If the temp keys match
if (user.tempKey.ttl > Date.now() && user.tempKey.key == tempKey) {
callback(true); // callback with true -> transaction passing
}
else {
callback(false); // callback with false -> transaction failed
}
}
else {
callback(false); // callback with false -> transaction failed
}
});
}
/**
* Authenicates an admin user with their temp key
* PRE - the user must be logged in
* @param {String} username - the type of data being added to the datastore
* @param {String} tempKey - the value of the data being added
* @param {function} callback(valid) - callback function, passing if the transaction is valid
*/
this.authenticateUserAdmin = function(username, tempKey, callback) {
// Find user in the datastore
DataStoreGate.getObjFromStore("User", username, function(err, user) {
// If user is in datastore
if (!err) {
// If the key is not expired & If the temp keys match & are of privlage level 3 or greater
if (user.tempKey.ttl > Date.now() && user.tempKey.key == tempKey && user.privlageLevel >= 3) {
callback(true); // callback with true -> transaction passing
}
else {
callback(false); // callback with false -> transaction failed
}
}
else {
callback(false); // callback with false -> transaction failed
}
});
}
/**
* Authenicates if a user with their temp key
* @param {String} pwd - the new password to validate the complexity
* @return -
*/
this.validatePasswordComplexity = function(pwd) {
// Criteria : length[10]
if ( pwd && pwd.length >= 10) {
return true; // New passwrod valid
}
return false; // Length too short
}
this.hash = function(pwd) {
const secret = "43143988327398957279342419750374600193"; // !!!WARNING - CHANGING THIS WILL BRAKE EVERYTHING!!! 43143988327398957279342419750374600193
var hash = crypto.createHmac('sha256', secret)
.update(pwd)
.digest('hex');
//console.log(hash);
return hash;
}
//this.hash("I love pizza");
return this;
};
/*
*/