blob: 1c0a2ee4c5b49c1dc5bd0e03cac4fda7d10733c1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
import config from 'config'
import { createHash } from 'node:crypto'
import debug from 'debug'
import { getUserByName } from '../db/Users'
const log = debug('auth')
const auth_key = config.get('service.auth.key')
const JUICK_COOKIE_NAME = 'juick-remember-me'
export const rememberMeParser = (req, _res, next) => {
if (req.cookies && !!req.cookies[JUICK_COOKIE_NAME]) {
validate_cookie(req.cookies[JUICK_COOKIE_NAME]).then(visitor => {
req.visitor = visitor
setImmediate(next)
}).catch(() => {
setImmediate(next)
})
} else {
setImmediate(next)
}
}
const validate_cookie = async (cookie) => {
const [ username, expiry_time, , signature ] = Buffer.from(cookie, 'base64').toString('ascii').split(':', 4)
if (is_token_expired(expiry_time)) {
log(`Token expired at: ${new Date(expiry_time)}`)
return ''
}
const user = await getUserByName(username)
if (!user) {
log(`User not found: ${username}`)
return ''
}
const expected_signature = make_token_signature(expiry_time, username, user['passw'])
if (expected_signature === signature) {
log(`Signature verified: ${username}`)
return username
}
log(`Invalid token signature: ${username}`)
return ''
}
const make_token_signature = (expiry_time, username, password) => {
const data = `${username}:${expiry_time}:{noop}${password}:${auth_key}`
return createHash('sha256').update(data).digest('hex')
}
const is_token_expired = (expiry_time) => {
return new Date(expiry_time) < new Date()
}
|
