foltik
/
shimapan
mirror da https://github.com/Foltik/Shimapan
1
0
Forka 0
Codice Problemi 0 Rilasci 0 Wiki Attività
A simple file sharing site with an easy to use API and online panel.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
248 Commit
2 Rami (Branch)
29MB
Albero (Tree): 5f2320a492
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '5f2320a492'
${ noResults }
shimapan/app/util/auth.js

87 lines
2.8KB
Originale Blame Cronologia 

  1. const fs = require('fs').promises;

  2. const config = require('config');

  3. 

  4. const ModelPath = '../models/';

  5. const Key = require(ModelPath + 'Key.js');

  6. const User = require(ModelPath + 'User.js');

  7. 

  8. const wrap = require('./wrap.js');

  9. const verifyScope = require('./verifyScope.js');

  10. const rateLimit = require('express-rate-limit');

  11. 

  12. const checkSession = (req, scope, status) => {

  13.     if (req.isAuthenticated()) {

  14.         status.authenticated = true;

  15.         if (!scope || verifyScope(req.session.passport.scope, scope)) {

  16.             req.username = req.session.passport.user;

  17.             req.displayname = req.session.passport.displayname;

  18.             req.scope = req.session.passport.scope;

  19.             req.key = null;

  20.             status.permission = true;

  21.         }

  22.     }

  23. };

  24. 

  25. const checkKey = async (req, scope, status) => {

  26.     if (req.body.key) {

  27.         const key = await Key.findOne({key: req.body.key});

  28.         if (key) {

  29.             status.authenticated = true;

  30.             if (!scope || verifyScope(key.scope, scope)) {

  31.                 req.username = key.issuer;

  32.                 req.displayname = key.issuer;

  33.                 req.scope = key.scope;

  34.                 req.key = key.key;

  35.                 status.permission = true;

  36.             }

  37.         } else {

  38.             // Log failure

  39.             await fs.appendFile('auth.log', `${new Date().toISOString()} key ${req.ip}\n`);

  40.         }

  41.     }

  42. };

  43. 

  44. 

  45. const apiLimiter = config.get('RateLimit.enable')

  46.     ? rateLimit({

  47.         windowMs: config.get('RateLimit.api.window') * 1000,

  48.         max: config.get('RateLimit.api.max'),

  49.         skip: (req, res) => res.statusCode !== 401 && res.statusCode !== 403

  50.     })

  51.     : (req, res, next) => { next(); };

  52. // Middleware that checks for authentication by either API key or session

  53. // sets req.username, req.displayname, req.scope, and req.key if authenticated properly,

  54. // otherwise throws an error code.

  55. // If the user is banned, also throw an error.

  56. const requireAuth = scope => (req, res, next) => {

  57.     apiLimiter(req, res, wrap(async () => {

  58. 

  59.         const status = {

  60.             authenticated: false,

  61.             permission: false

  62.         };

  63. 

  64.         // First, check the session

  65.         checkSession(req, scope, status);

  66.         // If not authenticated yet, check for a key

  67.         if (!status.authenticated)

  68.             await checkKey(req, scope, status);

  69. 

  70.         if (!status.authenticated)

  71.             return res.status(401).json({message: 'Unauthorized.'});

  72.         else if (!status.permission)

  73.             return res.status(403).json({message: 'Forbidden.'});

  74. 

  75.         // Check if the user is banned

  76.         const user = await User.findOne({username: req.username});

  77.         if (user && user.banned)

  78.             return res.status(403).json({message: 'Forbidden.'});

  79. 

  80.         next();

  81.     }));

  82. };

  83. 

  84. module.exports.checkSession = checkSession;

  85. module.exports.checkKey = checkKey;

  86. module.exports.requireAuth = requireAuth;