foltik
/
shimapan
kopia lustrzana https://github.com/Foltik/Shimapan
1
0
Forkuj 0
Kod Zgłoszenia 0 Wydania 0 Wiki Aktywność
A simple file sharing site with an easy to use API and online panel.
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
271 Commity
2 Gałęzie
56MB
Drzewo: d04f681986
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'd04f681986'
${ noResults }
shimapan/app/util/auth.js

86 wiersze
2.8KB
Czysty Wina Historia 

  1. const fs = require('fs').promises;

  2. const config = require('config');

  3. 

  4. const ModelPath = '../models/';

  5. const Key = require(ModelPath + 'Key.js');

  6. const User = require(ModelPath + 'User.js');

  7. 

  8. const verifyScope = require('./verifyScope.js');

  9. const rateLimit = require('express-rate-limit');

  10. 

  11. const checkSession = (req, scope, status) => {

  12.     if (req.isAuthenticated()) {

  13.         status.authenticated = true;

  14.         if (!scope || verifyScope(req.session.passport.scope, scope)) {

  15.             req.username = req.session.passport.user;

  16.             req.displayname = req.session.passport.displayname;

  17.             req.scope = req.session.passport.scope;

  18.             req.key = null;

  19.             status.permission = true;

  20.         }

  21.     }

  22. };

  23. 

  24. const checkKey = async (req, scope, status) => {

  25.     if (req.body.key) {

  26.         const key = await Key.findOne({key: req.body.key});

  27.         if (key) {

  28.             status.authenticated = true;

  29.             if (!scope || verifyScope(key.scope, scope)) {

  30.                 req.username = key.issuer;

  31.                 req.displayname = key.issuer;

  32.                 req.scope = key.scope;

  33.                 req.key = key.key;

  34.                 status.permission = true;

  35.             }

  36.         } else {

  37.             // Log failure

  38.             await fs.appendFile('auth.log', `${new Date().toISOString()} key ${req.ip}\n`);

  39.         }

  40.     }

  41. };

  42. 

  43. 

  44. const apiLimiter = config.get('RateLimit.enable')

  45.     ? rateLimit({

  46.         windowMs: config.get('RateLimit.api.window') * 1000,

  47.         max: config.get('RateLimit.api.max'),

  48.         skip: (req, res) => res.statusCode !== 401 && res.statusCode !== 403

  49.     })

  50.     : (req, res, next) => { next(); };

  51. // Middleware that checks for authentication by either API key or session

  52. // sets req.username, req.displayname, req.scope, and req.key if authenticated properly,

  53. // otherwise throws an error code.

  54. // If the user is banned, also throw an error.

  55. const requireAuth = scope => (req, res, next) => {

  56.     apiLimiter(req, res, async () => {

  57. 

  58.         const status = {

  59.             authenticated: false,

  60.             permission: false

  61.         };

  62. 

  63.         // First, check the session

  64.         checkSession(req, scope, status);

  65.         // If not authenticated yet, check for a key

  66.         if (!status.authenticated)

  67.             await checkKey(req, scope, status);

  68. 

  69.         if (!status.authenticated)

  70.             return res.status(401).json({message: 'Unauthorized.'});

  71.         else if (!status.permission)

  72.             return res.status(403).json({message: 'Forbidden.'});

  73. 

  74.         // Check if the user is banned

  75.         const user = await User.findOne({username: req.username});

  76.         if (user && user.banned)

  77.             return res.status(403).json({message: 'Forbidden.'});

  78. 

  79.         next();

  80.     });

  81. };

  82. 

  83. module.exports.checkSession = checkSession;

  84. module.exports.checkKey = checkKey;

  85. module.exports.requireAuth = requireAuth;