Merge branches/quickjs to trunk. This is the way.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3621 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
112
core/auth.js
112
core/auth.js
@ -1,27 +1,14 @@
|
||||
"use strict";
|
||||
var kAccountsFile = "data/auth/accounts.json";
|
||||
|
||||
var gAccounts = {};
|
||||
var gTokens = {};
|
||||
|
||||
var bCryptLib = require('bCrypt');
|
||||
bCrypt = new bCryptLib.bCrypt();
|
||||
|
||||
var form = require('form');
|
||||
var http = require('http');
|
||||
|
||||
File.makeDirectory("data");
|
||||
File.makeDirectory("data/auth");
|
||||
File.makeDirectory("data/auth/db");
|
||||
var gDatabase = new Database("data/auth/db");
|
||||
|
||||
try {
|
||||
gAccounts = JSON.parse(new TextDecoder("UTF-8").decode(File.readFile(kAccountsFile)));
|
||||
} catch (error) {
|
||||
}
|
||||
var gDatabase = new Database("auth");
|
||||
|
||||
function readSession(session) {
|
||||
var result = session ? gDatabase.get("session_" + session) : null;
|
||||
var result = session ? gDatabase.get("session:" + session) : null;
|
||||
|
||||
if (result) {
|
||||
result = JSON.parse(result);
|
||||
@ -38,11 +25,11 @@ function readSession(session) {
|
||||
}
|
||||
|
||||
function writeSession(session, value) {
|
||||
gDatabase.set("session_" + session, JSON.stringify(value));
|
||||
gDatabase.set("session:" + session, JSON.stringify(value));
|
||||
}
|
||||
|
||||
function removeSession(session, value) {
|
||||
gDatabase.remove("session_" + session);
|
||||
gDatabase.remove("session:" + session);
|
||||
}
|
||||
|
||||
function newSession() {
|
||||
@ -95,12 +82,14 @@ function authHandler(request, response) {
|
||||
sessionIsNew = true;
|
||||
formData = form.decodeForm(request.body, formData);
|
||||
if (formData.submit == "Login") {
|
||||
var account = gDatabase.get("user:" + formData.name);
|
||||
account = account ? JSON.parse(account) : account;
|
||||
if (formData.register == "1") {
|
||||
if (!gAccounts[formData.name] &&
|
||||
if (!account &&
|
||||
formData.password == formData.confirm) {
|
||||
gAccounts[formData.name] = {password: hashPassword(formData.password)};
|
||||
writeSession(session, {name: formData.name});
|
||||
File.writeFile(kAccountsFile, JSON.stringify(gAccounts));
|
||||
account = {password: hashPassword(formData.password)};
|
||||
gDatabase.set("user:" + formData.name, JSON.stringify(account));
|
||||
if (noAdministrator()) {
|
||||
makeAdministrator(formData.name);
|
||||
}
|
||||
@ -108,9 +97,9 @@ function authHandler(request, response) {
|
||||
loginError = "Error registering account.";
|
||||
}
|
||||
} else {
|
||||
if (gAccounts[formData.name] &&
|
||||
gAccounts[formData.name].password &&
|
||||
verifyPassword(formData.password, gAccounts[formData.name].password)) {
|
||||
if (account &&
|
||||
account.password &&
|
||||
verifyPassword(formData.password, account.password)) {
|
||||
writeSession(session, {name: formData.name});
|
||||
if (noAdministrator()) {
|
||||
makeAdministrator(formData.name);
|
||||
@ -142,44 +131,6 @@ function authHandler(request, response) {
|
||||
}
|
||||
contents += '<div><a href="/login/logout">Logout</a></div>\n';
|
||||
} else {
|
||||
if (gGlobalSettings && gGlobalSettings['google-signin-client_id']) {
|
||||
html = html.replace("<!--HEAD-->", `
|
||||
<script src="https://apis.google.com/js/platform.js" async defer></script>
|
||||
<meta name="google-signin-client_id" content="${gGlobalSettings['google-signin-client_id']}">
|
||||
<script>
|
||||
function onGoogleSignIn(user) {
|
||||
var token = user.getAuthResponse().id_token;
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("POST", "/login/google");
|
||||
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||
xhr.onload = function() {
|
||||
if (xhr.status == 200) {
|
||||
var redirected = false;
|
||||
if (window.location.search.length) {
|
||||
var query = window.location.search.substring(1);
|
||||
var parts = query.split("&");
|
||||
for (var i = 0; i < parts.length; i++) {
|
||||
var part = decodeURIComponent(parts[i]);
|
||||
var key = part.substring(0, part.indexOf('='));
|
||||
var value = part.substring(part.indexOf('=') + 1);
|
||||
if (key == "return") {
|
||||
redirected = true;
|
||||
window.location.href = value;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!redirected) {
|
||||
window.location.path = "/";
|
||||
}
|
||||
} else {
|
||||
alert(xhr.response);
|
||||
}
|
||||
};
|
||||
xhr.send('token=' + token);
|
||||
}
|
||||
</script>
|
||||
`);
|
||||
}
|
||||
contents += '<form method="POST">\n';
|
||||
if (loginError) {
|
||||
contents += "<p>" + loginError + "</p>\n";
|
||||
@ -197,10 +148,6 @@ function authHandler(request, response) {
|
||||
contents += '<div><input id="loginButton" type="submit" name="submit" value="Login"></div>\n';
|
||||
contents += '</div>';
|
||||
contents += '<div class="auth_or"> - or - </div>';
|
||||
if (gGlobalSettings && gGlobalSettings['google-signin-client_id']) {
|
||||
contents += '<div class="g-signin2" data-onsuccess="onGoogleSignIn" data-scope="profile"></div>';
|
||||
contents += '<div class="auth_or"> - or - </div>';
|
||||
}
|
||||
contents += '<div id="auth_guest">\n';
|
||||
contents += '<input id="guestButton" type="submit" name="submit" value="Proceeed as Guest">\n';
|
||||
contents += '</div>\n';
|
||||
@ -215,47 +162,12 @@ function authHandler(request, response) {
|
||||
removeSession(session);
|
||||
response.writeHead(303, {"Set-Cookie": "session=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT", "Location": "/login" + (request.query ? "?" + request.query : "")});
|
||||
response.end();
|
||||
} else if (request.uri == "/login/google") {
|
||||
var formData = form.decodeForm(request.query, form.decodeForm(request.body));
|
||||
return verifyGoogleToken(formData.token).then(function(user) {
|
||||
if (user && user.aud == gGlobalSettings['google-signin-client_id']) {
|
||||
session = newSession();
|
||||
var userId = user.name;
|
||||
if (gAccounts[userId] && !gAccounts[userId].google) {
|
||||
response.writeHead(500, {"Content-Type": "text/plain; charset=utf-8", "Connection": "close"});
|
||||
response.end("Account already exists and is not a Google account.");
|
||||
} else {
|
||||
if (!gAccounts[userId]) {
|
||||
gAccounts[userId] = {google: true};
|
||||
File.writeFile(kAccountsFile, JSON.stringify(gAccounts));
|
||||
if (noAdministrator()) {
|
||||
makeAdministrator(userId);
|
||||
}
|
||||
}
|
||||
|
||||
writeSession(session, {name: userId, google: true});
|
||||
|
||||
var cookie = "session=" + session + "; path=/; Max-Age=604800";
|
||||
response.writeHead(200, {"Content-Type": "text/json; charset=utf-8", "Connection": "close", "Set-Cookie": cookie});
|
||||
response.end(JSON.stringify(user));
|
||||
}
|
||||
} else {
|
||||
response.writeHead(500, {"Content-Type": "text/plain; charset=utf-8", "Connection": "close"});
|
||||
response.end();
|
||||
}
|
||||
});
|
||||
} else {
|
||||
response.writeHead(200, {"Content-Type": "text/plain; charset=utf-8", "Connection": "close"});
|
||||
response.end("Hello, " + request.client.peerName + ".");
|
||||
}
|
||||
}
|
||||
|
||||
function verifyGoogleToken(token) {
|
||||
return http.get("https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=" + token).then(function(response) {
|
||||
return JSON.parse(response.body);
|
||||
});
|
||||
}
|
||||
|
||||
function getPermissions(session) {
|
||||
var permissions;
|
||||
var entry = readSession(session);
|
||||
|
Reference in New Issue
Block a user