Commit 3fef88c0 authored by Michael Ochmann's avatar Michael Ochmann

added authentication handling

parent cdd0bcbd
const SHA512 = require("js-sha512");
const DB = require("./DatabaseHandler");
const Std = require("./Std");
const Response = require("./server/Response");
const Server = require("./server/Server");
class AuthToken {
constructor(rft, token) {
this.rft = rft;
this.token = token;
this.invalidation = null;
this.refresh();
}
refresh() {
this.invalidation = (Date.now() / 1000) + 15 * AuthToken.InvalidationInterval;
}
valid(token) {
return token === this.token && (Date().now() / 1000) - this.invalidation > 0;
}
}
AuthToken.InvalidationInterval = 15;
class AuthenticationHandler {
constructor(api) {
this.db = api.db;
this.tokens = [];
}
authenticate(rft, password, response) {
this.db.query(DB.Prepare(`
SELECT rft, password, salt FROM users WHERE rft = ? LIMIT 1
`, [rft]), (rows, error) => {
if (error || rows.length < 1) {
Std.Log(`ERROR [AuthenticationHandler] database error: ${error}`, Std.LogLevel.ERROR);
response.send(Server.Error(`authentication failure`, Response.ErrorCode.AUTHENTICATION_ERROR).string());
return;
}
console.log(SHA512(`${password}.${rows[0].salt}`), password, rows[0].salt);
console.log(SHA512("Sommer4#.4d18db80e353e526ad6d42a62aaa29be"));
if (SHA512(`${password}.${rows[0].salt}`) === rows[0].password) {
const token = AuthenticationHandler.GenerateToken();
this.tokens.push(new AuthToken(rft, token));
response.send(new Response({
token
}).string());
}
else
response.send(Server.Error(`authentication failure`, Response.ErrorCode.AUTHENTICATION_ERROR).string());
});
}
valid(tokenSent) {
for (const token of this.tokens) {
if (tokenSent === token.token && token.valid()) {
token.refresh();
return true;
}
}
return false;
}
static GenerateToken() {
return SHA512(Math.random().toString(36).substring(2, 15));
}
}
module.exports = AuthenticationHandler;
......@@ -33,7 +33,7 @@ class DatabaseHandler {
}
/**
* Creates the database as mentioned in th er-model
* Creates the database as mentioned in the er-model
*/
initializeDb() {
let tables = `
......@@ -44,7 +44,7 @@ class DatabaseHandler {
pin VARCHAR(128) NOT NULL,
password VARCHAR(128) NOT NULL,
salt VARCHAR(32) NOT NULL,
superuser TINYINT(1) NULL
superuser TINYINT(1) NULL
);
CREATE TABLE IF NOT EXISTS sales (
......
......@@ -47,4 +47,4 @@ class SettingsHandler {
SettingsHandler.FILENAME = path.join(__dirname, "..", "..", "assets", "settings.json");
SettingsHandler._Instance = null;
module.exports = SettingsHandler.Instance();
\ No newline at end of file
module.exports = SettingsHandler.Instance();
const Server = require("./Server");
const Settings = require("../SettingsHandler");
const Response = require("./Response");
const Std = require("../Std");
const DB = require("../DatabaseHandler");
const Server = require("./Server");
const Settings = require("../SettingsHandler");
const Response = require("./Response");
const Std = require("../Std");
const DB = require("../DatabaseHandler");
const AuthenticationHandler = require("../AuthenticationHandler");
const Endpoint = require("./endpoints/Endpoint");
const AddUser = require("./endpoints/AddUser");
const AddProduct = require("./endpoints/AddProduct");
const GetProductEAN = require("./endpoints/GetProductEAN");
......@@ -13,9 +15,10 @@ const EditProduct = require("./endpoints/EditProduct");
class API {
constructor(app) {
this.app = app;
this.db = app.databaseHandler;
this.server = new Server();
this.app = app;
this.db = app.databaseHandler;
this.authHandler = new AuthenticationHandler(this);
this.server = new Server();
this.server.addRoute("/", (request, response) => {
response.send("[API] Server available")
......@@ -36,12 +39,16 @@ class API {
this.server.addRoute("/api/auth", (request, response) => {
let body = request.body;
if (!body.first_name || !body.last_name)
response.end(Server.Error("invalid arguments supplied").string());
response.end(new Response({
firstName : body.first_name,
lastName : body.last_name
}).string());
const correct = Endpoint.HasAttributes(body, [
"rft",
"password"
]);
if (correct !== true) {
response.end(Server.Error("invalid arguments supplied", Response.ErrorCode.AUTHENTICATION_ERROR).string());
return;
}
this.authHandler.authenticate(body.rft, body.password, response);
}, Server.RouteType.POST);
this.server.listen(Settings.get("server_port", 9080));
......
......@@ -13,8 +13,9 @@ class Response {
}
}
Response.ErrorCode = {
MALFORMED_REQUEST : 301,
DATABASE_ERROR : 600
MALFORMED_REQUEST : 301,
AUTHENTICATION_ERROR : 500,
DATABASE_ERROR : 600
};
module.exports = Response;
......@@ -258,6 +258,11 @@
"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
"integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
},
"js-sha512": {
"version": "0.8.0",
"resolved": "https://registry.npmjs.org/js-sha512/-/js-sha512-0.8.0.tgz",
"integrity": "sha512-PWsmefG6Jkodqt+ePTvBZCSMFgN7Clckjd0O7su3I0+BW2QWUTJNzjktHsztGLhncP2h8mcF9V9Y2Ha59pAViQ=="
},
"media-typer": {
"version": "0.3.0",
"resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
......
......@@ -19,7 +19,7 @@
"body-parser": "^1.18.3",
"chalk": "^2.3.0",
"express": "^4.16.3",
"mysql": "^2.15.0",
"mysql2": "^1.6.4"
"js-sha512": "^0.8.0",
"mysql": "^2.15.0"
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment