OpenServer/OpenAuth_server
1
1
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Merge branch 'new-ui-and-api'

Browse Source
This commit is contained in:
Fabian Stamm
2023-04-14 15:15:27 +02:00
parent 80aace7b72 e1164eb05b
commit 3718a1d55c
110 changed files with 5940 additions and 4979 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
Backend/src/api/admin/permission.ts
View File

@ -1,111 +1,111 @@
import { Request, Router } from "express";
import { GetUserMiddleware } from "../middlewares/user";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import promiseMiddleware from "../../helper/promiseMiddleware";
import Permission from "../../models/permissions";
import verify, { Types } from "../middlewares/verify";
import Client from "../../models/client";
import { ObjectID } from "bson";
const PermissionRoute: Router = Router();
PermissionRoute.route("/")
/**
* @api {get} /admin/permission
* @apiName AdminGetPermissions
*
* @apiParam client Optionally filter by client _id
*
* @apiGroup admin_permission
* @apiPermission admin
*
* @apiSuccess {Object[]} permissions
* @apiSuccess {String} permissions._id The ID
* @apiSuccess {String} permissions.name Permission name
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
* @apiSuccess {String} permissions.client The ID of the owning client
*/
.get(
promiseMiddleware(async (req, res) => {
let query = {};
if (req.query.client) {
query = { client: new ObjectID(req.query.client as string) };
}
let permissions = await Permission.find(query);
res.json(permissions);
})
)
/**
* @api {post} /admin/permission
* @apiName AdminAddPermission
*
* @apiParam client The ID of the owning client
* @apiParam name Permission name
* @apiParam description A description, that makes it clear to the user, what this Permission allows to do
*
* @apiGroup admin_permission
* @apiPermission admin
*
* @apiSuccess {Object[]} permissions
* @apiSuccess {String} permissions._id The ID
* @apiSuccess {String} permissions.name Permission name
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
* @apiSuccess {String} permissions.client The ID of the owning client
* @apiSuccess {String} permissions.grant_type The type of the permission. "user" | "client" granted
*/
.post(
verify(
{
client: {
type: Types.STRING,
},
name: {
type: Types.STRING,
},
description: {
type: Types.STRING,
},
type: {
type: Types.ENUM,
values: ["user", "client"],
},
},
true
),
promiseMiddleware(async (req, res) => {
let client = await Client.findById(req.body.client);
if (!client) {
throw new RequestError(
"Client not found",
HttpStatusCode.BAD_REQUEST
);
}
let permission = Permission.new({
description: req.body.description,
name: req.body.name,
client: client._id,
grant_type: req.body.type,
});
await Permission.save(permission);
res.json(permission);
})
)
/**
* @api {delete} /admin/permission
* @apiName AdminDeletePermission
*
* @apiParam id The permission ID
*
* @apiGroup admin_permission
* @apiPermission admin
*
* @apiSuccess {Boolean} success
*/
.delete(
promiseMiddleware(async (req, res) => {
let { id } = req.query as { [key: string]: string };
await Permission.delete(id);
res.json({ success: true });
})
);
export default PermissionRoute;
import { Request, Router } from "express";
import { GetUserMiddleware } from "../middlewares/user";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import promiseMiddleware from "../../helper/promiseMiddleware";
import Permission from "../../models/permissions";
import verify, { Types } from "../middlewares/verify";
import Client from "../../models/client";
import { ObjectId } from "bson";
const PermissionRoute: Router = Router();
PermissionRoute.route("/")
/**
* @api {get} /admin/permission
* @apiName AdminGetPermissions
*
* @apiParam client Optionally filter by client _id
*
* @apiGroup admin_permission
* @apiPermission admin
*
* @apiSuccess {Object[]} permissions
* @apiSuccess {String} permissions._id The ID
* @apiSuccess {String} permissions.name Permission name
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
* @apiSuccess {String} permissions.client The ID of the owning client
*/
.get(
promiseMiddleware(async (req, res) => {
let query = {};
if (req.query.client) {
query = { client: new ObjectId(req.query.client as string) };
}
let permissions = await Permission.find(query);
res.json(permissions);
})
)
/**
* @api {post} /admin/permission
* @apiName AdminAddPermission
*
* @apiParam client The ID of the owning client
* @apiParam name Permission name
* @apiParam description A description, that makes it clear to the user, what this Permission allows to do
*
* @apiGroup admin_permission
* @apiPermission admin
*
* @apiSuccess {Object[]} permissions
* @apiSuccess {String} permissions._id The ID
* @apiSuccess {String} permissions.name Permission name
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
* @apiSuccess {String} permissions.client The ID of the owning client
* @apiSuccess {String} permissions.grant_type The type of the permission. "user" | "client" granted
*/
.post(
verify(
{
client: {
type: Types.STRING,
},
name: {
type: Types.STRING,
},
description: {
type: Types.STRING,
},
type: {
type: Types.ENUM,
values: ["user", "client"],
},
},
true
),
promiseMiddleware(async (req, res) => {
let client = await Client.findById(req.body.client);
if (!client) {
throw new RequestError(
"Client not found",
HttpStatusCode.BAD_REQUEST
);
}
let permission = Permission.new({
description: req.body.description,
name: req.body.name,
client: client._id,
grant_type: req.body.type,
});
await Permission.save(permission);
res.json(permission);
})
)
/**
* @api {delete} /admin/permission
* @apiName AdminDeletePermission
*
* @apiParam id The permission ID
*
* @apiGroup admin_permission
* @apiPermission admin
*
* @apiSuccess {Boolean} success
*/
.delete(
promiseMiddleware(async (req, res) => {
let { id } = req.query as { [key: string]: string };
await Permission.delete(id);
res.json({ success: true });
})
);
export default PermissionRoute;

196
Backend/src/api/client/permissions.ts
View File

@ -1,98 +1,98 @@
import { Request, Response } from "express";
import Stacker from "../middlewares/stacker";
import {
ClientAuthMiddleware,
GetClientAuthMiddleware,
} from "../middlewares/client";
import Permission from "../../models/permissions";
import User from "../../models/user";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import Grant from "../../models/grants";
import { ObjectID } from "mongodb";
export const GetPermissions = Stacker(
GetClientAuthMiddleware(true),
async (req: Request, res: Response) => {
const { user, permission } = req.query as { [key: string]: string };
let permissions: { id: string; name: string; description: string }[];
let users: string[];
if (user) {
const grant = await Grant.findOne({
client: req.client._id,
user: new ObjectID(user),
});
permissions = await Promise.all(
grant.permissions.map((perm) => Permission.findById(perm))
).then((res) =>
res
.filter((e) => e.grant_type === "client")
.map((e) => {
return {
id: e._id.toHexString(),
name: e.name,
description: e.description,
};
})
);
}
if (permission) {
const grants = await Grant.find({
client: req.client._id,
permissions: new ObjectID(permission),
});
users = grants.map((grant) => grant.user.toHexString());
}
res.json({ permissions, users });
}
);
export const PostPermissions = Stacker(
GetClientAuthMiddleware(true),
async (req: Request, res: Response) => {
const { permission, uid } = req.body;
const user = await User.findOne({ uid });
if (!user) {
throw new RequestError("User not found!", HttpStatusCode.BAD_REQUEST);
}
const permissionDoc = await Permission.findById(permission);
if (!permissionDoc || !permissionDoc.client.equals(req.client._id)) {
throw new RequestError(
"Permission not found!",
HttpStatusCode.BAD_REQUEST
);
}
let grant = await Grant.findOne({
client: req.client._id,
user: req.user._id,
});
if (!grant) {
grant = Grant.new({
client: req.client._id,
user: req.user._id,
permissions: [],
});
}
//TODO: Fix clients getting user data without consent, when a grant is created and no additional permissions are requested, since for now, it is only checked for grant existance to make client access user data
if (grant.permissions.indexOf(permission) < 0)
grant.permissions.push(permission);
await Grant.save(grant);
res.json({
success: true,
});
}
);
import { Request, Response } from "express";
import Stacker from "../middlewares/stacker";
import {
ClientAuthMiddleware,
GetClientAuthMiddleware,
} from "../middlewares/client";
import Permission from "../../models/permissions";
import User from "../../models/user";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import Grant from "../../models/grants";
import { ObjectId } from "mongodb";
export const GetPermissions = Stacker(
GetClientAuthMiddleware(true),
async (req: Request, res: Response) => {
const { user, permission } = req.query as { [key: string]: string };
let permissions: { id: string; name: string; description: string }[];
let users: string[];
if (user) {
const grant = await Grant.findOne({
client: req.client._id,
user: new ObjectId(user),
});
permissions = await Promise.all(
grant.permissions.map((perm) => Permission.findById(perm))
).then((res) =>
res
.filter((e) => e.grant_type === "client")
.map((e) => {
return {
id: e._id.toHexString(),
name: e.name,
description: e.description,
};
})
);
}
if (permission) {
const grants = await Grant.find({
client: req.client._id,
permissions: new ObjectId(permission),
});
users = grants.map((grant) => grant.user.toHexString());
}
res.json({ permissions, users });
}
);
export const PostPermissions = Stacker(
GetClientAuthMiddleware(true),
async (req: Request, res: Response) => {
const { permission, uid } = req.body;
const user = await User.findOne({ uid });
if (!user) {
throw new RequestError("User not found!", HttpStatusCode.BAD_REQUEST);
}
const permissionDoc = await Permission.findById(permission);
if (!permissionDoc || !permissionDoc.client.equals(req.client._id)) {
throw new RequestError(
"Permission not found!",
HttpStatusCode.BAD_REQUEST
);
}
let grant = await Grant.findOne({
client: req.client._id,
user: req.user._id,
});
if (!grant) {
grant = Grant.new({
client: req.client._id,
user: req.user._id,
permissions: [],
});
}
//TODO: Fix clients getting user data without consent, when a grant is created and no additional permissions are requested, since for now, it is only checked for grant existance to make client access user data
if (grant.permissions.indexOf(permission) < 0)
grant.permissions.push(permission);
await Grant.save(grant);
res.json({
success: true,
});
}
);

83
Backend/src/api/index.ts
View File

@ -1,33 +1,50 @@
import * as express from "express";
import AdminRoute from "./admin";
import UserRoute from "./user";
import InternalRoute from "./internal";
import Login from "./user/login";
import ClientRouter from "./client";
import * as cors from "cors";
import OAuthRoute from "./oauth";
import config from "../config";
const ApiRouter: express.IRouter = express.Router();
ApiRouter.use("/admin", AdminRoute);
ApiRouter.use(cors());
ApiRouter.use("/user", UserRoute);
ApiRouter.use("/internal", InternalRoute);
ApiRouter.use("/oauth", OAuthRoute);
ApiRouter.use("/client", ClientRouter);
// Legacy reasons (deprecated)
ApiRouter.use("/", ClientRouter);
// Legacy reasons (deprecated)
ApiRouter.post("/login", Login);
ApiRouter.get("/config.json", (req, res) => {
return res.json({
name: config.core.name,
url: config.core.url,
});
});
export default ApiRouter;
import * as express from "express";
import AdminRoute from "./admin";
import UserRoute from "./user";
import InternalRoute from "./internal";
import ClientRouter from "./client";
import cors from "cors";
import OAuthRoute from "./oauth";
import config from "../config";
import JRPCEndpoint from "./jrpc";
const ApiRouter: express.IRouter = express.Router();
ApiRouter.use("/admin", AdminRoute);
ApiRouter.use(cors());
ApiRouter.use("/user", UserRoute);
ApiRouter.use("/internal", InternalRoute);
ApiRouter.use("/oauth", OAuthRoute);
ApiRouter.use("/client", ClientRouter);
/**
* @api {post} /jrpc
* @apiName InternalJRPCEndpoint
*
* @apiGroup user
* @apiPermission none
*
* @apiErrorExample {Object} Error-Response:
{
error: [
{
message: "Some Error",
field: "username"
}
],
status: 400
}
*/
ApiRouter.post("/jrpc", JRPCEndpoint);
// Legacy reasons (deprecated)
ApiRouter.use("/", ClientRouter);
ApiRouter.get("/config.json", (req, res) => {
return res.json({
name: config.core.name,
url: config.core.url,
});
});
export default ApiRouter;

80
Backend/src/api/internal/oauth.ts
View File

@ -1,41 +1,39 @@
import { Request, Response, NextFunction } from "express";
import Stacker from "../middlewares/stacker";
import { GetClientAuthMiddleware } from "../middlewares/client";
import { UserMiddleware } from "../middlewares/user";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import ClientCode from "../../models/client_code";
import moment = require("moment");
import { randomBytes } from "crypto";
export const OAuthInternalApp = Stacker(
GetClientAuthMiddleware(false, true),
UserMiddleware,
async (req: Request, res: Response) => {
let { redirect_uri, state } = req.query as { [key: string]: string };
if (!redirect_uri) {
throw new RequestError(
"No redirect url set!",
HttpStatusCode.BAD_REQUEST
);
}
let sep = redirect_uri.indexOf("?") < 0 ? "?" : "&";
let code = ClientCode.new({
user: req.user._id,
client: req.client._id,
validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex"),
permissions: [],
});
await ClientCode.save(code);
res.redirect(
redirect_uri +
sep +
"code=" +
code.code +
(state ? "&state=" + state : "")
);
res.end();
}
);
import { Request, Response, NextFunction } from "express";
import Stacker from "../middlewares/stacker";
import { GetClientAuthMiddleware } from "../middlewares/client";
import { UserMiddleware } from "../middlewares/user";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import ClientCode from "../../models/client_code";
import moment = require("moment");
import { randomBytes } from "crypto";
export const OAuthInternalApp = Stacker(
GetClientAuthMiddleware(false, true),
UserMiddleware,
async (req: Request, res: Response) => {
let { redirect_uri, state } = req.query as { [key: string]: string };
if (!redirect_uri) {
throw new RequestError(
"No redirect url set!",
HttpStatusCode.BAD_REQUEST
);
}
let redurl = new URL(redirect_uri);
let code = ClientCode.new({
user: req.user._id,
client: req.client._id,
validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex"),
permissions: [],
});
await ClientCode.save(code);
redurl.searchParams.set("code", code.code);
if (state)
redurl.searchParams.set("state", state);
res.redirect(redurl.href);
res.end();
}
);

38
Backend/src/api/jrpc/index.ts Normal file
View File

@ -0,0 +1,38 @@
import { Format } from "@hibas123/logging";
import Logging from "@hibas123/nodelogging";
import { Server, } from "@hibas123/openauth-internalapi";
import { RequestObject, ResponseObject } from "@hibas123/openauth-internalapi/lib/service_base";
import { Request, Response } from "express";
import Stacker from "../middlewares/stacker";
import AccountService from "./services/account";
import LoginService from "./services/login";
import SecurityService from "./services/security";
import TFAService from "./services/twofactor";
export type SessionContext = Request;
const provider = new Server.ServiceProvider<SessionContext>();
provider.addService(new AccountService());
provider.addService(new SecurityService());
provider.addService(new TFAService());
provider.addService(new LoginService());
const JRPCEndpoint = Stacker(
async (req: Request, res: Response) => {
let jrpcreq = req.body as RequestObject;
let startTime = process.hrtime.bigint();
const session = provider.getSession((data: ResponseObject) => {
let time = process.hrtime.bigint() - startTime;
let state = data.error ? Format.red(`err(${data.error.message})`) : Format.green("OK");
Logging.getChild("JRPC").log(jrpcreq.method, state, "-", (Number(time / 10000n) / 100) + "ms");
res.json(data);
}, req);
session.onMessage(jrpcreq);
}
);
export default JRPCEndpoint;

52
Backend/src/api/jrpc/services/account.ts Normal file
View File

@ -0,0 +1,52 @@
import { Profile, ContactInfo, Gender, Server, UserRegisterInfo } from "@hibas123/openauth-internalapi";
import type { SessionContext } from "../index";
import Mail from "../../../models/mail";
import User from "../../../models/user";
import { RequireLogin } from "../../../helper/login";
export default class AccountService extends Server.AccountService<SessionContext> {
Register(regcode: string, info: UserRegisterInfo, ctx: SessionContext): Promise<void> {
throw new Error("Method not implemented.");
}
@RequireLogin()
async GetProfile(ctx: SessionContext): Promise<Profile> {
if (!ctx.user) throw new Error("Not logged in");
return {
id: ctx.user.uid,
username: ctx.user.username,
name: ctx.user.name,
birthday: ctx.user.birthday.valueOf(),
gender: ctx.user.gender as number as Gender,
}
}
@RequireLogin()
async UpdateProfile(info: Profile, ctx: SessionContext): Promise<void> {
if (!ctx.user) throw new Error("Not logged in");
ctx.user.name = info.name;
ctx.user.birthday = new Date(info.birthday);
ctx.user.gender = info.gender as number;
await User.save(ctx.user);
}
@RequireLogin()
async GetContactInfos(ctx: SessionContext): Promise<ContactInfo> {
if (!ctx.user) throw new Error("Not logged in");
let mails = await Promise.all(
ctx.user.mails.map((mail) => Mail.findById(mail))
);
let contact = {
mail: mails.filter((e) => !!e),
phone: ctx.user.phones,
};
return contact;
}
}

265
Backend/src/api/jrpc/services/login.ts Normal file
View File

@ -0,0 +1,265 @@
import { Server, LoginState, TFAOption, TFAType } from "@hibas123/openauth-internalapi";
import type { SessionContext } from "../index";
import Logging from "@hibas123/nodelogging";
import User, { IUser } from "../../../models/user";
import moment from "moment";
import crypto from "node:crypto";
import TwoFactor, { ITwoFactor, IWebAuthn } from "../../../models/twofactor";
import speakeasy from "speakeasy";
import { generateAuthenticationOptions, verifyAuthenticationResponse } from "@simplewebauthn/server";
import config from "../../../config";
//FIXME: There are a lot of uneccessary database requests happening here. Since this is not a "hot" path, it should not matter to much, but it should be fixed nontheless.
export default class LoginService extends Server.LoginService<SessionContext> {
private async getUser(username: string): Promise<IUser> {
let user = await User.findOne({ username: username.toLowerCase() });
if (!user) {
throw new Error("User not found");
}
return user;
}
private async getLoginState(ctx: SessionContext): Promise<LoginState> {
if (ctx.user && ctx.session.validated) {
return {
success: true
}
} else if (ctx.session.login_state) {
//TODO: Check login_state expiration or so
if (ctx.session.login_state.username) {
let user = await this.getUser(ctx.session.login_state.username);
if (!ctx.session.login_state.password_correct) {
let passwordSalt = user.salt;
return {
success: false,
username: ctx.session.login_state.username,
password: false,
passwordSalt: passwordSalt,
}
} else {
let tfa = await this.getTwoFactors(await this.getUser(ctx.session.login_state.username))
if (tfa.length <= 0) {
ctx.session.user_id = user._id.toString();
ctx.session.login_state = undefined;
Logging.warn("This should have been set somewhere else!");
return {
success: true,
}
} else {
return {
success: false,
username: ctx.session.login_state.username,
password: true,
requireTwoFactor: tfa,
}
}
}
}
} else {
return {
success: false,
username: undefined,
password: false,
}
}
}
private async getTwoFactors(user: IUser): Promise<TFAOption[]> {
let twofactors = await TwoFactor.find({
user: user._id,
valid: true
})
return twofactors.map<TFAOption>(tf => {
return {
id: tf._id.toString(),
name: tf.name,
tfatype: tf.type as number,
}
})
}
private async enableSession(ctx: SessionContext) {
let user = await this.getUser(ctx.session.login_state.username);
ctx.user = user;
ctx.session.user_id = user._id.toString();
ctx.session.login_state = undefined;
ctx.session.validated = true;
}
GetState(ctx: SessionContext): Promise<LoginState> {
return this.getLoginState(ctx);
}
async Start(username: string, ctx: SessionContext): Promise<LoginState> {
let user = await this.getUser(username);
ctx.session.login_state = {
username: username,
password_correct: false,
}
return this.getLoginState(ctx);
}
async UsePassword(password_hash: string, date: number, ctx: SessionContext): Promise<LoginState> {
if (!ctx.session.login_state) {
throw new Error("No login state. Call Start() first.");
}
let user = await this.getUser(ctx.session.login_state.username);
if (date <= 0) {
if (user.password !== password_hash) {
throw new Error("Password incorrect");
}
} else {
if (
!moment(date).isBetween(
moment().subtract(1, "minute"),
moment().add(1, "minute")
)
) {
throw new Error("Date incorrect. Please check your devices time!");
} else {
let upw = crypto
.createHash("sha512")
.update(user.password + date.toString())
.digest("hex");
if (upw !== password_hash) {
throw new Error("Password incorrect");
}
}
}
ctx.session.login_state.password_correct = true;
let tfas = await this.getTwoFactors(user);
if (tfas.length <= 0) {
await this.enableSession(ctx);
}
return this.getLoginState(ctx);
}
private async getAndCheckTFA<T extends ITwoFactor>(id: string, shouldType: TFAType, ctx: SessionContext): Promise<T> {
if (!ctx.session.login_state) {
throw new Error("No login state. Call Start() first.");
}
let user = await this.getUser(ctx.session.login_state.username);
let tfa = await TwoFactor.findById(id);
if (!tfa || tfa.user.toString() != user._id.toString()) {
throw new Error("Two factor not found");
}
if (tfa.type != shouldType as number) {
throw new Error("Two factor is not the correct type!");
}
if (!tfa.valid) {
throw new Error("Two factor is not valid");
}
if (tfa.expires && moment().isAfter(moment(tfa.expires))) {
throw new Error("Two factor is expired");
}
return tfa as T;
}
async UseTOTP(id: string, code: string, ctx: SessionContext): Promise<LoginState> {
let tfa = await this.getAndCheckTFA(id, TFAType.TOTP, ctx);
let valid = speakeasy.totp.verify({
secret: tfa.data,
encoding: "base32",
token: code,
});
if (!valid) {
throw new Error("Code incorrect");
}
await this.enableSession(ctx);
return this.getLoginState(ctx);
}
async UseBackupCode(id: string, code: string, ctx: SessionContext): Promise<LoginState> {
let tfa = await this.getAndCheckTFA(id, TFAType.BACKUP_CODE, ctx);
if (tfa.data.indexOf(code) < 0) {
throw new Error("Code incorrect");
}
tfa.data = tfa.data.filter(c => c != code);
await TwoFactor.save(tfa);
//TODO: handle the case where the last backup code is used
await this.enableSession(ctx);
return this.getLoginState(ctx);
}
async GetWebAuthnChallenge(id: string, ctx: SessionContext): Promise<string> {
let tfa = await this.getAndCheckTFA<IWebAuthn>(id, TFAType.WEBAUTHN, ctx);
const rpID = new URL(config.core.url).hostname;
let options = generateAuthenticationOptions({
timeout: 60000,
userVerification: "discouraged",
rpID,
allowCredentials: [{
id: tfa.data.device.credentialID.buffer,
type: "public-key",
transports: tfa.data.device.transports
}]
})
ctx.session.login_state.webauthn_challenge = options.challenge;
Logging.debug("Challenge", options, tfa, tfa.data.device.credentialID);
return JSON.stringify(options);
}
async UseWebAuthn(id: string, response: string, ctx: SessionContext): Promise<LoginState> {
let tfa = await this.getAndCheckTFA<IWebAuthn>(id, TFAType.WEBAUTHN, ctx);
if (!ctx.session.login_state.webauthn_challenge) {
throw new Error("No webauthn challenge");
}
let rpID = new URL(config.core.url).hostname;
let verification = await verifyAuthenticationResponse({
response: JSON.parse(response),
authenticator: {
counter: tfa.data.device.counter,
credentialID: tfa.data.device.credentialID.buffer,
credentialPublicKey: tfa.data.device.credentialPublicKey.buffer,
transports: tfa.data.device.transports
},
expectedChallenge: ctx.session.login_state.webauthn_challenge,
expectedOrigin: config.core.url,
expectedRPID: rpID,
requireUserVerification: false
})
if (verification.verified) {
tfa.data.device.counter = verification.authenticationInfo.newCounter;
await TwoFactor.save(tfa);
}
await this.enableSession(ctx);
return this.getLoginState(ctx);
}
}

35
Backend/src/api/jrpc/services/security.ts Normal file
View File

@ -0,0 +1,35 @@
import { Server, Session } from "@hibas123/openauth-internalapi";
import type { SessionContext } from "../index";
import Logging from "@hibas123/nodelogging";
import { RequireLogin } from "../../../helper/login";
import crypto from "node:crypto";
import User from "../../../models/user";
export default class SecurityService extends Server.SecurityService<SessionContext> {
@RequireLogin()
async GetSessions(ctx: SessionContext): Promise<Session[]> {
return []
throw new Error("Method not implemented.");
}
@RequireLogin()
async RevokeSession(id: string, ctx: SessionContext): Promise<void> {
throw new Error("Method not implemented.");
}
@RequireLogin()
async ChangePassword(old_pw: string, new_pw: string, ctx: SessionContext): Promise<void> {
let old_pw_hash = crypto.createHash("sha512").update(ctx.user.salt + old_pw).digest("hex");
if (old_pw_hash != ctx.user.password) {
throw new Error("Wrong password");
}
let salt = crypto.randomBytes(32).toString("base64");
let password_hash = crypto.createHash("sha512").update(salt + new_pw).digest("hex");
ctx.user.salt = salt;
ctx.user.password = password_hash;
await User.save(ctx.user);
}
}

194
Backend/src/api/jrpc/services/twofactor.ts Normal file
View File

@ -0,0 +1,194 @@
import { TFANewTOTP, Server, TFAOption, UserRegisterInfo, TFAWebAuthRegister } from "@hibas123/openauth-internalapi";
import type { SessionContext } from "../index";
import TwoFactorModel, { ITOTP, IWebAuthn, TFATypes } from "../../../models/twofactor";
import moment = require("moment");
import * as speakeasy from "speakeasy";
import * as qrcode from "qrcode";
import config from "../../../config";
import { generateRegistrationOptions, verifyRegistrationResponse } from '@simplewebauthn/server';
import type { RegistrationResponseJSON } from '@simplewebauthn/typescript-types';
import Logging from "@hibas123/nodelogging";
import { Binary } from "mongodb";
import { RequireLogin } from "../../../helper/login";
export default class TFAService extends Server.TFAService<SessionContext> {
@RequireLogin()
AddBackupCodes(name: string, ctx: SessionContext): Promise<string[]> {
throw new Error("Method not implemented.");
}
@RequireLogin()
RemoveBackupCodes(id: string, ctx: SessionContext): Promise<void> {
throw new Error("Method not implemented.");
}
@RequireLogin()
async GetOptions(ctx: SessionContext): Promise<TFAOption[]> {
let twofactor = await TwoFactorModel.find({ user: ctx.user._id, valid: true });
let expired = twofactor.filter((e) =>
e.expires ? moment().isAfter(moment(e.expires)) : false
);
await Promise.all(
expired.map((e) => {
e.valid = false;
return TwoFactorModel.save(e);
})
);
twofactor = twofactor.filter((e) => e.valid);
let tfa = twofactor.map<TFAOption>((e) => {
return {
id: e._id.toString(),
name: e.name,
tfatype: e.type as number,
expires: e.expires?.valueOf()
};
});
return tfa;
}
@RequireLogin()
async Delete(id: string, ctx: SessionContext): Promise<void> {
let twofactor = await TwoFactorModel.findById(id);
if (!twofactor || !twofactor.user.equals(ctx.user._id))
throw new Error("Invalid ID");
twofactor.valid = false;
await TwoFactorModel.save(twofactor);
}
@RequireLogin()
async AddTOTP(name: string, ctx: SessionContext): Promise<TFANewTOTP> {
//Generating new
let secret = speakeasy.generateSecret({
name: config.core.name,
issuer: config.core.name,
otpauth_url: true
});
let twofactor = TwoFactorModel.new(<ITOTP>{
name: name,
user: ctx.user._id,
type: TFATypes.TOTP,
valid: false,
data: secret.base32,
});
let dataurl = await qrcode.toDataURL(secret.otpauth_url);
await TwoFactorModel.save(twofactor);
return {
id: twofactor._id.toString(),
qr: dataurl,
secret: secret.base32
}
}
@RequireLogin()
async VerifyTOTP(id: string, code: string, ctx: SessionContext): Promise<void> {
let twofactor = await TwoFactorModel.findById(id);
if (!twofactor || !twofactor.user.equals(ctx.user._id))
throw new Error("Invalid ID");
let verified = speakeasy.totp.verify({
secret: twofactor.data,
encoding: "base32",
token: code,
});
if (!verified) throw new Error("Invalid code");
twofactor.valid = true;
twofactor.expires = undefined;
await TwoFactorModel.save(twofactor);
}
@RequireLogin()
async AddWebauthn(name: string, ctx: SessionContext): Promise<TFAWebAuthRegister> {
// TODO: Get already registered options
const rpID = new URL(config.core.url).hostname;
const options = generateRegistrationOptions({
rpName: config.core.name,
rpID,
userID: ctx.user.uid,
userName: ctx.user.username,
attestationType: 'direct',
userDisplayName: ctx.user.name,
excludeCredentials: [],
authenticatorSelection: {
userVerification: "required",
requireResidentKey: false,
residentKey: "discouraged",
authenticatorAttachment: "cross-platform"
}
})
const twofactor = TwoFactorModel.new({
name,
type: TFATypes.WEBAUTHN,
user: ctx.user._id,
valid: false,
data: {
challenge: options.challenge
}
});
await TwoFactorModel.save(twofactor);
Logging.debug(twofactor);
return {
id: twofactor._id.toString(),
challenge: JSON.stringify(options)
};
}
@RequireLogin()
async VerifyWebAuthn(id: string, registration: string, ctx: SessionContext): Promise<void> {
let twofactor = await TwoFactorModel.findById(id) as IWebAuthn;
if (!twofactor || !twofactor.user.equals(ctx.user._id))
throw new Error("Invalid ID");
const rpID = new URL(config.core.url).hostname;
const response = JSON.parse(registration) as RegistrationResponseJSON;
let verification = await verifyRegistrationResponse({
response,
expectedChallenge: twofactor.data.challenge,
expectedOrigin: config.core.url,
expectedRPID: rpID,
requireUserVerification: true,
});
if (verification.verified) {
const { credentialPublicKey, credentialID, counter } = verification.registrationInfo;
//TODO: Check if already registered!
// TwoFactorModel.find({
// data: {
// }
// })
twofactor.data = {
device: {
credentialPublicKey: new Binary(credentialPublicKey),
credentialID: new Binary(credentialID),
counter: verification.registrationInfo.counter,
transports: response.response.transports as any[]
}
}
twofactor.valid = true;
await TwoFactorModel.save(twofactor);
} else {
throw new Error("Invalid response");
}
}
}

176
Backend/src/api/middlewares/user.ts
View File

@ -1,106 +1,70 @@
import { NextFunction, Request, Response } from "express";
import LoginToken, { CheckToken } from "../../models/login_token";
import Logging from "@hibas123/nodelogging";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import User from "../../models/user";
import promiseMiddleware from "../../helper/promiseMiddleware";
class Invalid extends Error {}
/**
* Returns customized Middleware function, that could also be called directly
* by code and will return true or false depending on the token. In the false
* case it will also send error and redirect if json is not set
* @param json Default false. Checks if requests wants an json or html for returning errors
* @param special_required Default false. If true, a special token is required
* @param redirect_uri Default current uri. Sets the uri to redirect, if json is not set and user not logged in
* @param validated Default true. If false, the token must not be validated
*/
export function GetUserMiddleware(
json = false,
special_required: boolean = false,
redirect_uri?: string,
validated = true
) {
return promiseMiddleware(async function (
req: Request,
res: Response,
next?: NextFunction
) {
const invalid = (message: string) => {
throw new Invalid(req.__(message));
};
try {
let { login, special } = req.query as { [key: string]: string };
if (!login) {
login = req.cookies.login;
special = req.cookies.special;
}
if (!login) invalid("No login token");
if (!special && special_required) invalid("No special token");
let token = await LoginToken.findOne({ token: login, valid: true });
if (!(await CheckToken(token, validated)))
invalid("Login token invalid");
let user = await User.findById(token.user);
if (!user) {
token.valid = false;
await LoginToken.save(token);
invalid("Login token invalid");
}
let special_token;
if (special) {
Logging.debug("Special found");
special_token = await LoginToken.findOne({
token: special,
special: true,
valid: true,
user: token.user,
});
if (!(await CheckToken(special_token, validated)))
invalid("Special token invalid");
req.special = true;
}
req.user = user;
req.isAdmin = user.admin;
req.token = {
login: token,
special: special_token,
};
if (next) next();
return true;
} catch (e) {
if (e instanceof Invalid) {
if (req.method === "GET" && !json) {
res.status(HttpStatusCode.UNAUTHORIZED);
res.redirect(
"/login?base64=true&state=" +
Buffer.from(
redirect_uri ? redirect_uri : req.originalUrl
).toString("base64")
);
} else {
throw new RequestError(
req.__(
"You are not logged in or your login is expired" +
` (${e.message})`
),
HttpStatusCode.UNAUTHORIZED,
undefined,
{ auth: true }
);
}
} else {
if (next) next(e);
else throw e;
}
return false;
}
});
}
export const UserMiddleware = GetUserMiddleware();
import { NextFunction, Request, Response } from "express";
import Logging from "@hibas123/nodelogging";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import promiseMiddleware from "../../helper/promiseMiddleware";
import { requireLoginState } from "../../helper/login";
class Invalid extends Error { }
/**
* Returns customized Middleware function, that could also be called directly
* by code and will return true or false depending on the token. In the false
* case it will also send error and redirect if json is not set
* @param json Default false. Checks if requests wants an json or html for returning errors
* @param special_required Default false. If true, a special token is required
* @param redirect_uri Default current uri. Sets the uri to redirect, if json is not set and user not logged in
* @param validated Default true. If false, the token must not be validated
*/
export function GetUserMiddleware(
json = false,
special_required: boolean = false,
redirect_uri?: string,
validated = true
) {
return promiseMiddleware(async function (
req: Request,
res: Response,
next?: NextFunction
) {
const invalid = (message: string) => {
throw new Invalid(req.__(message));
};
try {
if (!requireLoginState(req, validated, special_required)) {
invalid("Not logged in");
}
if (next) next();
return true;
} catch (e) {
Logging.getChild("UserMiddleware").warn(e);
if (e instanceof Invalid) {
if (req.method === "GET" && !json) {
res.status(HttpStatusCode.UNAUTHORIZED);
res.redirect(
"/login?base64=true&state=" +
Buffer.from(
redirect_uri ? redirect_uri : req.originalUrl
).toString("base64")
);
} else {
throw new RequestError(
req.__(
"You are not logged in or your login is expired" +
` (${e.message})`
),
HttpStatusCode.UNAUTHORIZED,
undefined,
{ auth: true }
);
}
} else {
if (next) next(e);
else throw e;
}
return false;
}
});
}
export const UserMiddleware = GetUserMiddleware();

498
Backend/src/api/oauth/auth.ts
View File

@ -1,249 +1,249 @@
import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user";
import { Request, Response } from "express";
import Client from "../../models/client";
import Logging from "@hibas123/nodelogging";
import Permission, { IPermission } from "../../models/permissions";
import ClientCode from "../../models/client_code";
import moment = require("moment");
import { randomBytes } from "crypto";
// import { ObjectID } from "bson";
import Grant, { IGrant } from "../../models/grants";
import GetAuthPage from "../../views/authorize";
import { ObjectID } from "mongodb";
// const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
// let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
// const sendError = (type) => {
// if (redirect_uri === "$local")
// redirect_uri = "/code";
// res.redirect(redirect_uri += `?error=${type}&state=${state}`);
// }
// /**
// * error
// REQUIRED. A single ASCII [USASCII] error code from the
// following:
// invalid_request
// The request is missing a required parameter, includes an
// invalid parameter value, includes a parameter more than
// once, or is otherwise malformed.
// unauthorized_client
// The client is not authorized to request an authorization
// code using this method.
// access_denied
// The resource owner or authorization server denied the
// request.
// */
// try {
// if (response_type !== "code") {
// return sendError("unsupported_response_type");
// } else {
// let client = await Client.findOne({ client_id: client_id })
// if (!client) {
// return sendError("unauthorized_client")
// }
// if (redirect_uri && client.redirect_url !== redirect_uri) {
// Logging.log(redirect_uri, client.redirect_url);
// return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
// }
// let permissions: IPermission[] = [];
// if (scope) {
// let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectID(p));
// permissions = await Permission.find({ _id: { $in: perms } })
// if (permissions.length != perms.length) {
// return sendError("invalid_scope");
// }
// }
// let code = ClientCode.new({
// user: req.user._id,
// client: client._id,
// permissions: permissions.map(p => p._id),
// validTill: moment().add(30, "minutes").toDate(),
// code: randomBytes(16).toString("hex")
// });
// await ClientCode.save(code);
// let redir = client.redirect_url === "$local" ? "/code" : client.redirect_url;
// let ruri = redir + `?code=${code.code}&state=${state}`;
// if (nored === "true") {
// res.json({
// redirect_uri: ruri
// })
// } else {
// res.redirect(ruri);
// }
// }
// } catch (err) {
// Logging.error(err);
// sendError("server_error")
// }
// })
const GetAuthRoute = (view = false) =>
Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => {
let {
response_type,
client_id,
redirect_uri,
scope = "",
state,
nored,
} = req.query as { [key: string]: string };
const sendError = (type) => {
if (redirect_uri === "$local") redirect_uri = "/code";
res.redirect(
(redirect_uri += `?error=${type}${state ? "&state=" + state : ""}`)
);
};
const scopes = scope.split(";").filter((e: string) => e !== "");
Logging.debug("Scopes:", scope);
try {
if (response_type !== "code") {
return sendError("unsupported_response_type");
} else {
let client = await Client.findOne({ client_id: client_id });
if (!client) {
return sendError("unauthorized_client");
}
if (redirect_uri && client.redirect_url !== redirect_uri) {
Logging.log(redirect_uri, client.redirect_url);
return res.send(
"Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!"
);
}
let permissions: IPermission[] = [];
let proms: PromiseLike<void>[] = [];
if (scopes) {
for (let perm of scopes.filter((e) => e !== "read_user")) {
let oid = undefined;
try {
oid = new ObjectID(perm);
} catch (err) {
Logging.error(err);
continue;
}
proms.push(
Permission.findById(oid).then((p) => {
if (!p) return Promise.reject(new Error());
permissions.push(p);
})
);
}
}
let err = undefined;
await Promise.all(proms).catch((e) => {
err = e;
});
if (err) {
Logging.error(err);
return sendError("invalid_scope");
}
let grant: IGrant | undefined = await Grant.findOne({
client: client._id,
user: req.user._id,
});
Logging.debug("Grant", grant, permissions);
let missing_permissions: IPermission[] = [];
if (grant) {
missing_permissions = grant.permissions
.map((perm) => permissions.find((p) => p._id.equals(perm)))
.filter((e) => !!e);
} else {
missing_permissions = permissions;
}
let client_granted_perm = missing_permissions.filter(
(e) => e.grant_type == "client"
);
if (client_granted_perm.length > 0) {
return sendError("no_permission");
}
if (!grant && missing_permissions.length > 0) {
await new Promise<void>((yes, no) =>
GetUserMiddleware(false, true)(
req,
res,
(err?: Error | string) => (err ? no(err) : yes())
)
); // Maybe unresolved when redirect is happening
if (view) {
res.send(
GetAuthPage(
req.__,
client.name,
permissions.map((perm) => {
return {
name: perm.name,
description: perm.description,
logo: client.logo,
};
})
)
);
return;
} else {
if ((req.body.allow = "true")) {
if (!grant)
grant = Grant.new({
client: client._id,
user: req.user._id,
permissions: [],
});
grant.permissions.push(
...missing_permissions.map((e) => e._id)
);
await Grant.save(grant);
} else {
return sendError("access_denied");
}
}
}
let code = ClientCode.new({
user: req.user._id,
client: client._id,
permissions: permissions.map((p) => p._id),
validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex"),
});
await ClientCode.save(code);
let redir =
client.redirect_url === "$local" ? "/code" : client.redirect_url;
let ruri =
redir + `?code=${code.code}${state ? "&state=" + state : ""}`;
if (nored === "true") {
res.json({
redirect_uri: ruri,
});
} else {
res.redirect(ruri);
}
}
} catch (err) {
Logging.error(err);
sendError("server_error");
}
});
export default GetAuthRoute;
import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user";
import { Request, Response } from "express";
import Client from "../../models/client";
import Logging from "@hibas123/nodelogging";
import Permission, { IPermission } from "../../models/permissions";
import ClientCode from "../../models/client_code";
import moment = require("moment");
import { randomBytes } from "crypto";
// import { ObjectId } from "bson";
import Grant, { IGrant } from "../../models/grants";
import GetAuthPage from "../../views/authorize";
import { ObjectId } from "mongodb";
// const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
// let { response_type, client_id, redirect_uri, scope, state, nored } = req.query;
// const sendError = (type) => {
// if (redirect_uri === "$local")
// redirect_uri = "/code";
// res.redirect(redirect_uri += `?error=${type}&state=${state}`);
// }
// /**
// * error
// REQUIRED. A single ASCII [USASCII] error code from the
// following:
// invalid_request
// The request is missing a required parameter, includes an
// invalid parameter value, includes a parameter more than
// once, or is otherwise malformed.
// unauthorized_client
// The client is not authorized to request an authorization
// code using this method.
// access_denied
// The resource owner or authorization server denied the
// request.
// */
// try {
// if (response_type !== "code") {
// return sendError("unsupported_response_type");
// } else {
// let client = await Client.findOne({ client_id: client_id })
// if (!client) {
// return sendError("unauthorized_client")
// }
// if (redirect_uri && client.redirect_url !== redirect_uri) {
// Logging.log(redirect_uri, client.redirect_url);
// return res.send("Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!");
// }
// let permissions: IPermission[] = [];
// if (scope) {
// let perms = (<string>scope).split(";").filter(e => e !== "read_user").map(p => new ObjectId(p));
// permissions = await Permission.find({ _id: { $in: perms } })
// if (permissions.length != perms.length) {
// return sendError("invalid_scope");
// }
// }
// let code = ClientCode.new({
// user: req.user._id,
// client: client._id,
// permissions: permissions.map(p => p._id),
// validTill: moment().add(30, "minutes").toDate(),
// code: randomBytes(16).toString("hex")
// });
// await ClientCode.save(code);
// let redir = client.redirect_url === "$local" ? "/code" : client.redirect_url;
// let ruri = redir + `?code=${code.code}&state=${state}`;
// if (nored === "true") {
// res.json({
// redirect_uri: ruri
// })
// } else {
// res.redirect(ruri);
// }
// }
// } catch (err) {
// Logging.error(err);
// sendError("server_error")
// }
// })
const GetAuthRoute = (view = false) =>
Stacker(GetUserMiddleware(false), async (req: Request, res: Response) => {
let {
response_type,
client_id,
redirect_uri,
scope = "",
state,
nored,
} = req.query as { [key: string]: string };
const sendError = (type) => {
if (redirect_uri === "$local") redirect_uri = "/code";
res.redirect(
(redirect_uri += `?error=${type}${state ? "&state=" + state : ""}`)
);
};
const scopes = scope.split(";").filter((e: string) => e !== "");
Logging.debug("Scopes:", scope);
try {
if (response_type !== "code") {
return sendError("unsupported_response_type");
} else {
let client = await Client.findOne({ client_id: client_id });
if (!client) {
return sendError("unauthorized_client");
}
if (redirect_uri && client.redirect_url !== redirect_uri) {
Logging.log(redirect_uri, client.redirect_url);
return res.send(
"Invalid redirect_uri. Please check the integrity of the site requesting and contact the administrator of the page, you want to authorize!"
);
}
let permissions: IPermission[] = [];
let proms: PromiseLike<void>[] = [];
if (scopes) {
for (let perm of scopes.filter((e) => e !== "read_user")) {
let oid = undefined;
try {
oid = new ObjectId(perm);
} catch (err) {
Logging.error(err);
continue;
}
proms.push(
Permission.findById(oid).then((p) => {
if (!p) return Promise.reject(new Error());
permissions.push(p);
})
);
}
}
let err = undefined;
await Promise.all(proms).catch((e) => {
err = e;
});
if (err) {
Logging.error(err);
return sendError("invalid_scope");
}
let grant: IGrant | undefined = await Grant.findOne({
client: client._id,
user: req.user._id,
});
Logging.debug("Grant", grant, permissions);
let missing_permissions: IPermission[] = [];
if (grant) {
missing_permissions = grant.permissions
.map((perm) => permissions.find((p) => p._id.equals(perm)))
.filter((e) => !!e);
} else {
missing_permissions = permissions;
}
let client_granted_perm = missing_permissions.filter(
(e) => e.grant_type == "client"
);
if (client_granted_perm.length > 0) {
return sendError("no_permission");
}
if (!grant && missing_permissions.length > 0) {
await new Promise<void>((yes, no) =>
GetUserMiddleware(false, true)(
req,
res,
(err?: Error | string) => (err ? no(err) : yes())
)
); // Maybe unresolved when redirect is happening
if (view) {
res.send(
GetAuthPage(
req.__,
client.name,
permissions.map((perm) => {
return {
name: perm.name,
description: perm.description,
logo: client.logo,
};
})
)
);
return;
} else {
if ((req.body.allow = "true")) {
if (!grant)
grant = Grant.new({
client: client._id,
user: req.user._id,
permissions: [],
});
grant.permissions.push(
...missing_permissions.map((e) => e._id)
);
await Grant.save(grant);
} else {
return sendError("access_denied");
}
}
}
let code = ClientCode.new({
user: req.user._id,
client: client._id,
permissions: permissions.map((p) => p._id),
validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex"),
});
await ClientCode.save(code);
let redir =
client.redirect_url === "$local" ? "/code" : client.redirect_url;
let ruri =
redir + `?code=${code.code}${state ? "&state=" + state : ""}`;
if (nored === "true") {
res.json({
redirect_uri: ruri,
});
} else {
res.redirect(ruri);
}
}
} catch (err) {
Logging.error(err);
sendError("server_error");
}
});
export default GetAuthRoute;

19
Backend/src/api/user/account.ts
View File

@ -1,19 +0,0 @@
import { Request, Response } from "express";
import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user";
import LoginToken, { CheckToken } from "../../models/login_token";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
export const GetAccount = Stacker(
GetUserMiddleware(true, true),
async (req: Request, res: Response) => {
let user = {
id: req.user.uid,
name: req.user.name,
username: req.user.username,
birthday: req.user.birthday,
gender: req.user.gender,
};
res.json({ user });
}
);

19
Backend/src/api/user/contact.ts
View File

@ -1,19 +0,0 @@
import { Request, Response } from "express";
import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user";
import Mail from "../../models/mail";
export const GetContactInfos = Stacker(
GetUserMiddleware(true, true),
async (req: Request, res: Response) => {
let mails = await Promise.all(
req.user.mails.map((mail) => Mail.findById(mail))
);
let contact = {
mails: mails.filter((e) => !!e),
phones: req.user.phones,
};
res.json({ contact });
}
);

171
Backend/src/api/user/index.ts
View File

@ -1,132 +1,39 @@
import { Router } from "express";
import { GetAccount } from "./account";
import { GetContactInfos } from "./contact";
import Login from "./login";
import Register from "./register";
import { DeleteToken, GetToken } from "./token";
import TwoFactorRoute from "./twofactor";
import OAuthRoute from "./oauth";
const UserRoute: Router = Router();
/**
* @api {post} /user/register
* @apiName UserRegister
*
* @apiGroup user
* @apiPermission none
*
* @apiParam {String} mail EMail linked to this Account
* @apiParam {String} username The new Username
* @apiParam {String} password Password hashed and salted like specification
* @apiParam {String} salt The Salt used for password hashing
* @apiParam {String} regcode The regcode, that should be used
* @apiParam {String} gender Gender can be: "male", "female", "other", "none"
* @apiParam {String} name The real name of the User
*
* @apiSuccess {Boolean} success
*
* @apiErrorExample {Object} Error-Response:
{
error: [
{
message: "Some Error",
field: "username"
}
],
status: 400
}
*/
UserRoute.post("/register", Register);
/**
* @api {post} /user/login?type=:type
* @apiName UserLogin
*
* @apiParam {String} type Type could be either "username" or "password"
*
* @apiGroup user
* @apiPermission none
*
* @apiParam {String} username Username (either username or uid required)
* @apiParam {String} uid (either username or uid required)
* @apiParam {String} password Password hashed and salted like specification (only on type password)
* @apiParam {Number} time in milliseconds used to hash password. This is used to make passwords "expire"
*
* @apiSuccess {String} uid On type = "username"
* @apiSuccess {String} salt On type = "username"
*
* @apiSuccess {String} login On type = "password". Login Token
* @apiSuccess {String} special On type = "password". Special Token
* @apiSuccess {Object[]} tfa Will be set when TwoFactorAuthentication is required
* @apiSuccess {String} tfa.id The ID of the TFA Method
* @apiSuccess {String} tfa.name The name of the TFA Method
* @apiSuccess {String} tfa.type The type of the TFA Method
*/
UserRoute.post("/login", Login);
UserRoute.use("/twofactor", TwoFactorRoute);
/**
* @api {get} /user/token
* @apiName UserGetToken
*
* @apiGroup user
* @apiPermission user
*
* @apiSuccess {Object[]} token
* @apiSuccess {String} token.id The Token ID
* @apiSuccess {String} token.special Identifies Special Token
* @apiSuccess {String} token.ip IP the token was optained from
* @apiSuccess {String} token.browser The Browser the token was optained from (User Agent)
* @apiSuccess {Boolean} token.isthis Shows if it is token used by this session
*/
UserRoute.get("/token", GetToken);
/**
* @api {delete} /user/token/:id
* @apiParam {String} id The id of the token to be deleted
*
* @apiName UserDeleteToken
*
*
* @apiGroup user
* @apiPermission user
*
* @apiSuccess {Boolean} success
*/
UserRoute.delete("/token/:id", DeleteToken);
/**
* @api {delete} /user/account
* @apiName UserGetAccount
*
* @apiGroup user
* @apiPermission user
*
* @apiSuccess {Boolean} success
* @apiSuccess {Object[]} user
* @apiSuccess {String} user.id User ID
* @apiSuccess {String} user.name Full name of the user
* @apiSuccess {String} user.username Username of user
* @apiSuccess {Date} user.birthday Birthday
* @apiSuccess {Number} user.gender Gender of user (none = 0, male = 1, female = 2, other = 3)
*/
UserRoute.get("/account", GetAccount);
/**
* @api {delete} /user/account
* @apiName UserGetAccount
*
* @apiGroup user
* @apiPermission user
*
* @apiSuccess {Boolean} success
* @apiSuccess {Object} contact
* @apiSuccess {Object[]} user.mail EMail addresses
* @apiSuccess {Object[]} user.phone Phone numbers
*/
UserRoute.get("/contact", GetContactInfos);
UserRoute.use("/oauth", OAuthRoute);
export default UserRoute;
import { Router } from "express";
import Register from "./register";
import OAuthRoute from "./oauth";
const UserRoute: Router = Router();
/**
* @api {post} /user/register
* @apiName UserRegister
*
* @apiGroup user
* @apiPermission none
*
* @apiParam {String} mail EMail linked to this Account
* @apiParam {String} username The new Username
* @apiParam {String} password Password hashed and salted like specification
* @apiParam {String} salt The Salt used for password hashing
* @apiParam {String} regcode The regcode, that should be used
* @apiParam {String} gender Gender can be: "male", "female", "other", "none"
* @apiParam {String} name The real name of the User
*
* @apiSuccess {Boolean} success
*
* @apiErrorExample {Object} Error-Response:
{
error: [
{
message: "Some Error",
field: "username"
}
],
status: 400
}
*/
UserRoute.post("/register", Register);
UserRoute.use("/oauth", OAuthRoute);
export default UserRoute;

134
Backend/src/api/user/login.ts
View File

@ -1,134 +0,0 @@
import { Request, Response } from "express";
import User, { IUser } from "../../models/user";
import { randomBytes } from "crypto";
import moment = require("moment");
import LoginToken from "../../models/login_token";
import promiseMiddleware from "../../helper/promiseMiddleware";
import TwoFactor, { TFATypes, TFANames } from "../../models/twofactor";
import * as crypto from "crypto";
import Logging from "@hibas123/nodelogging";
const Login = promiseMiddleware(async (req: Request, res: Response) => {
let type = req.query.type as string;
if (type === "username") {
let { username, uid } = req.query as { [key: string]: string };
let user = await User.findOne(
username ? { username: username.toLowerCase() } : { uid: uid }
);
if (!user) {
res.json({ error: req.__("User not found") });
} else {
res.json({ salt: user.salt, uid: user.uid });
}
return;
} else if (type === "password") {
const sendToken = async (user: IUser, tfa?: any[]) => {
let ip =
req.headers["x-forwarded-for"] || req.connection.remoteAddress;
let client = {
ip: Array.isArray(ip) ? ip[0] : ip,
browser: req.headers["user-agent"],
};
let token_str = randomBytes(16).toString("hex");
let tfa_exp = moment().add(5, "minutes").toDate();
let token_exp = moment().add(6, "months").toDate();
let token = LoginToken.new({
token: token_str,
valid: true,
validTill: tfa ? tfa_exp : token_exp,
user: user._id,
validated: tfa ? false : true,
...client,
});
await LoginToken.save(token);
let special_str = randomBytes(24).toString("hex");
let special_exp = moment().add(30, "minutes").toDate();
let special = LoginToken.new({
token: special_str,
valid: true,
validTill: tfa ? tfa_exp : special_exp,
special: true,
user: user._id,
validated: tfa ? false : true,
...client,
});
await LoginToken.save(special);
res.json({
login: { token: token_str, expires: token.validTill.toUTCString() },
special: {
token: special_str,
expires: special.validTill.toUTCString(),
},
tfa,
});
};
let { username, password, uid, date } = req.body;
let user = await User.findOne(
username ? { username: username.toLowerCase() } : { uid: uid }
);
if (!user) {
res.json({ error: req.__("User not found") });
} else {
let upw = user.password;
if (date) {
if (
!moment(date).isBetween(
moment().subtract(1, "minute"),
moment().add(1, "minute")
)
) {
res.json({
error: req.__(
"Invalid timestamp. Please check your devices time!"
),
});
return;
} else {
upw = crypto
.createHash("sha512")
.update(upw + date.toString())
.digest("hex");
}
}
if (upw !== password) {
res.json({ error: req.__("Password or username wrong") });
} else {
let twofactor = await TwoFactor.find({
user: user._id,
valid: true,
});
let expired = twofactor.filter((e) =>
e.expires ? moment().isAfter(moment(e.expires)) : false
);
await Promise.all(
expired.map((e) => {
e.valid = false;
return TwoFactor.save(e);
})
);
twofactor = twofactor.filter((e) => e.valid);
if (twofactor && twofactor.length > 0) {
let tfa = twofactor.map((e) => {
return {
id: e._id,
name: e.name || TFANames.get(e.type),
type: e.type,
};
});
await sendToken(user, tfa);
} else {
await sendToken(user);
}
}
}
} else {
res.json({ error: req.__("Invalid type!") });
}
});
export default Login;

76
Backend/src/api/user/oauth/permissions.ts
View File

@ -1,38 +1,38 @@
import { Request, Response } from "express";
import Stacker from "../../middlewares/stacker";
import { GetUserMiddleware } from "../../middlewares/user";
import { URL } from "url";
import Client from "../../../models/client";
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
import { randomBytes } from "crypto";
import moment = require("moment");
import RefreshToken from "../../../models/refresh_token";
import { refreshTokenValidTime } from "../../../config";
import { getClientWithOrigin } from "./_helper";
import Permission from "../../../models/permissions";
export const GetPermissionsForAuthRequest = Stacker(
GetUserMiddleware(true, false),
async (req: Request, res: Response) => {
const { client_id, origin, permissions } = req.query as {
[key: string]: string;
};
const client = await getClientWithOrigin(client_id, origin);
const perm = permissions.split(",").filter((e) => !!e);
const resolved = await Promise.all(
perm.map((p) => Permission.findById(p))
);
if (resolved.some((e) => e.grant_type !== "user")) {
throw new RequestError(
"Invalid Permission requested",
HttpStatusCode.BAD_REQUEST
);
}
res.json({ permissions: resolved });
}
);
import { Request, Response } from "express";
import Stacker from "../../middlewares/stacker";
import { GetUserMiddleware } from "../../middlewares/user";
import { URL } from "url";
import Client from "../../../models/client";
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
import { randomBytes } from "crypto";
import moment = require("moment");
import RefreshToken from "../../../models/refresh_token";
import { refreshTokenValidTime } from "../../../config";
import { getClientWithOrigin } from "./_helper";
import Permission from "../../../models/permissions";
export const GetPermissionsForAuthRequest = Stacker(
GetUserMiddleware(true, false),
async (req: Request, res: Response) => {
const { client_id, origin, permissions } = req.query as {
[key: string]: string;
};
const client = await getClientWithOrigin(client_id, origin);
const perm = permissions.split(",").filter((e) => !!e);
const resolved = await Promise.all(
perm.map((p) => Permission.findById(p))
);
if (resolved.some((e) => e.grant_type !== "user")) {
throw new RequestError(
"Invalid Permission requested",
HttpStatusCode.BAD_REQUEST
);
}
res.json({ permissions: resolved });
}
);

45
Backend/src/api/user/token.ts
View File

@ -1,45 +0,0 @@
import { Request, Response } from "express";
import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user";
import LoginToken, { CheckToken } from "../../models/login_token";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
export const GetToken = Stacker(
GetUserMiddleware(true, true),
async (req: Request, res: Response) => {
let raw_token = await LoginToken.find({
user: req.user._id,
valid: true,
});
let token = await Promise.all(
raw_token
.map(async (token) => {
await CheckToken(token);
return {
id: token._id,
special: token.special,
ip: token.ip,
browser: token.browser,
isthis: token._id.equals(
token.special ? req.token.special._id : req.token.login._id
),
};
})
.filter((t) => t !== undefined)
);
res.json({ token });
}
);
export const DeleteToken = Stacker(
GetUserMiddleware(true, true),
async (req: Request, res: Response) => {
let { id } = req.params;
let token = await LoginToken.findById(id);
if (!token || !token.user.equals(req.user._id))
throw new RequestError("Invalid ID", HttpStatusCode.BAD_REQUEST);
token.valid = false;
await LoginToken.save(token);
res.json({ success: true });
}
);

100
Backend/src/api/user/twofactor/backup/index.ts
View File

@ -1,100 +0,0 @@
import { Router } from "express";
import Stacker from "../../../middlewares/stacker";
import { GetUserMiddleware } from "../../../middlewares/user";
import TwoFactor, {
TFATypes as TwoFATypes,
IBackupCode,
} from "../../../../models/twofactor";
import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
import moment = require("moment");
import { upgradeToken } from "../helper";
import * as crypto from "crypto";
import Logging from "@hibas123/nodelogging";
const BackupCodeRoute = Router();
// TODO: Further checks if this is good enough randomness
function generateCode(length: number) {
let bytes = crypto.randomBytes(length);
let nrs = "";
bytes.forEach((b, idx) => {
let nr = Math.floor((b / 255) * 9.9999);
if (nr > 9) nr = 9;
nrs += String(nr);
});
return nrs;
}
BackupCodeRoute.post(
"/",
Stacker(GetUserMiddleware(true, true), async (req, res) => {
//Generating new
let codes = Array(10).map(() => generateCode(8));
console.log(codes);
let twofactor = TwoFactor.new(<IBackupCode>{
user: req.user._id,
type: TwoFATypes.OTC,
valid: true,
data: codes,
name: "",
});
await TwoFactor.save(twofactor);
res.json({
codes,
id: twofactor._id,
});
})
);
BackupCodeRoute.put(
"/",
Stacker(
GetUserMiddleware(true, false, undefined, false),
async (req, res) => {
let { login, special } = req.token;
let { id, code }: { id: string; code: string } = req.body;
let twofactor: IBackupCode = await TwoFactor.findById(id);
if (
!twofactor ||
!twofactor.valid ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.OTC
) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
code = code.replace(/\s/g, "");
let valid = twofactor.data.find((c) => c === code);
if (valid) {
twofactor.data = twofactor.data.filter((c) => c !== code);
await TwoFactor.save(twofactor);
let [login_exp, special_exp] = await Promise.all([
upgradeToken(login),
upgradeToken(special),
]);
res.json({ success: true, login_exp, special_exp });
} else {
throw new RequestError(
"Invalid or already used code!",
HttpStatusCode.BAD_REQUEST
);
}
}
)
);
export default BackupCodeRoute;

16
Backend/src/api/user/twofactor/helper.ts
View File

@ -1,16 +0,0 @@
import LoginToken, { ILoginToken } from "../../../models/login_token";
import moment = require("moment");
export async function upgradeToken(token: ILoginToken) {
token.data = undefined;
token.valid = true;
token.validated = true;
//TODO durations from config
let expires = (token.special
? moment().add(30, "minute")
: moment().add(6, "months")
).toDate();
token.validTill = expires;
await LoginToken.save(token);
return expires;
}

56
Backend/src/api/user/twofactor/index.ts
View File

@ -1,56 +0,0 @@
import { Router } from "express";
import YubiKeyRoute from "./yubikey";
import { GetUserMiddleware } from "../../middlewares/user";
import Stacker from "../../middlewares/stacker";
import TwoFactor from "../../../models/twofactor";
import * as moment from "moment";
import RequestError, { HttpStatusCode } from "../../../helper/request_error";
import OTCRoute from "./otc";
import BackupCodeRoute from "./backup";
const TwoFactorRouter = Router();
TwoFactorRouter.get(
"/",
Stacker(GetUserMiddleware(true, true), async (req, res) => {
let twofactor = await TwoFactor.find({ user: req.user._id, valid: true });
let expired = twofactor.filter((e) =>
e.expires ? moment().isAfter(moment(e.expires)) : false
);
await Promise.all(
expired.map((e) => {
e.valid = false;
return TwoFactor.save(e);
})
);
twofactor = twofactor.filter((e) => e.valid);
let tfa = twofactor.map((e) => {
return {
id: e._id,
name: e.name,
type: e.type,
};
});
res.json({ methods: tfa });
})
);
TwoFactorRouter.delete(
"/:id",
Stacker(GetUserMiddleware(true, true), async (req, res) => {
let { id } = req.params;
let tfa = await TwoFactor.findById(id);
if (!tfa || !tfa.user.equals(req.user._id)) {
throw new RequestError("Invalid id", HttpStatusCode.BAD_REQUEST);
}
tfa.valid = false;
await TwoFactor.save(tfa);
res.json({ success: true });
})
);
TwoFactorRouter.use("/yubikey", YubiKeyRoute);
TwoFactorRouter.use("/otc", OTCRoute);
TwoFactorRouter.use("/backup", BackupCodeRoute);
export default TwoFactorRouter;

135
Backend/src/api/user/twofactor/otc/index.ts
View File

@ -1,135 +0,0 @@
import { Router } from "express";
import Stacker from "../../../middlewares/stacker";
import { GetUserMiddleware } from "../../../middlewares/user";
import TwoFactor, {
TFATypes as TwoFATypes,
IOTC,
} from "../../../../models/twofactor";
import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
import moment = require("moment");
import { upgradeToken } from "../helper";
import Logging from "@hibas123/nodelogging";
import * as speakeasy from "speakeasy";
import * as qrcode from "qrcode";
import config from "../../../../config";
const OTCRoute = Router();
OTCRoute.post(
"/",
Stacker(GetUserMiddleware(true, true), async (req, res) => {
const { type } = req.query;
if (type === "create") {
//Generating new
let secret = speakeasy.generateSecret({
name: config.core.name,
issuer: config.core.name,
});
let twofactor = TwoFactor.new(<IOTC>{
user: req.user._id,
type: TwoFATypes.OTC,
valid: false,
data: secret.base32,
});
let dataurl = await qrcode.toDataURL(secret.otpauth_url);
await TwoFactor.save(twofactor);
res.json({
image: dataurl,
id: twofactor._id,
});
} else if (type === "validate") {
// Checking code and marking as valid
const { code, id } = req.body;
Logging.debug(req.body, id);
let twofactor: IOTC = await TwoFactor.findById(id);
const err = () => {
throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST);
};
if (
!twofactor ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.OTC ||
!twofactor.data ||
twofactor.valid
) {
Logging.debug("Not found or wrong user", twofactor);
err();
}
if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
await TwoFactor.delete(twofactor);
Logging.debug("Expired!", twofactor);
err();
}
let valid = speakeasy.totp.verify({
secret: twofactor.data,
encoding: "base32",
token: code,
});
if (valid) {
twofactor.expires = undefined;
twofactor.valid = true;
await TwoFactor.save(twofactor);
res.json({ success: true });
} else {
throw new RequestError("Invalid Code!", HttpStatusCode.BAD_REQUEST);
}
} else {
throw new RequestError("Invalid type", HttpStatusCode.BAD_REQUEST);
}
})
);
OTCRoute.put(
"/",
Stacker(
GetUserMiddleware(true, false, undefined, false),
async (req, res) => {
let { login, special } = req.token;
let { id, code } = req.body;
let twofactor: IOTC = await TwoFactor.findById(id);
if (
!twofactor ||
!twofactor.valid ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.OTC
) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
let valid = speakeasy.totp.verify({
secret: twofactor.data,
encoding: "base32",
token: code,
});
if (valid) {
let [login_exp, special_exp] = await Promise.all([
upgradeToken(login),
upgradeToken(special),
]);
res.json({ success: true, login_exp, special_exp });
} else {
throw new RequestError("Invalid Code", HttpStatusCode.BAD_REQUEST);
}
}
)
);
export default OTCRoute;

206
Backend/src/api/user/twofactor/yubikey/index.ts
View File

@ -1,206 +0,0 @@
import { Router, Request } from "express";
import Stacker from "../../../middlewares/stacker";
import { UserMiddleware, GetUserMiddleware } from "../../../middlewares/user";
import * as u2f from "u2f";
import config from "../../../../config";
import TwoFactor, {
TFATypes as TwoFATypes,
IYubiKey,
} from "../../../../models/twofactor";
import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
import moment = require("moment");
import LoginToken from "../../../../models/login_token";
import { upgradeToken } from "../helper";
import Logging from "@hibas123/nodelogging";
const U2FRoute = Router();
/**
* Registerinf a new YubiKey
*/
U2FRoute.post(
"/",
Stacker(GetUserMiddleware(true, true), async (req, res) => {
const { type } = req.query;
if (type === "challenge") {
const registrationRequest = u2f.request(config.core.url);
let twofactor = TwoFactor.new(<IYubiKey>{
user: req.user._id,
type: TwoFATypes.U2F,
valid: false,
data: {
registration: registrationRequest,
},
});
await TwoFactor.save(twofactor);
res.json({
request: registrationRequest,
id: twofactor._id,
appid: config.core.url,
});
} else {
const { response, id } = req.body;
Logging.debug(req.body, id);
let twofactor: IYubiKey = await TwoFactor.findById(id);
const err = () => {
throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST);
};
if (
!twofactor ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.U2F ||
!twofactor.data.registration ||
twofactor.valid
) {
Logging.debug("Not found or wrong user", twofactor);
err();
}
if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
await TwoFactor.delete(twofactor);
Logging.debug("Expired!", twofactor);
err();
}
const result = u2f.checkRegistration(
twofactor.data.registration,
response
);
if (result.successful) {
twofactor.data = {
keyHandle: result.keyHandle,
publicKey: result.publicKey,
};
twofactor.expires = undefined;
twofactor.valid = true;
await TwoFactor.save(twofactor);
res.json({ success: true });
} else {
throw new RequestError(
result.errorMessage,
HttpStatusCode.BAD_REQUEST
);
}
}
})
);
U2FRoute.get(
"/",
Stacker(
GetUserMiddleware(true, false, undefined, false),
async (req, res) => {
let { login, special } = req.token;
let twofactor: IYubiKey = await TwoFactor.findOne({
user: req.user._id,
type: TwoFATypes.U2F,
valid: true,
});
if (!twofactor) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires) {
if (moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
}
let request = u2f.request(config.core.url, twofactor.data.keyHandle);
login.data = {
type: "ykr",
request,
};
let r;
if (special) {
special.data = login.data;
r = LoginToken.save(special);
}
await Promise.all([r, LoginToken.save(login)]);
res.json({ request });
}
)
);
U2FRoute.put(
"/",
Stacker(
GetUserMiddleware(true, false, undefined, false),
async (req, res) => {
let { login, special } = req.token;
let twofactor: IYubiKey = await TwoFactor.findOne({
user: req.user._id,
type: TwoFATypes.U2F,
valid: true,
});
let { response } = req.body;
if (
!twofactor ||
!login.data ||
login.data.type !== "ykr" ||
(special && (!special.data || special.data.type !== "ykr"))
) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
let login_exp;
let special_exp;
let result = u2f.checkSignature(
login.data.request,
response,
twofactor.data.publicKey
);
if (result.successful) {
if (special) {
let result = u2f.checkSignature(
special.data.request,
response,
twofactor.data.publicKey
);
if (result.successful) {
special_exp = await upgradeToken(special);
} else {
throw new RequestError(
result.errorMessage,
HttpStatusCode.BAD_REQUEST
);
}
}
login_exp = await upgradeToken(login);
} else {
throw new RequestError(
result.errorMessage,
HttpStatusCode.BAD_REQUEST
);
}
res.json({ success: true, login_exp, special_exp });
}
)
);
export default U2FRoute;