OpenServer
/
OpenAuth_server
1
1
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Running prettier
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Fabian Stamm 2020-08-07 16:16:39 +02:00
parent 77fedd2815
commit 51a8609880
87 changed files with 4000 additions and 2812 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apidoc.json
View File

@ -1,6 +1,6 @@
{ {
"name": "openauth", "name": "openauth",
"description": "Open Auth REST API", "description": "Open Auth REST API",
"title": "Open Auth REST", "title": "Open Auth REST",
"url": "/api" "url": "/api"
} }

82
locales/de.json
View File

@ -1,42 +1,42 @@
{ {
"User not found": "Benutzer nicht gefunden", "User not found": "Benutzer nicht gefunden",
"Password or username wrong": "Passwort oder Benutzername falsch", "Password or username wrong": "Passwort oder Benutzername falsch",
"Authorize %s": "Authorize %s", "Authorize %s": "Authorize %s",
"Login": "Einloggen", "Login": "Einloggen",
"You are not logged in or your login is expired": "Du bist nicht länger angemeldet oder deine Anmeldung ist abgelaufen.", "You are not logged in or your login is expired": "Du bist nicht länger angemeldet oder deine Anmeldung ist abgelaufen.",
"Username or Email": "Benutzername oder Email", "Username or Email": "Benutzername oder Email",
"Password": "Passwort", "Password": "Passwort",
"Next": "Weiter", "Next": "Weiter",
"Register": "Registrieren", "Register": "Registrieren",
"Mail": "Mail", "Mail": "Mail",
"Repeat Password": "Passwort wiederholen", "Repeat Password": "Passwort wiederholen",
"Username": "Benutzername", "Username": "Benutzername",
"Name": "Name", "Name": "Name",
"Registration code": "Registrierungs Schlüssel", "Registration code": "Registrierungs Schlüssel",
"You need to select one of the options": "Du musst eine der Optionen auswälen", "You need to select one of the options": "Du musst eine der Optionen auswälen",
"Male": "Mann", "Male": "Mann",
"Female": "Frau", "Female": "Frau",
"Other": "Anderes", "Other": "Anderes",
"Registration code required": "Registrierungs Schlüssel benötigt", "Registration code required": "Registrierungs Schlüssel benötigt",
"Username required": "Benutzername benötigt", "Username required": "Benutzername benötigt",
"Name required": "Name benötigt", "Name required": "Name benötigt",
"Mail required": "Mail benötigt", "Mail required": "Mail benötigt",
"The passwords do not match": "Die Passwörter stimmen nicht überein", "The passwords do not match": "Die Passwörter stimmen nicht überein",
"Password is required": "Password benötigt", "Password is required": "Password benötigt",
"Invalid registration code": "Ungültiger Registrierungs Schlüssel", "Invalid registration code": "Ungültiger Registrierungs Schlüssel",
"Username taken": "Benutzername nicht verfügbar", "Username taken": "Benutzername nicht verfügbar",
"Mail linked with other account": "Mail ist bereits mit einem anderen Account verbunden", "Mail linked with other account": "Mail ist bereits mit einem anderen Account verbunden",
"Registration code already used": "Registrierungs Schlüssel wurde bereits verwendet", "Registration code already used": "Registrierungs Schlüssel wurde bereits verwendet",
"Administration": "Administration", "Administration": "Administration",
"Field {{field}} is not defined": "Feld {{field}} fehlt", "Field {{field}} is not defined": "Feld {{field}} fehlt",
"Field {{field}} has wrong type. It should be from type {{type}}": "Feld {{field}} hat den falschen Typ. Es sollte vom Typ {{type}} sein", "Field {{field}} has wrong type. It should be from type {{type}}": "Feld {{field}} hat den falschen Typ. Es sollte vom Typ {{type}} sein",
"Client has no permission for acces password auth": "Dieser Client hat keine Berechtigung password auth zu benutzen", "Client has no permission for acces password auth": "Dieser Client hat keine Berechtigung password auth zu benutzen",
"Invalid token": "Ungültiger Token", "Invalid token": "Ungültiger Token",
"By clicking on ALLOW, you allow this app to access the requested recources.": "Wenn sie ALLOW drücken, berechtigen sie die Applikation die beantragten Resourcen zu benutzen.", "By clicking on ALLOW, you allow this app to access the requested recources.": "Wenn sie ALLOW drücken, berechtigen sie die Applikation die beantragten Resourcen zu benutzen.",
"User": "User", "User": "User",
"No special token": "No special token", "No special token": "No special token",
"Login token invalid": "Login token invalid", "Login token invalid": "Login token invalid",
"No login token": "No login token", "No login token": "No login token",
"You are not logged in or your login is expired (Login token invalid)": "You are not logged in or your login is expired (Login token invalid)", "You are not logged in or your login is expired (Login token invalid)": "You are not logged in or your login is expired (Login token invalid)",
"You are not logged in or your login is expired (No special token)": "You are not logged in or your login is expired (No special token)" "You are not logged in or your login is expired (No special token)": "You are not logged in or your login is expired (No special token)"
} }

32
locales/en.json
View File

@ -1,17 +1,17 @@
{ {
"Login": "Login", "Login": "Login",
"Username or Email": "Username or Email", "Username or Email": "Username or Email",
"Password": "Password", "Password": "Password",
"Next": "Next", "Next": "Next",
"Invalid code": "Invalid code", "Invalid code": "Invalid code",
"You are not logged in or your login is expired": "You are not logged in or your login is expired", "You are not logged in or your login is expired": "You are not logged in or your login is expired",
"User not found": "User not found", "User not found": "User not found",
"No special token": "No special token", "No special token": "No special token",
"You are not logged in or your login is expired(No special token)": "You are not logged in or your login is expired(No special token)", "You are not logged in or your login is expired(No special token)": "You are not logged in or your login is expired(No special token)",
"Special token invalid": "Special token invalid", "Special token invalid": "Special token invalid",
"You are not logged in or your login is expired(Special token invalid)": "You are not logged in or your login is expired(Special token invalid)", "You are not logged in or your login is expired(Special token invalid)": "You are not logged in or your login is expired(Special token invalid)",
"No login token": "No login token", "No login token": "No login token",
"Login token invalid": "Login token invalid", "Login token invalid": "Login token invalid",
"Authorize %s": "Authorize %s", "Authorize %s": "Authorize %s",
"By clicking on ALLOW, you allow this app to access the requested recources.": "By clicking on ALLOW, you allow this app to access the requested recources." "By clicking on ALLOW, you allow this app to access the requested recources.": "By clicking on ALLOW, you allow this app to access the requested recources."
} }

6
package-lock.json generated
View File

@ -2361,6 +2361,12 @@
"integrity": "sha1-1PRWKwzjaW5BrFLQ4ALlemNdxtw=", "integrity": "sha1-1PRWKwzjaW5BrFLQ4ALlemNdxtw=",
"dev": true "dev": true
}, },
"prettier": {
"version": "2.0.5",
"resolved": "https://npm.hibas123.de/prettier/-/prettier-2.0.5.tgz",
"integrity": "sha512-7PtVymN48hGcO4fGjybyBSIWDsLU4H4XlvOHfq91pz9kkGlonzwTfYkaIEwiRg/dAJF9YlbsduBAgtYLi+8cFg==",
"dev": true
},
"process-nextick-args": { "process-nextick-args": {
"version": "2.0.1", "version": "2.0.1",
"resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",

4
package.json
View File

@ -19,7 +19,8 @@
"watch-views": "cd views && npm run watch", "watch-views": "cd views && npm run watch",
"install-views_repo": "git submodule init && git submodule update && cd views_repo && npm install ", "install-views_repo": "git submodule init && git submodule update && cd views_repo && npm install ",
"build-views_repo": "cd views_repo && npm run build", "build-views_repo": "cd views_repo && npm run build",
"watch-views_repo": "cd views_repo && npm run dev" "watch-views_repo": "cd views_repo && npm run dev",
"format": "prettier --write ."
}, },
"pipelines": { "pipelines": {
"install": [ "install": [
@ -47,6 +48,7 @@
"apidoc": "^0.20.0", "apidoc": "^0.20.0",
"concurrently": "^5.1.0", "concurrently": "^5.1.0",
"nodemon": "^2.0.2", "nodemon": "^2.0.2",
"prettier": "^2.0.5",
"typescript": "^3.8.3" "typescript": "^3.8.3"
}, },
"dependencies": { "dependencies": {

178
src/api/admin/client.ts
View File

@ -5,16 +5,15 @@ import Client from "../../models/client";
import verify, { Types } from "../middlewares/verify"; import verify, { Types } from "../middlewares/verify";
import { randomBytes } from "crypto"; import { randomBytes } from "crypto";
const ClientRouter: Router = Router(); const ClientRouter: Router = Router();
ClientRouter.route("/") ClientRouter.route("/")
/** /**
* @api {get} /admin/client * @api {get} /admin/client
* @apiName AdminGetClients * @apiName AdminGetClients
* *
* @apiGroup admin_client * @apiGroup admin_client
* @apiPermission admin * @apiPermission admin
* *
* @apiSuccess {Object[]} clients * @apiSuccess {Object[]} clients
* @apiSuccess {String} clients._id The internally used id * @apiSuccess {String} clients._id The internally used id
* @apiSuccess {String} clients.maintainer * @apiSuccess {String} clients.maintainer
@ -26,24 +25,26 @@ ClientRouter.route("/")
* @apiSuccess {String} clients.client_id Client ID used outside of DB * @apiSuccess {String} clients.client_id Client ID used outside of DB
* @apiSuccess {String} clients.client_secret * @apiSuccess {String} clients.client_secret
*/ */
.get(promiseMiddleware(async (req, res) => { .get(
let clients = await Client.find({}); promiseMiddleware(async (req, res) => {
//ToDo check if user is required! let clients = await Client.find({});
res.json(clients); //ToDo check if user is required!
})) res.json(clients);
})
)
/** /**
* @api {get} /admin/client * @api {get} /admin/client
* @apiName AdminAddClients * @apiName AdminAddClients
* *
* @apiGroup admin_client * @apiGroup admin_client
* @apiPermission admin * @apiPermission admin
* *
* @apiParam {Boolean} internal Is it an internal app * @apiParam {Boolean} internal Is it an internal app
* @apiParam {String} name * @apiParam {String} name
* @apiParam {String} redirect_url * @apiParam {String} redirect_url
* @apiParam {String} website * @apiParam {String} website
* @apiParam {String} logo * @apiParam {String} logo
* *
* @apiSuccess {Object[]} clients * @apiSuccess {Object[]} clients
* @apiSuccess {String} clients._id The internally used id * @apiSuccess {String} clients._id The internally used id
* @apiSuccess {String} clients.maintainer * @apiSuccess {String} clients.maintainer
@ -55,62 +56,70 @@ ClientRouter.route("/")
* @apiSuccess {String} clients.client_id Client ID used outside of DB * @apiSuccess {String} clients.client_id Client ID used outside of DB
* @apiSuccess {String} clients.client_secret * @apiSuccess {String} clients.client_secret
*/ */
.post(verify({ .post(
internal: { verify(
type: Types.BOOLEAN, {
optional: true internal: {
}, type: Types.BOOLEAN,
name: { optional: true,
type: Types.STRING },
}, name: {
redirect_url: { type: Types.STRING,
type: Types.STRING },
}, redirect_url: {
website: { type: Types.STRING,
type: Types.STRING },
}, website: {
logo: { type: Types.STRING,
type: Types.STRING, },
optional: true logo: {
} type: Types.STRING,
}, true), promiseMiddleware(async (req, res) => { optional: true,
req.body.client_secret = randomBytes(32).toString("hex"); },
let client = Client.new(req.body); },
client.maintainer = req.user._id; true
await Client.save(client) ),
res.json(client); promiseMiddleware(async (req, res) => {
})) req.body.client_secret = randomBytes(32).toString("hex");
let client = Client.new(req.body);
client.maintainer = req.user._id;
await Client.save(client);
res.json(client);
})
);
ClientRouter.route("/:id") ClientRouter.route("/:id")
/** /**
* @api {delete} /admin/client/:id * @api {delete} /admin/client/:id
* @apiParam {String} id Client _id * @apiParam {String} id Client _id
* @apiName AdminDeleteClient * @apiName AdminDeleteClient
* *
* @apiGroup admin_client * @apiGroup admin_client
* @apiPermission admin * @apiPermission admin
* *
* @apiSuccess {Boolean} success * @apiSuccess {Boolean} success
*/ */
.delete(promiseMiddleware(async (req, res) => { .delete(
let { id } = req.params; promiseMiddleware(async (req, res) => {
await Client.delete(id); let { id } = req.params;
res.json({ success: true }); await Client.delete(id);
})) res.json({ success: true });
})
)
/** /**
* @api {put} /admin/client/:id * @api {put} /admin/client/:id
* @apiParam {String} id Client _id * @apiParam {String} id Client _id
* @apiName AdminUpdateClient * @apiName AdminUpdateClient
* *
* @apiGroup admin_client * @apiGroup admin_client
* @apiPermission admin * @apiPermission admin
* *
* @apiParam {Boolean} internal Is it an internal app * @apiParam {Boolean} internal Is it an internal app
* @apiParam {String} name * @apiParam {String} name
* @apiParam {String} redirect_url * @apiParam {String} redirect_url
* @apiParam {String} website * @apiParam {String} website
* @apiParam {String} logo * @apiParam {String} logo
* *
* @apiSuccess {String} _id The internally used id * @apiSuccess {String} _id The internally used id
* @apiSuccess {String} maintainer UserID of client maintainer * @apiSuccess {String} maintainer UserID of client maintainer
* @apiSuccess {Boolean} internal Defines if it is a internal client * @apiSuccess {Boolean} internal Defines if it is a internal client
@ -118,40 +127,49 @@ ClientRouter.route("/:id")
* @apiSuccess {String} redirect_url Redirect URL after login * @apiSuccess {String} redirect_url Redirect URL after login
* @apiSuccess {String} website Website of Client * @apiSuccess {String} website Website of Client
* @apiSuccess {String} logo The Logo of the Client (optional) * @apiSuccess {String} logo The Logo of the Client (optional)
* @apiSuccess {String} client_id Client ID used outside of DB * @apiSuccess {String} client_id Client ID used outside of DB
* @apiSuccess {String} client_secret The client secret, that can be used to obtain token * @apiSuccess {String} client_secret The client secret, that can be used to obtain token
*/ */
.put(verify({ .put(
internal: { verify(
type: Types.BOOLEAN, {
optional: true internal: {
}, type: Types.BOOLEAN,
name: { optional: true,
type: Types.STRING, },
optional: true name: {
}, type: Types.STRING,
redirect_url: { optional: true,
type: Types.STRING, },
optional: true redirect_url: {
}, type: Types.STRING,
website: { optional: true,
type: Types.STRING, },
optional: true website: {
}, type: Types.STRING,
logo: { optional: true,
type: Types.STRING, },
optional: true logo: {
} type: Types.STRING,
}, true), promiseMiddleware(async (req, res) => { optional: true,
let { id } = req.query; },
let client = await Client.findById(id); },
if (!client) throw new RequestError(req.__("Client not found"), HttpStatusCode.BAD_REQUEST); true
for (let key in req.body) { ),
client[key] = req.body[key]; promiseMiddleware(async (req, res) => {
} let { id } = req.query;
await Client.save(client); let client = await Client.findById(id);
res.json(client); if (!client)
})) throw new RequestError(
req.__("Client not found"),
HttpStatusCode.BAD_REQUEST
);
for (let key in req.body) {
client[key] = req.body[key];
}
await Client.save(client);
res.json(client);
})
);
export default ClientRouter;
export default ClientRouter;

14
src/api/admin/index.ts
View File

@ -9,12 +9,16 @@ import RequestError, { HttpStatusCode } from "../../helper/request_error";
const AdminRoute: Router = Router(); const AdminRoute: Router = Router();
AdminRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => { AdminRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
if (!req.isAdmin) throw new RequestError("You have no permission to access this API", HttpStatusCode.FORBIDDEN); if (!req.isAdmin)
else next() throw new RequestError(
"You have no permission to access this API",
HttpStatusCode.FORBIDDEN
);
else next();
}); });
AdminRoute.use("/client", ClientRoute); AdminRoute.use("/client", ClientRoute);
AdminRoute.use("/regcode", RegCodeRoute) AdminRoute.use("/regcode", RegCodeRoute);
AdminRoute.use("/user", UserRoute) AdminRoute.use("/user", UserRoute);
AdminRoute.use("/permission", PermissionRoute); AdminRoute.use("/permission", PermissionRoute);
export default AdminRoute; export default AdminRoute;

12
src/api/admin/permission.ts
View File

@ -56,18 +56,18 @@ PermissionRoute.route("/")
verify( verify(
{ {
client: { client: {
type: Types.STRING type: Types.STRING,
}, },
name: { name: {
type: Types.STRING type: Types.STRING,
}, },
description: { description: {
type: Types.STRING type: Types.STRING,
}, },
type: { type: {
type: Types.ENUM, type: Types.ENUM,
values: ["user", "client"] values: ["user", "client"],
} },
}, },
true true
), ),
@ -83,7 +83,7 @@ PermissionRoute.route("/")
description: req.body.description, description: req.body.description,
name: req.body.name, name: req.body.name,
client: client._id, client: client._id,
grant_type: req.body.type grant_type: req.body.type,
}); });
await Permission.save(permission); await Permission.save(permission);
res.json(permission); res.json(permission);

60
src/api/admin/regcode.ts
View File

@ -10,54 +10,60 @@ const RegCodeRoute: Router = Router();
RegCodeRoute.route("/") RegCodeRoute.route("/")
/** /**
* @api {get} /admin/regcode * @api {get} /admin/regcode
* @apiName AdminGetRegcodes * @apiName AdminGetRegcodes
* *
* @apiGroup admin_regcode * @apiGroup admin_regcode
* @apiPermission admin * @apiPermission admin
* *
* @apiSuccess {Object[]} regcodes * @apiSuccess {Object[]} regcodes
* @apiSuccess {String} permissions._id The ID * @apiSuccess {String} permissions._id The ID
* @apiSuccess {String} permissions.token The Regcode Token * @apiSuccess {String} permissions.token The Regcode Token
* @apiSuccess {String} permissions.valid Defines if the Regcode is valid * @apiSuccess {String} permissions.valid Defines if the Regcode is valid
* @apiSuccess {String} permissions.validTill Expiration date of RegCode * @apiSuccess {String} permissions.validTill Expiration date of RegCode
*/ */
.get(promiseMiddleware(async (req, res) => { .get(
let regcodes = await RegCode.find({}); promiseMiddleware(async (req, res) => {
res.json(regcodes); let regcodes = await RegCode.find({});
})) res.json(regcodes);
})
)
/** /**
* @api {delete} /admin/regcode * @api {delete} /admin/regcode
* @apiName AdminDeleteRegcode * @apiName AdminDeleteRegcode
* *
* @apiParam {String} id The id of the RegCode * @apiParam {String} id The id of the RegCode
* *
* @apiGroup admin_regcode * @apiGroup admin_regcode
* @apiPermission admin * @apiPermission admin
* *
* @apiSuccess {Boolean} success * @apiSuccess {Boolean} success
*/ */
.delete(promiseMiddleware(async (req, res) => { .delete(
let { id } = req.query; promiseMiddleware(async (req, res) => {
await RegCode.delete(id); let { id } = req.query;
res.json({ success: true }); await RegCode.delete(id);
})) res.json({ success: true });
})
)
/** /**
* @api {post} /admin/regcode * @api {post} /admin/regcode
* @apiName AdminAddRegcode * @apiName AdminAddRegcode
* *
* @apiGroup admin_regcode * @apiGroup admin_regcode
* @apiPermission admin * @apiPermission admin
* *
* @apiSuccess {String} code The newly created code * @apiSuccess {String} code The newly created code
*/ */
.post(promiseMiddleware(async (req, res) => { .post(
let regcode = RegCode.new({ promiseMiddleware(async (req, res) => {
token: randomBytes(10).toString("hex"), let regcode = RegCode.new({
valid: true, token: randomBytes(10).toString("hex"),
validTill: moment().add("1", "month").toDate() valid: true,
validTill: moment().add("1", "month").toDate(),
});
await RegCode.save(regcode);
res.json({ code: regcode.token });
}) })
await RegCode.save(regcode); );
res.json({ code: regcode.token });
}))
export default RegCodeRoute; export default RegCodeRoute;

92
src/api/admin/user.ts
View File

@ -9,15 +9,15 @@ import LoginToken from "../../models/login_token";
const UserRoute: Router = Router(); const UserRoute: Router = Router();
UserRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => { UserRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN) if (!req.isAdmin) res.sendStatus(HttpStatusCode.FORBIDDEN);
else next() else next();
}) });
UserRoute.route("/") UserRoute.route("/")
/** /**
* @api {get} /admin/user * @api {get} /admin/user
* @apiName AdminGetUsers * @apiName AdminGetUsers
* *
* @apiGroup admin_user * @apiGroup admin_user
* @apiPermission admin * @apiPermission admin
* @apiSuccess {Object[]} user * @apiSuccess {Object[]} user
@ -29,57 +29,65 @@ UserRoute.route("/")
* @apiSuccess {Number} user.gender 0 = none, 1 = male, 2 = female, 3 = other * @apiSuccess {Number} user.gender 0 = none, 1 = male, 2 = female, 3 = other
* @apiSuccess {Boolean} user.admin Is admin or not * @apiSuccess {Boolean} user.admin Is admin or not
*/ */
.get(promiseMiddleware(async (req, res) => { .get(
let users = await User.find({}); promiseMiddleware(async (req, res) => {
users.forEach(e => delete e.password && delete e.salt && delete e.encryption_key); let users = await User.find({});
res.json(users); users.forEach(
})) (e) => delete e.password && delete e.salt && delete e.encryption_key
);
res.json(users);
})
)
/** /**
* @api {delete} /admin/user * @api {delete} /admin/user
* @apiName AdminDeleteUser * @apiName AdminDeleteUser
* *
* @apiParam {String} id The User ID * @apiParam {String} id The User ID
* *
* @apiGroup admin_user * @apiGroup admin_user
* @apiPermission admin * @apiPermission admin
* *
* @apiSuccess {Boolean} success * @apiSuccess {Boolean} success
*/ */
.delete(promiseMiddleware(async (req, res) => { .delete(
let { id } = req.query; promiseMiddleware(async (req, res) => {
let user = await User.findById(id); let { id } = req.query;
let user = await User.findById(id);
await Promise.all([ await Promise.all([
user.mails.map(mail => Mail.delete(mail)), user.mails.map((mail) => Mail.delete(mail)),
[ [
RefreshToken.deleteFilter({ user: user._id }), RefreshToken.deleteFilter({ user: user._id }),
LoginToken.deleteFilter({ user: user._id }) LoginToken.deleteFilter({ user: user._id }),
] ],
]) ]);
await User.delete(user); await User.delete(user);
res.json({ success: true }); res.json({ success: true });
})) })
)
/** /**
* @api {put} /admin/user * @api {put} /admin/user
* @apiName AdminChangeUser * @apiName AdminChangeUser
* *
* @apiParam {String} id The User ID * @apiParam {String} id The User ID
* *
* @apiGroup admin_user * @apiGroup admin_user
* @apiPermission admin * @apiPermission admin
* *
* @apiSuccess {Boolean} success * @apiSuccess {Boolean} success
* *
* @apiDescription Flipps the user role: * @apiDescription Flipps the user role:
* admin -> user * admin -> user
* user -> admin * user -> admin
*/ */
.put(promiseMiddleware(async (req, res) => { .put(
let { id } = req.query; promiseMiddleware(async (req, res) => {
let user = await User.findById(id); let { id } = req.query;
user.admin = !user.admin; let user = await User.findById(id);
await User.save(user); user.admin = !user.admin;
res.json({ success: true }) await User.save(user);
})) res.json({ success: true });
export default UserRoute; })
);
export default UserRoute;

94
src/api/client/index.ts
View File

@ -1,6 +1,9 @@
import { Request, Response, Router } from "express" import { Request, Response, Router } from "express";
import Stacker from "../middlewares/stacker"; import Stacker from "../middlewares/stacker";
import { GetClientAuthMiddleware, GetClientApiAuthMiddleware } from "../middlewares/client"; import {
GetClientAuthMiddleware,
GetClientApiAuthMiddleware,
} from "../middlewares/client";
import { GetUserMiddleware } from "../middlewares/user"; import { GetUserMiddleware } from "../middlewares/user";
import { createJWT } from "../../keys"; import { createJWT } from "../../keys";
import Client from "../../models/client"; import Client from "../../models/client";
@ -8,55 +11,74 @@ import RequestError, { HttpStatusCode } from "../../helper/request_error";
import config from "../../config"; import config from "../../config";
import Mail from "../../models/mail"; import Mail from "../../models/mail";
const ClientRouter = Router(); const ClientRouter = Router();
/** /**
* @api {get} /client/user * @api {get} /client/user
* *
* @apiDescription Can be used for simple authentication of user. It will redirect the user to the redirect URI with a very short lived jwt. * @apiDescription Can be used for simple authentication of user. It will redirect the user to the redirect URI with a very short lived jwt.
* *
* @apiParam {String} redirect_uri URL to redirect to on success * @apiParam {String} redirect_uri URL to redirect to on success
* @apiParam {String} state A optional state, that will be included in the JWT and redirect_uri as parameter * @apiParam {String} state A optional state, that will be included in the JWT and redirect_uri as parameter
* *
* @apiName ClientUser * @apiName ClientUser
* @apiGroup client * @apiGroup client
* *
* @apiPermission user_client Requires ClientID and Authenticated User * @apiPermission user_client Requires ClientID and Authenticated User
*/ */
ClientRouter.get("/user", Stacker(GetClientAuthMiddleware(false), GetUserMiddleware(false, false), async (req: Request, res: Response) => { ClientRouter.get(
let { redirect_uri, state } = req.query; "/user",
Stacker(
GetClientAuthMiddleware(false),
GetUserMiddleware(false, false),
async (req: Request, res: Response) => {
let { redirect_uri, state } = req.query;
if (redirect_uri !== req.client.redirect_url) if (redirect_uri !== req.client.redirect_url)
throw new RequestError("Invalid redirect URI", HttpStatusCode.BAD_REQUEST); throw new RequestError(
"Invalid redirect URI",
HttpStatusCode.BAD_REQUEST
);
let jwt = await createJWT({ let jwt = await createJWT(
client: req.client.client_id, {
uid: req.user.uid, client: req.client.client_id,
username: req.user.username, uid: req.user.uid,
state: state username: req.user.username,
}, { state: state,
expiresIn: 30, },
issuer: config.core.url, {
algorithm: "RS256", expiresIn: 30,
subject: req.user.uid, issuer: config.core.url,
audience: req.client.client_id algorithm: "RS256",
}); //after 30 seconds this token is invalid subject: req.user.uid,
res.redirect(redirect_uri + "?jwt=" + jwt + (state ? `&state=${state}` : "")); audience: req.client.client_id,
})); }
); //after 30 seconds this token is invalid
ClientRouter.get("/account", Stacker(GetClientApiAuthMiddleware(), async (req: Request, res) => { res.redirect(
let mails = await Promise.all(req.user.mails.map(id => Mail.findById(id))); redirect_uri + "?jwt=" + jwt + (state ? `&state=${state}` : "")
);
let mail = mails.find(e => e.primary) || mails[0];
res.json({
user: {
username: req.user.username,
name: req.user.name,
email: mail
} }
)
);
ClientRouter.get(
"/account",
Stacker(GetClientApiAuthMiddleware(), async (req: Request, res) => {
let mails = await Promise.all(
req.user.mails.map((id) => Mail.findById(id))
);
let mail = mails.find((e) => e.primary) || mails[0];
res.json({
user: {
username: req.user.username,
name: req.user.name,
email: mail,
},
});
}) })
})); );
export default ClientRouter; export default ClientRouter;

24
src/api/client/permissions.ts
View File

@ -2,7 +2,7 @@ import { Request, Response } from "express";
import Stacker from "../middlewares/stacker"; import Stacker from "../middlewares/stacker";
import { import {
ClientAuthMiddleware, ClientAuthMiddleware,
GetClientAuthMiddleware GetClientAuthMiddleware,
} from "../middlewares/client"; } from "../middlewares/client";
import Permission from "../../models/permissions"; import Permission from "../../models/permissions";
import User from "../../models/user"; import User from "../../models/user";
@ -22,19 +22,19 @@ export const GetPermissions = Stacker(
if (user) { if (user) {
const grant = await Grant.findOne({ const grant = await Grant.findOne({
client: req.client._id, client: req.client._id,
user: user user: user,
}); });
permissions = await Promise.all( permissions = await Promise.all(
grant.permissions.map(perm => Permission.findById(perm)) grant.permissions.map((perm) => Permission.findById(perm))
).then(res => ).then((res) =>
res res
.filter(e => e.grant_type === "client") .filter((e) => e.grant_type === "client")
.map(e => { .map((e) => {
return { return {
id: e._id.toHexString(), id: e._id.toHexString(),
name: e.name, name: e.name,
description: e.description description: e.description,
}; };
}) })
); );
@ -43,10 +43,10 @@ export const GetPermissions = Stacker(
if (permission) { if (permission) {
const grants = await Grant.find({ const grants = await Grant.find({
client: req.client._id, client: req.client._id,
permissions: new ObjectID(permission) permissions: new ObjectID(permission),
}); });
users = grants.map(grant => grant.user.toHexString()); users = grants.map((grant) => grant.user.toHexString());
} }
res.json({ permissions, users }); res.json({ permissions, users });
@ -73,14 +73,14 @@ export const PostPermissions = Stacker(
let grant = await Grant.findOne({ let grant = await Grant.findOne({
client: req.client._id, client: req.client._id,
user: req.user._id user: req.user._id,
}); });
if (!grant) { if (!grant) {
grant = Grant.new({ grant = Grant.new({
client: req.client._id, client: req.client._id,
user: req.user._id, user: req.user._id,
permissions: [] permissions: [],
}); });
} }
@ -92,7 +92,7 @@ export const PostPermissions = Stacker(
await Grant.save(grant); await Grant.save(grant);
res.json({ res.json({
success: true success: true,
}); });
} }
); );

6
src/api/index.ts
View File

@ -1,4 +1,4 @@
import * as express from "express" import * as express from "express";
import AdminRoute from "./admin"; import AdminRoute from "./admin";
import UserRoute from "./user"; import UserRoute from "./user";
import InternalRoute from "./internal"; import InternalRoute from "./internal";
@ -9,7 +9,7 @@ import OAuthRoute from "./oauth";
const ApiRouter: express.IRouter = express.Router(); const ApiRouter: express.IRouter = express.Router();
ApiRouter.use("/admin", AdminRoute); ApiRouter.use("/admin", AdminRoute);
ApiRouter.use(cors()) ApiRouter.use(cors());
ApiRouter.use("/user", UserRoute); ApiRouter.use("/user", UserRoute);
ApiRouter.use("/internal", InternalRoute); ApiRouter.use("/internal", InternalRoute);
ApiRouter.use("/oauth", OAuthRoute); ApiRouter.use("/oauth", OAuthRoute);
@ -22,4 +22,4 @@ ApiRouter.use("/", ClientRouter);
// Legacy reasons (deprecated) // Legacy reasons (deprecated)
ApiRouter.post("/login", Login); ApiRouter.post("/login", Login);
export default ApiRouter; export default ApiRouter;

12
src/api/internal/index.ts
View File

@ -6,10 +6,10 @@ const InternalRoute: Router = Router();
/** /**
* @api {get} /internal/oauth * @api {get} /internal/oauth
* @apiName ClientInteralOAuth * @apiName ClientInteralOAuth
* *
* @apiGroup client_internal * @apiGroup client_internal
* @apiPermission client_internal Only ClientID * @apiPermission client_internal Only ClientID
* *
* @apiParam {String} redirect_uri Redirect URI called after success * @apiParam {String} redirect_uri Redirect URI called after success
* @apiParam {String} state State will be set in RedirectURI for the client to check * @apiParam {String} state State will be set in RedirectURI for the client to check
*/ */
@ -18,13 +18,13 @@ InternalRoute.get("/oauth", OAuthInternalApp);
/** /**
* @api {post} /internal/password * @api {post} /internal/password
* @apiName ClientInteralPassword * @apiName ClientInteralPassword
* *
* @apiGroup client_internal * @apiGroup client_internal
* @apiPermission client_internal Requires ClientID and Secret * @apiPermission client_internal Requires ClientID and Secret
* *
* @apiParam {String} username Username (either username or UID) * @apiParam {String} username Username (either username or UID)
* @apiParam {String} uid User ID (either username or UID) * @apiParam {String} uid User ID (either username or UID)
* @apiParam {String} password Hashed and Salted according to specification * @apiParam {String} password Hashed and Salted according to specification
*/ */
InternalRoute.post("/password", PasswordAuth) InternalRoute.post("/password", PasswordAuth);
export default InternalRoute; export default InternalRoute;

24
src/api/internal/oauth.ts
View File

@ -6,11 +6,16 @@ import RequestError, { HttpStatusCode } from "../../helper/request_error";
import ClientCode from "../../models/client_code"; import ClientCode from "../../models/client_code";
import moment = require("moment"); import moment = require("moment");
import { randomBytes } from "crypto"; import { randomBytes } from "crypto";
export const OAuthInternalApp = Stacker(GetClientAuthMiddleware(false, true), UserMiddleware, export const OAuthInternalApp = Stacker(
GetClientAuthMiddleware(false, true),
UserMiddleware,
async (req: Request, res: Response) => { async (req: Request, res: Response) => {
let { redirect_uri, state } = req.query let { redirect_uri, state } = req.query;
if (!redirect_uri) { if (!redirect_uri) {
throw new RequestError("No redirect url set!", HttpStatusCode.BAD_REQUEST); throw new RequestError(
"No redirect url set!",
HttpStatusCode.BAD_REQUEST
);
} }
let sep = redirect_uri.indexOf("?") < 0 ? "?" : "&"; let sep = redirect_uri.indexOf("?") < 0 ? "?" : "&";
@ -20,10 +25,17 @@ export const OAuthInternalApp = Stacker(GetClientAuthMiddleware(false, true), Us
client: req.client._id, client: req.client._id,
validTill: moment().add(30, "minutes").toDate(), validTill: moment().add(30, "minutes").toDate(),
code: randomBytes(16).toString("hex"), code: randomBytes(16).toString("hex"),
permissions: [] permissions: [],
}); });
await ClientCode.save(code); await ClientCode.save(code);
res.redirect(redirect_uri + sep + "code=" + code.code + (state ? "&state=" + state : "")); res.redirect(
redirect_uri +
sep +
"code=" +
code.code +
(state ? "&state=" + state : "")
);
res.end(); res.end();
}); }
);

44
src/api/internal/password.ts
View File

@ -4,22 +4,32 @@ import Stacker from "../middlewares/stacker";
import RequestError, { HttpStatusCode } from "../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../helper/request_error";
import User from "../../models/user"; import User from "../../models/user";
const PasswordAuth = Stacker(GetClientAuthMiddleware(true, true), async (req: Request, res: Response) => { const PasswordAuth = Stacker(
let { username, password, uid }: { username: string, password: string, uid: string } = req.body; GetClientAuthMiddleware(true, true),
let query: any = { password: password }; async (req: Request, res: Response) => {
if (username) { let {
query.username = username.toLowerCase() username,
} else if (uid) { password,
query.uid = uid; uid,
} else { }: { username: string; password: string; uid: string } = req.body;
throw new RequestError(req.__("No username or uid set"), HttpStatusCode.BAD_REQUEST); let query: any = { password: password };
} if (username) {
query.username = username.toLowerCase();
} else if (uid) {
query.uid = uid;
} else {
throw new RequestError(
req.__("No username or uid set"),
HttpStatusCode.BAD_REQUEST
);
}
let user = await User.findOne(query); let user = await User.findOne(query);
if (!user) { if (!user) {
res.json({ error: req.__("Password or username wrong") }) res.json({ error: req.__("Password or username wrong") });
} else { } else {
res.json({ success: true, uid: user.uid }); res.json({ success: true, uid: user.uid });
}
} }
}); );
export default PasswordAuth; export default PasswordAuth;

57
src/api/middlewares/client.ts
View File

@ -6,7 +6,11 @@ import User from "../../models/user";
import Mail from "../../models/mail"; import Mail from "../../models/mail";
import { OAuthJWT } from "../../helper/jwt"; import { OAuthJWT } from "../../helper/jwt";
export function GetClientAuthMiddleware(checksecret = true, internal = false, checksecret_if_available = false) { export function GetClientAuthMiddleware(
checksecret = true,
internal = false,
checksecret_if_available = false
) {
return async (req: Request, res: Response, next: NextFunction) => { return async (req: Request, res: Response, next: NextFunction) => {
try { try {
let client_id = req.query.client_id || req.body.client_id; let client_id = req.query.client_id || req.body.client_id;
@ -24,19 +28,29 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
} }
if (!client_id || (!client_secret && checksecret)) { if (!client_id || (!client_secret && checksecret)) {
throw new RequestError("No client credentials", HttpStatusCode.BAD_REQUEST); throw new RequestError(
"No client credentials",
HttpStatusCode.BAD_REQUEST
);
} }
let w = { client_id: client_id, client_secret: client_secret }; let w = { client_id: client_id, client_secret: client_secret };
if (!checksecret && !(checksecret_if_available && client_secret)) delete w.client_secret; if (!checksecret && !(checksecret_if_available && client_secret))
delete w.client_secret;
let client = await Client.findOne(w) let client = await Client.findOne(w);
if (!client) { if (!client) {
throw new RequestError("Invalid client_id" + (checksecret ? "or client_secret" : ""), HttpStatusCode.BAD_REQUEST); throw new RequestError(
"Invalid client_id" + (checksecret ? "or client_secret" : ""),
HttpStatusCode.BAD_REQUEST
);
} }
if (internal && !client.internal) { if (internal && !client.internal) {
throw new RequestError(req.__("Client has no permission for access"), HttpStatusCode.FORBIDDEN) throw new RequestError(
req.__("Client has no permission for access"),
HttpStatusCode.FORBIDDEN
);
} }
req.client = client; req.client = client;
next(); next();
@ -44,7 +58,7 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
if (next) next(e); if (next) next(e);
else throw e; else throw e;
} }
} };
} }
export const ClientAuthMiddleware = GetClientAuthMiddleware(); export const ClientAuthMiddleware = GetClientAuthMiddleware();
@ -52,10 +66,13 @@ export const ClientAuthMiddleware = GetClientAuthMiddleware();
export function GetClientApiAuthMiddleware(permissions?: string[]) { export function GetClientApiAuthMiddleware(permissions?: string[]) {
return async (req: Request, res: Response, next: NextFunction) => { return async (req: Request, res: Response, next: NextFunction) => {
try { try {
const invalid_err = new RequestError(req.__("You are not logged in or your login is expired"), HttpStatusCode.UNAUTHORIZED); const invalid_err = new RequestError(
let token: string = req.query.access_token || req.headers.authorization; req.__("You are not logged in or your login is expired"),
if (!token) HttpStatusCode.UNAUTHORIZED
throw invalid_err; );
let token: string =
req.query.access_token || req.headers.authorization;
if (!token) throw invalid_err;
if (token.toLowerCase().startsWith("bearer ")) if (token.toLowerCase().startsWith("bearer "))
token = token.substring(7); token = token.substring(7);
@ -64,19 +81,21 @@ export function GetClientApiAuthMiddleware(permissions?: string[]) {
try { try {
data = await validateJWT(token); data = await validateJWT(token);
} catch (err) { } catch (err) {
throw invalid_err throw invalid_err;
} }
let user = await User.findOne({ uid: data.user }); let user = await User.findOne({ uid: data.user });
if (!user) if (!user) throw invalid_err;
throw invalid_err;
let client = await Client.findOne({ client_id: data.application }) let client = await Client.findOne({ client_id: data.application });
if (!client) if (!client) throw invalid_err;
throw invalid_err;
if (permissions && (!data.permissions || !permissions.every(e => data.permissions.indexOf(e) >= 0))) if (
permissions &&
(!data.permissions ||
!permissions.every((e) => data.permissions.indexOf(e) >= 0))
)
throw invalid_err; throw invalid_err;
req.user = user; req.user = user;
@ -86,5 +105,5 @@ export function GetClientApiAuthMiddleware(permissions?: string[]) {
if (next) next(e); if (next) next(e);
else throw e; else throw e;
} }
} };
} }

26
src/api/middlewares/stacker.ts
View File

@ -8,19 +8,21 @@ function call(handler: RH, req: Request, res: Response) {
let p = handler(req, res, (err) => { let p = handler(req, res, (err) => {
if (err) no(err); if (err) no(err);
else yes(); else yes();
}) });
if (p && p.catch) p.catch(err => no(err)); if (p && p.catch) p.catch((err) => no(err));
}) });
} }
const Stacker = (...handler: RH[]) => { const Stacker = (...handler: RH[]) => {
return promiseMiddleware(async (req: Request, res: Response, next: NextFunction) => { return promiseMiddleware(
let hc = handler.concat(); async (req: Request, res: Response, next: NextFunction) => {
while (hc.length > 0) { let hc = handler.concat();
let h = hc.shift(); while (hc.length > 0) {
await call(h, req, res); let h = hc.shift();
await call(h, req, res);
}
next();
} }
next(); );
}); };
} export default Stacker;
export default Stacker;

6
src/api/middlewares/user.ts
View File

@ -22,7 +22,7 @@ export function GetUserMiddleware(
redirect_uri?: string, redirect_uri?: string,
validated = true validated = true
) { ) {
return promiseMiddleware(async function( return promiseMiddleware(async function (
req: Request, req: Request,
res: Response, res: Response,
next?: NextFunction next?: NextFunction
@ -57,7 +57,7 @@ export function GetUserMiddleware(
token: special, token: special,
special: true, special: true,
valid: true, valid: true,
user: token.user user: token.user,
}); });
if (!(await CheckToken(special_token, validated))) if (!(await CheckToken(special_token, validated)))
invalid("Special token invalid"); invalid("Special token invalid");
@ -68,7 +68,7 @@ export function GetUserMiddleware(
req.isAdmin = user.admin; req.isAdmin = user.admin;
req.token = { req.token = {
login: token, login: token,
special: special_token special: special_token,
}; };
if (next) next(); if (next) next();

90
src/api/middlewares/verify.ts
View File

@ -1,6 +1,14 @@
import { Request, Response, NextFunction } from "express" import { Request, Response, NextFunction } from "express";
import { Logging } from "@hibas123/nodelogging"; import { Logging } from "@hibas123/nodelogging";
import { isBoolean, isString, isNumber, isObject, isDate, isArray, isSymbol } from "util"; import {
isBoolean,
isString,
isNumber,
isObject,
isDate,
isArray,
isSymbol,
} from "util";
import RequestError, { HttpStatusCode } from "../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../helper/request_error";
export enum Types { export enum Types {
@ -11,39 +19,41 @@ export enum Types {
OBJECT, OBJECT,
DATE, DATE,
ARRAY, ARRAY,
ENUM ENUM,
} }
function isEmail(value: any): boolean { function isEmail(value: any): boolean {
return /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(value) return /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(
value
);
} }
export interface CheckObject { export interface CheckObject {
type: Types type: Types;
query?: boolean query?: boolean;
optional?: boolean optional?: boolean;
/** /**
* Only when Type.ENUM * Only when Type.ENUM
* *
* values to check before * values to check before
*/ */
values?: string[] values?: string[];
/** /**
* Only when Type.STRING * Only when Type.STRING
*/ */
notempty?: boolean // Only STRING notempty?: boolean; // Only STRING
} }
export interface Checks { export interface Checks {
[index: string]: CheckObject// | Types [index: string]: CheckObject; // | Types
} }
// req: Request, res: Response, next: NextFunction // req: Request, res: Response, next: NextFunction
export default function (fields: Checks, noadditional = false) { export default function (fields: Checks, noadditional = false) {
return (req: Request, res: Response, next: NextFunction) => { return (req: Request, res: Response, next: NextFunction) => {
let errors: { message: string, field: string }[] = [] let errors: { message: string; field: string }[] = [];
function check(data: any, field_name: string, field: CheckObject) { function check(data: any, field_name: string, field: CheckObject) {
if (data !== undefined && data !== null) { if (data !== undefined && data !== null) {
@ -78,48 +88,60 @@ export default function (fields: Checks, noadditional = false) {
} }
break; break;
default: default:
Logging.error(`Invalid type to check: ${field.type} ${Types[field.type]}`) Logging.error(
`Invalid type to check: ${field.type} ${Types[field.type]}`
);
} }
errors.push({ errors.push({
message: res.__("Field {{field}} has wrong type. It should be from type {{type}}", { field: field_name, type: Types[field.type].toLowerCase() }), message: res.__(
field: field_name "Field {{field}} has wrong type. It should be from type {{type}}",
}) { field: field_name, type: Types[field.type].toLowerCase() }
),
field: field_name,
});
} else { } else {
if (!field.optional) errors.push({ if (!field.optional)
message: res.__("Field {{field}} is not defined", { field: field_name }), errors.push({
field: field_name message: res.__("Field {{field}} is not defined", {
}) field: field_name,
}),
field: field_name,
});
} }
} }
for (let field_name in fields) { for (let field_name in fields) {
let field = fields[field_name] let field = fields[field_name];
let data = fields[field_name].query ? req.query[field_name] : req.body[field_name] let data = fields[field_name].query
check(data, field_name, field) ? req.query[field_name]
: req.body[field_name];
check(data, field_name, field);
} }
if (noadditional) { //Checks if the data given has additional parameters if (noadditional) {
//Checks if the data given has additional parameters
let should = Object.keys(fields); let should = Object.keys(fields);
should = should.filter(e => !fields[e].query); //Query parameters should not exist on body should = should.filter((e) => !fields[e].query); //Query parameters should not exist on body
let has = Object.keys(req.body); let has = Object.keys(req.body);
has.every(e => { has.every((e) => {
if (should.indexOf(e) >= 0) { if (should.indexOf(e) >= 0) {
return true; return true;
} else { } else {
errors.push({ errors.push({
message: res.__("Field {{field}} should not be there", { field: e }), message: res.__("Field {{field}} should not be there", {
field: e field: e,
}) }),
field: e,
});
return false; return false;
} }
}) });
} }
if (errors.length > 0) { if (errors.length > 0) {
let err = new RequestError(errors, HttpStatusCode.BAD_REQUEST, true); let err = new RequestError(errors, HttpStatusCode.BAD_REQUEST, true);
next(err); next(err);
} else } else next();
next() };
} }
}

43
src/api/oauth/auth.ts
View File

@ -93,11 +93,13 @@ const GetAuthRoute = (view = false) =>
redirect_uri, redirect_uri,
scope, scope,
state, state,
nored nored,
} = req.query; } = req.query;
const sendError = type => { const sendError = (type) => {
if (redirect_uri === "$local") redirect_uri = "/code"; if (redirect_uri === "$local") redirect_uri = "/code";
res.redirect((redirect_uri += `?error=${type}${state ? "&state=" + state : ""}`)); res.redirect(
(redirect_uri += `?error=${type}${state ? "&state=" + state : ""}`)
);
}; };
const scopes = scope.split(";"); const scopes = scope.split(";");
@ -123,7 +125,7 @@ const GetAuthRoute = (view = false) =>
let permissions: IPermission[] = []; let permissions: IPermission[] = [];
let proms: PromiseLike<void>[] = []; let proms: PromiseLike<void>[] = [];
if (scopes) { if (scopes) {
for (let perm of scopes.filter(e => e !== "read_user")) { for (let perm of scopes.filter((e) => e !== "read_user")) {
let oid = undefined; let oid = undefined;
try { try {
oid = new ObjectID(perm); oid = new ObjectID(perm);
@ -132,7 +134,7 @@ const GetAuthRoute = (view = false) =>
continue; continue;
} }
proms.push( proms.push(
Permission.findById(oid).then(p => { Permission.findById(oid).then((p) => {
if (!p) return Promise.reject(new Error()); if (!p) return Promise.reject(new Error());
permissions.push(p); permissions.push(p);
}) })
@ -141,7 +143,7 @@ const GetAuthRoute = (view = false) =>
} }
let err = undefined; let err = undefined;
await Promise.all(proms).catch(e => { await Promise.all(proms).catch((e) => {
err = e; err = e;
}); });
@ -152,7 +154,7 @@ const GetAuthRoute = (view = false) =>
let grant: IGrant | undefined = await Grant.findOne({ let grant: IGrant | undefined = await Grant.findOne({
client: client._id, client: client._id,
user: req.user._id user: req.user._id,
}); });
Logging.debug("Grant", grant, permissions); Logging.debug("Grant", grant, permissions);
@ -161,14 +163,14 @@ const GetAuthRoute = (view = false) =>
if (grant) { if (grant) {
missing_permissions = grant.permissions missing_permissions = grant.permissions
.map(perm => permissions.find(p => p._id.equals(perm))) .map((perm) => permissions.find((p) => p._id.equals(perm)))
.filter(e => !!e); .filter((e) => !!e);
} else { } else {
missing_permissions = permissions; missing_permissions = permissions;
} }
let client_granted_perm = missing_permissions.filter( let client_granted_perm = missing_permissions.filter(
e => e.grant_type == "client" (e) => e.grant_type == "client"
); );
if (client_granted_perm.length > 0) { if (client_granted_perm.length > 0) {
return sendError("no_permission"); return sendError("no_permission");
@ -186,11 +188,11 @@ const GetAuthRoute = (view = false) =>
GetAuthPage( GetAuthPage(
req.__, req.__,
client.name, client.name,
permissions.map(perm => { permissions.map((perm) => {
return { return {
name: perm.name, name: perm.name,
description: perm.description, description: perm.description,
logo: client.logo logo: client.logo,
}; };
}) })
) )
@ -202,11 +204,11 @@ const GetAuthRoute = (view = false) =>
grant = Grant.new({ grant = Grant.new({
client: client._id, client: client._id,
user: req.user._id, user: req.user._id,
permissions: [] permissions: [],
}); });
grant.permissions.push( grant.permissions.push(
...missing_permissions.map(e => e._id) ...missing_permissions.map((e) => e._id)
); );
await Grant.save(grant); await Grant.save(grant);
} else { } else {
@ -218,20 +220,19 @@ const GetAuthRoute = (view = false) =>
let code = ClientCode.new({ let code = ClientCode.new({
user: req.user._id, user: req.user._id,
client: client._id, client: client._id,
permissions: permissions.map(p => p._id), permissions: permissions.map((p) => p._id),
validTill: moment() validTill: moment().add(30, "minutes").toDate(),
.add(30, "minutes") code: randomBytes(16).toString("hex"),
.toDate(),
code: randomBytes(16).toString("hex")
}); });
await ClientCode.save(code); await ClientCode.save(code);
let redir = let redir =
client.redirect_url === "$local" ? "/code" : client.redirect_url; client.redirect_url === "$local" ? "/code" : client.redirect_url;
let ruri = redir + `?code=${code.code}${state ? "&state=" + state : ""}`; let ruri =
redir + `?code=${code.code}${state ? "&state=" + state : ""}`;
if (nored === "true") { if (nored === "true") {
res.json({ res.json({
redirect_uri: ruri redirect_uri: ruri,
}); });
} else { } else {
res.redirect(ruri); res.redirect(ruri);

22
src/api/oauth/index.ts
View File

@ -8,10 +8,10 @@ const OAuthRoue: Router = Router();
/** /**
* @api {post} /oauth/auth * @api {post} /oauth/auth
* @apiName OAuthAuth * @apiName OAuthAuth
* *
* @apiGroup oauth * @apiGroup oauth
* @apiPermission user Special required * @apiPermission user Special required
* *
* @apiParam {String} response_type must be "code" others are not supported * @apiParam {String} response_type must be "code" others are not supported
* @apiParam {String} client_id ClientID * @apiParam {String} client_id ClientID
* @apiParam {String} redirect_uri The URI to redirect with code * @apiParam {String} redirect_uri The URI to redirect with code
@ -24,31 +24,31 @@ OAuthRoue.post("/auth", GetAuthRoute(false));
/** /**
* @api {get} /oauth/jwt * @api {get} /oauth/jwt
* @apiName OAuthJwt * @apiName OAuthJwt
* *
* @apiGroup oauth * @apiGroup oauth
* @apiPermission none * @apiPermission none
* *
* @apiParam {String} refreshtoken * @apiParam {String} refreshtoken
* *
* @apiSuccess {String} token The JWT that allowes the application to access the recources granted for refresh token * @apiSuccess {String} token The JWT that allowes the application to access the recources granted for refresh token
*/ */
OAuthRoue.get("/jwt", JWTRoute) OAuthRoue.get("/jwt", JWTRoute);
/** /**
* @api {get} /oauth/public * @api {get} /oauth/public
* @apiName OAuthPublic * @apiName OAuthPublic
* *
* @apiGroup oauth * @apiGroup oauth
* @apiPermission none * @apiPermission none
* *
* @apiSuccess {String} public_key The applications public_key. Used to verify JWT. * @apiSuccess {String} public_key The applications public_key. Used to verify JWT.
*/ */
OAuthRoue.get("/public", Public) OAuthRoue.get("/public", Public);
/** /**
* @api {get} /oauth/refresh * @api {get} /oauth/refresh
* @apiName OAuthRefreshGet * @apiName OAuthRefreshGet
* *
* @apiGroup oauth * @apiGroup oauth
*/ */
OAuthRoue.get("/refresh", RefreshTokenRoute); OAuthRoue.get("/refresh", RefreshTokenRoute);
@ -56,7 +56,7 @@ OAuthRoue.get("/refresh", RefreshTokenRoute);
/** /**
* @api {post} /oauth/refresh * @api {post} /oauth/refresh
* @apiName OAuthRefreshPost * @apiName OAuthRefreshPost
* *
* @apiGroup oauth * @apiGroup oauth
*/ */
OAuthRoue.post("/refresh", RefreshTokenRoute); OAuthRoue.post("/refresh", RefreshTokenRoute);

27
src/api/oauth/jwt.ts
View File

@ -8,21 +8,36 @@ import { getAccessTokenJWT } from "../../helper/jwt";
const JWTRoute = promiseMiddleware(async (req: Request, res: Response) => { const JWTRoute = promiseMiddleware(async (req: Request, res: Response) => {
let { refreshtoken } = req.query; let { refreshtoken } = req.query;
if (!refreshtoken) throw new RequestError(req.__("Refresh token not set"), HttpStatusCode.BAD_REQUEST); if (!refreshtoken)
throw new RequestError(
req.__("Refresh token not set"),
HttpStatusCode.BAD_REQUEST
);
let token = await RefreshToken.findOne({ token: refreshtoken }); let token = await RefreshToken.findOne({ token: refreshtoken });
if (!token) throw new RequestError(req.__("Invalid token"), HttpStatusCode.BAD_REQUEST); if (!token)
throw new RequestError(
req.__("Invalid token"),
HttpStatusCode.BAD_REQUEST
);
let user = await User.findById(token.user); let user = await User.findById(token.user);
if (!user) { if (!user) {
token.valid = false; token.valid = false;
await RefreshToken.save(token); await RefreshToken.save(token);
throw new RequestError(req.__("Invalid token"), HttpStatusCode.BAD_REQUEST); throw new RequestError(
req.__("Invalid token"),
HttpStatusCode.BAD_REQUEST
);
} }
let client = await Client.findById(token.client); let client = await Client.findById(token.client);
let jwt = await getAccessTokenJWT({ user, permissions: token.permissions, client }); let jwt = await getAccessTokenJWT({
user,
permissions: token.permissions,
client,
});
res.json({ token: jwt }); res.json({ token: jwt });
}) });
export default JWTRoute; export default JWTRoute;

4
src/api/oauth/public.ts
View File

@ -2,5 +2,5 @@ import { Request, Response } from "express";
import { public_key } from "../../keys"; import { public_key } from "../../keys";
export default function Public(req: Request, res: Response) { export default function Public(req: Request, res: Response) {
res.json({ public_key: public_key }) res.json({ public_key: public_key });
} }

161
src/api/oauth/refresh.ts
View File

@ -2,9 +2,13 @@ import { Request, Response } from "express";
import RequestError, { HttpStatusCode } from "../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../helper/request_error";
import User from "../../models/user"; import User from "../../models/user";
import Client from "../../models/client"; import Client from "../../models/client";
import { getAccessTokenJWT, getIDToken, AccessTokenJWTExp } from "../../helper/jwt"; import {
getAccessTokenJWT,
getIDToken,
AccessTokenJWTExp,
} from "../../helper/jwt";
import Stacker from "../middlewares/stacker"; import Stacker from "../middlewares/stacker";
import { GetClientAuthMiddleware } from "../middlewares/client" import { GetClientAuthMiddleware } from "../middlewares/client";
import ClientCode from "../../models/client_code"; import ClientCode from "../../models/client_code";
import Mail from "../../models/mail"; import Mail from "../../models/mail";
import { randomBytes } from "crypto"; import { randomBytes } from "crypto";
@ -25,72 +29,95 @@ token, which will inform the authorization server of the breach.
const refreshTokenValidTime = moment.duration(6, "month"); const refreshTokenValidTime = moment.duration(6, "month");
const RefreshTokenRoute = Stacker(GetClientAuthMiddleware(false, false, true), async (req: Request, res: Response) => { const RefreshTokenRoute = Stacker(
let grant_type = req.query.grant_type || req.body.grant_type; GetClientAuthMiddleware(false, false, true),
if (!grant_type || grant_type === "authorization_code") { async (req: Request, res: Response) => {
let code = req.query.code || req.body.code; let grant_type = req.query.grant_type || req.body.grant_type;
let nonce = req.query.nonce || req.body.nonce; if (!grant_type || grant_type === "authorization_code") {
let code = req.query.code || req.body.code;
let nonce = req.query.nonce || req.body.nonce;
let c = await ClientCode.findOne({ code: code }) let c = await ClientCode.findOne({ code: code });
if (!c || moment(c.validTill).isBefore()) { if (!c || moment(c.validTill).isBefore()) {
throw new RequestError(req.__("Invalid code"), HttpStatusCode.BAD_REQUEST); throw new RequestError(
req.__("Invalid code"),
HttpStatusCode.BAD_REQUEST
);
}
let client = await Client.findById(c.client);
let user = await User.findById(c.user);
let mails = await Promise.all(user.mails.map((m) => Mail.findOne(m)));
let token = RefreshToken.new({
user: c.user,
client: c.client,
permissions: c.permissions,
token: randomBytes(16).toString("hex"),
valid: true,
validTill: moment().add(refreshTokenValidTime).toDate(),
});
await RefreshToken.save(token);
await ClientCode.delete(c);
let mail = mails.find((e) => e.primary);
if (!mail) mail = mails[0];
res.json({
refresh_token: token.token,
token: token.token,
access_token: await getAccessTokenJWT({
client: client,
user: user,
permissions: c.permissions,
}),
token_type: "bearer",
expires_in: AccessTokenJWTExp.asSeconds(),
profile: {
uid: user.uid,
email: mail ? mail.mail : "",
name: user.name,
enc_key: getEncryptionKey(user, client),
},
id_token: getIDToken(user, client.client_id, nonce),
});
} else if (grant_type === "refresh_token") {
let refresh_token = req.query.refresh_token || req.body.refresh_token;
if (!refresh_token)
throw new RequestError(
req.__("refresh_token not set"),
HttpStatusCode.BAD_REQUEST
);
let token = await RefreshToken.findOne({ token: refresh_token });
if (!token || !token.valid || moment(token.validTill).isBefore())
throw new RequestError(
req.__("Invalid token"),
HttpStatusCode.BAD_REQUEST
);
token.validTill = moment().add(refreshTokenValidTime).toDate();
await RefreshToken.save(token);
let user = await User.findById(token.user);
let client = await Client.findById(token.client);
let jwt = await getAccessTokenJWT({
user,
client,
permissions: token.permissions,
});
res.json({
access_token: jwt,
expires_in: AccessTokenJWTExp.asSeconds(),
});
} else {
throw new RequestError(
"invalid grant_type",
HttpStatusCode.BAD_REQUEST
);
} }
let client = await Client.findById(c.client);
let user = await User.findById(c.user);
let mails = await Promise.all(user.mails.map(m => Mail.findOne(m)));
let token = RefreshToken.new({
user: c.user,
client: c.client,
permissions: c.permissions,
token: randomBytes(16).toString("hex"),
valid: true,
validTill: moment().add(refreshTokenValidTime).toDate()
});
await RefreshToken.save(token);
await ClientCode.delete(c);
let mail = mails.find(e => e.primary);
if (!mail) mail = mails[0];
res.json({
refresh_token: token.token,
token: token.token,
access_token: await getAccessTokenJWT({
client: client,
user: user,
permissions: c.permissions
}),
token_type: "bearer",
expires_in: AccessTokenJWTExp.asSeconds(),
profile: {
uid: user.uid,
email: mail ? mail.mail : "",
name: user.name,
enc_key: getEncryptionKey(user, client)
},
id_token: getIDToken(user, client.client_id, nonce)
});
} else if (grant_type === "refresh_token") {
let refresh_token = req.query.refresh_token || req.body.refresh_token;
if (!refresh_token) throw new RequestError(req.__("refresh_token not set"), HttpStatusCode.BAD_REQUEST);
let token = await RefreshToken.findOne({ token: refresh_token });
if (!token || !token.valid || moment(token.validTill).isBefore())
throw new RequestError(req.__("Invalid token"), HttpStatusCode.BAD_REQUEST);
token.validTill = moment().add(refreshTokenValidTime).toDate();
await RefreshToken.save(token);
let user = await User.findById(token.user);
let client = await Client.findById(token.client)
let jwt = await getAccessTokenJWT({ user, client, permissions: token.permissions });
res.json({ access_token: jwt, expires_in: AccessTokenJWTExp.asSeconds() });
} else {
throw new RequestError("invalid grant_type", HttpStatusCode.BAD_REQUEST);
} }
}) );
export default RefreshTokenRoute; export default RefreshTokenRoute;

23
src/api/user/account.ts
View File

@ -4,13 +4,16 @@ import { GetUserMiddleware } from "../middlewares/user";
import LoginToken, { CheckToken } from "../../models/login_token"; import LoginToken, { CheckToken } from "../../models/login_token";
import RequestError, { HttpStatusCode } from "../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../helper/request_error";
export const GetAccount = Stacker(GetUserMiddleware(true, true), async (req: Request, res: Response) => { export const GetAccount = Stacker(
let user = { GetUserMiddleware(true, true),
id: req.user.uid, async (req: Request, res: Response) => {
name: req.user.name, let user = {
username: req.user.username, id: req.user.uid,
birthday: req.user.birthday, name: req.user.name,
gender: req.user.gender, username: req.user.username,
}; birthday: req.user.birthday,
res.json({ user }); gender: req.user.gender,
}); };
res.json({ user });
}
);

23
src/api/user/contact.ts
View File

@ -3,14 +3,17 @@ import Stacker from "../middlewares/stacker";
import { GetUserMiddleware } from "../middlewares/user"; import { GetUserMiddleware } from "../middlewares/user";
import Mail from "../../models/mail"; import Mail from "../../models/mail";
export const GetContactInfos = Stacker(GetUserMiddleware(true, true), async (req: Request, res: Response) => { export const GetContactInfos = Stacker(
let mails = await Promise.all( GetUserMiddleware(true, true),
req.user.mails.map(mail => Mail.findById(mail)) async (req: Request, res: Response) => {
); let mails = await Promise.all(
req.user.mails.map((mail) => Mail.findById(mail))
);
let contact = { let contact = {
mails: mails.filter(e => !!e), mails: mails.filter((e) => !!e),
phones: req.user.phones phones: req.user.phones,
}; };
res.json({ contact }); res.json({ contact });
}); }
);

31
src/api/user/index.ts
View File

@ -41,20 +41,20 @@ UserRoute.post("/register", Register);
/** /**
* @api {post} /user/login?type=:type * @api {post} /user/login?type=:type
* @apiName UserLogin * @apiName UserLogin
* *
* @apiParam {String} type Type could be either "username" or "password" * @apiParam {String} type Type could be either "username" or "password"
* *
* @apiGroup user * @apiGroup user
* @apiPermission none * @apiPermission none
* *
* @apiParam {String} username Username (either username or uid required) * @apiParam {String} username Username (either username or uid required)
* @apiParam {String} uid (either username or uid required) * @apiParam {String} uid (either username or uid required)
* @apiParam {String} password Password hashed and salted like specification (only on type password) * @apiParam {String} password Password hashed and salted like specification (only on type password)
* @apiParam {Number} time in milliseconds used to hash password. This is used to make passwords "expire" * @apiParam {Number} time in milliseconds used to hash password. This is used to make passwords "expire"
* *
* @apiSuccess {String} uid On type = "username" * @apiSuccess {String} uid On type = "username"
* @apiSuccess {String} salt On type = "username" * @apiSuccess {String} salt On type = "username"
* *
* @apiSuccess {String} login On type = "password". Login Token * @apiSuccess {String} login On type = "password". Login Token
* @apiSuccess {String} special On type = "password". Special Token * @apiSuccess {String} special On type = "password". Special Token
* @apiSuccess {Object[]} tfa Will be set when TwoFactorAuthentication is required * @apiSuccess {Object[]} tfa Will be set when TwoFactorAuthentication is required
@ -62,16 +62,16 @@ UserRoute.post("/register", Register);
* @apiSuccess {String} tfa.name The name of the TFA Method * @apiSuccess {String} tfa.name The name of the TFA Method
* @apiSuccess {String} tfa.type The type of the TFA Method * @apiSuccess {String} tfa.type The type of the TFA Method
*/ */
UserRoute.post("/login", Login) UserRoute.post("/login", Login);
UserRoute.use("/twofactor", TwoFactorRoute); UserRoute.use("/twofactor", TwoFactorRoute);
/** /**
* @api {get} /user/token * @api {get} /user/token
* @apiName UserGetToken * @apiName UserGetToken
* *
* @apiGroup user * @apiGroup user
* @apiPermission user * @apiPermission user
* *
* @apiSuccess {Object[]} token * @apiSuccess {Object[]} token
* @apiSuccess {String} token.id The Token ID * @apiSuccess {String} token.id The Token ID
* @apiSuccess {String} token.special Identifies Special Token * @apiSuccess {String} token.special Identifies Special Token
@ -84,25 +84,24 @@ UserRoute.get("/token", GetToken);
/** /**
* @api {delete} /user/token/:id * @api {delete} /user/token/:id
* @apiParam {String} id The id of the token to be deleted * @apiParam {String} id The id of the token to be deleted
* *
* @apiName UserDeleteToken * @apiName UserDeleteToken
* *
* *
* @apiGroup user * @apiGroup user
* @apiPermission user * @apiPermission user
* *
* @apiSuccess {Boolean} success * @apiSuccess {Boolean} success
*/ */
UserRoute.delete("/token/:id", DeleteToken); UserRoute.delete("/token/:id", DeleteToken);
/** /**
* @api {delete} /user/account * @api {delete} /user/account
* @apiName UserGetAccount * @apiName UserGetAccount
* *
* @apiGroup user * @apiGroup user
* @apiPermission user * @apiPermission user
* *
* @apiSuccess {Boolean} success * @apiSuccess {Boolean} success
* @apiSuccess {Object[]} user * @apiSuccess {Object[]} user
* @apiSuccess {String} user.id User ID * @apiSuccess {String} user.id User ID
@ -126,4 +125,4 @@ UserRoute.get("/account", GetAccount);
* @apiSuccess {Object[]} user.phone Phone numbers * @apiSuccess {Object[]} user.phone Phone numbers
*/ */
UserRoute.get("/contact", GetContactInfos); UserRoute.get("/contact", GetContactInfos);
export default UserRoute; export default UserRoute;

91
src/api/user/login.ts
View File

@ -1,4 +1,4 @@
import { Request, Response } from "express" import { Request, Response } from "express";
import User, { IUser } from "../../models/user"; import User, { IUser } from "../../models/user";
import { randomBytes } from "crypto"; import { randomBytes } from "crypto";
import moment = require("moment"); import moment = require("moment");
@ -12,36 +12,39 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
let type = req.query.type; let type = req.query.type;
if (type === "username") { if (type === "username") {
let { username, uid } = req.query; let { username, uid } = req.query;
let user = await User.findOne(username ? { username: username.toLowerCase() } : { uid: uid }); let user = await User.findOne(
username ? { username: username.toLowerCase() } : { uid: uid }
);
if (!user) { if (!user) {
res.json({ error: req.__("User not found") }) res.json({ error: req.__("User not found") });
} else { } else {
res.json({ salt: user.salt, uid: user.uid }); res.json({ salt: user.salt, uid: user.uid });
} }
return; return;
} else if (type === "password") { } else if (type === "password") {
const sendToken = async (user: IUser, tfa?: any[]) => { const sendToken = async (user: IUser, tfa?: any[]) => {
let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress let ip =
req.headers["x-forwarded-for"] || req.connection.remoteAddress;
let client = { let client = {
ip: Array.isArray(ip) ? ip[0] : ip, ip: Array.isArray(ip) ? ip[0] : ip,
browser: req.headers["user-agent"] browser: req.headers["user-agent"],
} };
let token_str = randomBytes(16).toString("hex"); let token_str = randomBytes(16).toString("hex");
let tfa_exp = moment().add(5, "minutes").toDate() let tfa_exp = moment().add(5, "minutes").toDate();
let token_exp = moment().add(6, "months").toDate() let token_exp = moment().add(6, "months").toDate();
let token = LoginToken.new({ let token = LoginToken.new({
token: token_str, token: token_str,
valid: true, valid: true,
validTill: tfa ? tfa_exp : token_exp, validTill: tfa ? tfa_exp : token_exp,
user: user._id, user: user._id,
validated: tfa ? false : true, validated: tfa ? false : true,
...client ...client,
}); });
await LoginToken.save(token); await LoginToken.save(token);
let special_str = randomBytes(24).toString("hex"); let special_str = randomBytes(24).toString("hex");
let special_exp = moment().add(30, "minutes").toDate() let special_exp = moment().add(30, "minutes").toDate();
let special = LoginToken.new({ let special = LoginToken.new({
token: special_str, token: special_str,
valid: true, valid: true,
@ -49,50 +52,74 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
special: true, special: true,
user: user._id, user: user._id,
validated: tfa ? false : true, validated: tfa ? false : true,
...client ...client,
}); });
await LoginToken.save(special); await LoginToken.save(special);
res.json({ res.json({
login: { token: token_str, expires: token.validTill.toUTCString() }, login: { token: token_str, expires: token.validTill.toUTCString() },
special: { token: special_str, expires: special.validTill.toUTCString() }, special: {
tfa token: special_str,
expires: special.validTill.toUTCString(),
},
tfa,
}); });
} };
let { username, password, uid, date } = req.body; let { username, password, uid, date } = req.body;
let user = await User.findOne(username ? { username: username.toLowerCase() } : { uid: uid }) let user = await User.findOne(
username ? { username: username.toLowerCase() } : { uid: uid }
);
if (!user) { if (!user) {
res.json({ error: req.__("User not found") }) res.json({ error: req.__("User not found") });
} else { } else {
let upw = user.password; let upw = user.password;
if (date) { if (date) {
if (!moment(date).isBetween(moment().subtract(1, "minute"), moment().add(1, "minute"))) { if (
res.json({ error: req.__("Invalid timestamp. Please check your devices time!") }); !moment(date).isBetween(
moment().subtract(1, "minute"),
moment().add(1, "minute")
)
) {
res.json({
error: req.__(
"Invalid timestamp. Please check your devices time!"
),
});
return; return;
} else { } else {
upw = crypto.createHash("sha512").update(upw + date.toString()).digest("hex"); upw = crypto
.createHash("sha512")
.update(upw + date.toString())
.digest("hex");
} }
} }
if (upw !== password) { if (upw !== password) {
res.json({ error: req.__("Password or username wrong") }) res.json({ error: req.__("Password or username wrong") });
} else { } else {
let twofactor = await TwoFactor.find({ user: user._id, valid: true }) let twofactor = await TwoFactor.find({
let expired = twofactor.filter(e => e.expires ? moment().isAfter(moment(e.expires)) : false) user: user._id,
await Promise.all(expired.map(e => { valid: true,
e.valid = false; });
return TwoFactor.save(e); let expired = twofactor.filter((e) =>
})); e.expires ? moment().isAfter(moment(e.expires)) : false
twofactor = twofactor.filter(e => e.valid); );
await Promise.all(
expired.map((e) => {
e.valid = false;
return TwoFactor.save(e);
})
);
twofactor = twofactor.filter((e) => e.valid);
if (twofactor && twofactor.length > 0) { if (twofactor && twofactor.length > 0) {
let tfa = twofactor.map(e => { let tfa = twofactor.map((e) => {
return { return {
id: e._id, id: e._id,
name: e.name || TFANames.get(e.type), name: e.name || TFANames.get(e.type),
type: e.type type: e.type,
} };
}) });
await sendToken(user, tfa); await sendToken(user, tfa);
} else { } else {
await sendToken(user); await sendToken(user);
@ -104,4 +131,4 @@ const Login = promiseMiddleware(async (req: Request, res: Response) => {
} }
}); });
export default Login; export default Login;

263
src/api/user/register.ts
View File

@ -1,4 +1,4 @@
import { Request, Response, Router } from "express" import { Request, Response, Router } from "express";
import Stacker from "../middlewares/stacker"; import Stacker from "../middlewares/stacker";
import verify, { Types } from "../middlewares/verify"; import verify, { Types } from "../middlewares/verify";
import promiseMiddleware from "../../helper/promiseMiddleware"; import promiseMiddleware from "../../helper/promiseMiddleware";
@ -7,138 +7,149 @@ import { HttpStatusCode } from "../../helper/request_error";
import Mail from "../../models/mail"; import Mail from "../../models/mail";
import RegCode from "../../models/regcodes"; import RegCode from "../../models/regcodes";
const Register = Stacker(verify({ const Register = Stacker(
mail: { verify({
type: Types.EMAIL, mail: {
notempty: true type: Types.EMAIL,
}, notempty: true,
username: { },
type: Types.STRING, username: {
notempty: true type: Types.STRING,
}, notempty: true,
password: { },
type: Types.STRING, password: {
notempty: true type: Types.STRING,
}, notempty: true,
salt: { },
type: Types.STRING, salt: {
notempty: true type: Types.STRING,
}, notempty: true,
regcode: { },
type: Types.STRING, regcode: {
notempty: true type: Types.STRING,
}, notempty: true,
gender: { },
type: Types.STRING, gender: {
notempty: true type: Types.STRING,
}, notempty: true,
name: { },
type: Types.STRING, name: {
notempty: true type: Types.STRING,
}, notempty: true,
// birthday: { },
// type: Types.DATE // birthday: {
// } // type: Types.DATE
}), promiseMiddleware(async (req: Request, res: Response) => { // }
let { username, password, salt, mail, gender, name, birthday, regcode } = req.body; }),
let u = await User.findOne({ username: username.toLowerCase() }) promiseMiddleware(async (req: Request, res: Response) => {
if (u) { let {
let err = { username,
message: [ password,
{ salt,
message: req.__("Username taken"), mail,
field: "username" gender,
} name,
], birthday,
status: HttpStatusCode.BAD_REQUEST, regcode,
nolog: true } = req.body;
let u = await User.findOne({ username: username.toLowerCase() });
if (u) {
let err = {
message: [
{
message: req.__("Username taken"),
field: "username",
},
],
status: HttpStatusCode.BAD_REQUEST,
nolog: true,
};
throw err;
} }
throw err;
}
let m = await Mail.findOne({ mail: mail });
let m = await Mail.findOne({ mail: mail }) if (m) {
if (m) { let err = {
let err = { message: [
message: [ {
{ message: req.__("Mail linked with other account"),
message: req.__("Mail linked with other account"), field: "mail",
field: "mail" },
} ],
], status: HttpStatusCode.BAD_REQUEST,
status: HttpStatusCode.BAD_REQUEST, nolog: true,
nolog: true };
throw err;
} }
throw err;
}
let regc = await RegCode.findOne({ token: regcode }) let regc = await RegCode.findOne({ token: regcode });
if (!regc) { if (!regc) {
let err = { let err = {
message: [ message: [
{ {
message: req.__("Invalid registration code"), message: req.__("Invalid registration code"),
field: "regcode" field: "regcode",
} },
], ],
status: HttpStatusCode.BAD_REQUEST, status: HttpStatusCode.BAD_REQUEST,
nolog: true nolog: true,
};
throw err;
} }
throw err;
}
if (!regc.valid) { if (!regc.valid) {
let err = { let err = {
message: [ message: [
{ {
message: req.__("Registration code already used"), message: req.__("Registration code already used"),
field: "regcode" field: "regcode",
} },
], ],
status: HttpStatusCode.BAD_REQUEST, status: HttpStatusCode.BAD_REQUEST,
nolog: true nolog: true,
};
throw err;
} }
throw err;
}
let g = -1; let g = -1;
switch (gender) { switch (gender) {
case "male": case "male":
g = Gender.male g = Gender.male;
break; break;
case "female": case "female":
g = Gender.female g = Gender.female;
break; break;
case "other": case "other":
g = Gender.other g = Gender.other;
break; break;
default: default:
g = Gender.none g = Gender.none;
break; break;
} }
let user = User.new({ let user = User.new({
username: username.toLowerCase(), username: username.toLowerCase(),
password: password, password: password,
salt: salt, salt: salt,
gender: g, gender: g,
name: name, name: name,
// birthday: birthday, // birthday: birthday,
admin: false admin: false,
});
regc.valid = false;
await RegCode.save(regc);
let ml = Mail.new({
mail: mail,
primary: true,
});
await Mail.save(ml);
user.mails.push(ml._id);
await User.save(user);
res.json({ success: true });
}) })
);
regc.valid = false; export default Register;
await RegCode.save(regc);
let ml = Mail.new({
mail: mail,
primary: true
})
await Mail.save(ml);
user.mails.push(ml._id);
await User.save(user)
res.json({ success: true });
}))
export default Register;

60
src/api/user/token.ts
View File

@ -4,26 +4,42 @@ import { GetUserMiddleware } from "../middlewares/user";
import LoginToken, { CheckToken } from "../../models/login_token"; import LoginToken, { CheckToken } from "../../models/login_token";
import RequestError, { HttpStatusCode } from "../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../helper/request_error";
export const GetToken = Stacker(GetUserMiddleware(true, true), async (req: Request, res: Response) => { export const GetToken = Stacker(
let raw_token = await LoginToken.find({ user: req.user._id, valid: true }); GetUserMiddleware(true, true),
let token = await Promise.all(raw_token.map(async token => { async (req: Request, res: Response) => {
await CheckToken(token); let raw_token = await LoginToken.find({
return { user: req.user._id,
id: token._id, valid: true,
special: token.special, });
ip: token.ip, let token = await Promise.all(
browser: token.browser, raw_token
isthis: token._id.equals(token.special ? req.token.special._id : req.token.login._id) .map(async (token) => {
} await CheckToken(token);
}).filter(t => t !== undefined)); return {
res.json({ token }); id: token._id,
}); special: token.special,
ip: token.ip,
browser: token.browser,
isthis: token._id.equals(
token.special ? req.token.special._id : req.token.login._id
),
};
})
.filter((t) => t !== undefined)
);
res.json({ token });
}
);
export const DeleteToken = Stacker(GetUserMiddleware(true, true), async (req: Request, res: Response) => { export const DeleteToken = Stacker(
let { id } = req.params; GetUserMiddleware(true, true),
let token = await LoginToken.findById(id); async (req: Request, res: Response) => {
if (!token || !token.user.equals(req.user._id)) throw new RequestError("Invalid ID", HttpStatusCode.BAD_REQUEST); let { id } = req.params;
token.valid = false; let token = await LoginToken.findById(id);
await LoginToken.save(token); if (!token || !token.user.equals(req.user._id))
res.json({ success: true }); throw new RequestError("Invalid ID", HttpStatusCode.BAD_REQUEST);
}); token.valid = false;
await LoginToken.save(token);
res.json({ success: true });
}
);

126
src/api/user/twofactor/backup/index.ts
View File

@ -1,7 +1,10 @@
import { Router } from "express" import { Router } from "express";
import Stacker from "../../../middlewares/stacker"; import Stacker from "../../../middlewares/stacker";
import { GetUserMiddleware } from "../../../middlewares/user"; import { GetUserMiddleware } from "../../../middlewares/user";
import TwoFactor, { TFATypes as TwoFATypes, IBackupCode } from "../../../../models/twofactor"; import TwoFactor, {
TFATypes as TwoFATypes,
IBackupCode,
} from "../../../../models/twofactor";
import RequestError, { HttpStatusCode } from "../../../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
import moment = require("moment"); import moment = require("moment");
import { upgradeToken } from "../helper"; import { upgradeToken } from "../helper";
@ -15,60 +18,83 @@ function generateCode(length: number) {
let bytes = crypto.randomBytes(length); let bytes = crypto.randomBytes(length);
let nrs = ""; let nrs = "";
bytes.forEach((b, idx) => { bytes.forEach((b, idx) => {
let nr = Math.floor((b / 255) * 9.9999) let nr = Math.floor((b / 255) * 9.9999);
if (nr > 9) nr = 9; if (nr > 9) nr = 9;
nrs += String(nr); nrs += String(nr);
}) });
return nrs; return nrs;
} }
BackupCodeRoute.post("/", Stacker(GetUserMiddleware(true, true), async (req, res) => { BackupCodeRoute.post(
//Generating new "/",
let codes = Array(10).map(() => generateCode(8)); Stacker(GetUserMiddleware(true, true), async (req, res) => {
console.log(codes); //Generating new
let twofactor = TwoFactor.new(<IBackupCode>{ let codes = Array(10).map(() => generateCode(8));
user: req.user._id, console.log(codes);
type: TwoFATypes.OTC, let twofactor = TwoFactor.new(<IBackupCode>{
valid: true, user: req.user._id,
data: codes, type: TwoFATypes.OTC,
name: "" valid: true,
}) data: codes,
await TwoFactor.save(twofactor); name: "",
res.json({ });
codes,
id: twofactor._id
})
}));
BackupCodeRoute.put("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => {
let { login, special } = req.token;
let { id, code }: { id: string, code: string } = req.body;
let twofactor: IBackupCode = await TwoFactor.findById(id);
if (!twofactor || !twofactor.valid || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.OTC) {
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor); await TwoFactor.save(twofactor);
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST); res.json({
} codes,
code = code.replace(/\s/g, ""); id: twofactor._id,
let valid = twofactor.data.find(c => c === code); });
})
);
if (valid) { BackupCodeRoute.put(
twofactor.data = twofactor.data.filter(c => c !== code); "/",
await TwoFactor.save(twofactor); Stacker(
let [login_exp, special_exp] = await Promise.all([ GetUserMiddleware(true, false, undefined, false),
upgradeToken(login), async (req, res) => {
upgradeToken(special) let { login, special } = req.token;
]); let { id, code }: { id: string; code: string } = req.body;
res.json({ success: true, login_exp, special_exp })
} else { let twofactor: IBackupCode = await TwoFactor.findById(id);
throw new RequestError("Invalid or already used code!", HttpStatusCode.BAD_REQUEST);
} if (
})) !twofactor ||
!twofactor.valid ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.OTC
) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
code = code.replace(/\s/g, "");
let valid = twofactor.data.find((c) => c === code);
if (valid) {
twofactor.data = twofactor.data.filter((c) => c !== code);
await TwoFactor.save(twofactor);
let [login_exp, special_exp] = await Promise.all([
upgradeToken(login),
upgradeToken(special),
]);
res.json({ success: true, login_exp, special_exp });
} else {
throw new RequestError(
"Invalid or already used code!",
HttpStatusCode.BAD_REQUEST
);
}
}
)
);
export default BackupCodeRoute; export default BackupCodeRoute;

7
src/api/user/twofactor/helper.ts
View File

@ -6,8 +6,11 @@ export async function upgradeToken(token: ILoginToken) {
token.valid = true; token.valid = true;
token.validated = true; token.validated = true;
//TODO durations from config //TODO durations from config
let expires = (token.special ? moment().add(30, "minute") : moment().add(6, "months")).toDate(); let expires = (token.special
? moment().add(30, "minute")
: moment().add(6, "months")
).toDate();
token.validTill = expires; token.validTill = expires;
await LoginToken.save(token); await LoginToken.save(token);
return expires; return expires;
} }

66
src/api/user/twofactor/index.ts
View File

@ -3,44 +3,54 @@ import YubiKeyRoute from "./yubikey";
import { GetUserMiddleware } from "../../middlewares/user"; import { GetUserMiddleware } from "../../middlewares/user";
import Stacker from "../../middlewares/stacker"; import Stacker from "../../middlewares/stacker";
import TwoFactor from "../../../models/twofactor"; import TwoFactor from "../../../models/twofactor";
import * as moment from "moment" import * as moment from "moment";
import RequestError, { HttpStatusCode } from "../../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../../helper/request_error";
import OTCRoute from "./otc"; import OTCRoute from "./otc";
import BackupCodeRoute from "./backup"; import BackupCodeRoute from "./backup";
const TwoFactorRouter = Router(); const TwoFactorRouter = Router();
TwoFactorRouter.get("/", Stacker(GetUserMiddleware(true, true), async (req, res) => { TwoFactorRouter.get(
let twofactor = await TwoFactor.find({ user: req.user._id, valid: true }) "/",
let expired = twofactor.filter(e => e.expires ? moment().isAfter(moment(e.expires)) : false) Stacker(GetUserMiddleware(true, true), async (req, res) => {
await Promise.all(expired.map(e => { let twofactor = await TwoFactor.find({ user: req.user._id, valid: true });
e.valid = false; let expired = twofactor.filter((e) =>
return TwoFactor.save(e); e.expires ? moment().isAfter(moment(e.expires)) : false
})); );
twofactor = twofactor.filter(e => e.valid); await Promise.all(
let tfa = twofactor.map(e => { expired.map((e) => {
return { e.valid = false;
id: e._id, return TwoFactor.save(e);
name: e.name, })
type: e.type );
} twofactor = twofactor.filter((e) => e.valid);
let tfa = twofactor.map((e) => {
return {
id: e._id,
name: e.name,
type: e.type,
};
});
res.json({ methods: tfa });
}) })
res.json({ methods: tfa }); );
}));
TwoFactorRouter.delete("/:id", Stacker(GetUserMiddleware(true, true), async (req, res) => { TwoFactorRouter.delete(
let { id } = req.params; "/:id",
let tfa = await TwoFactor.findById(id); Stacker(GetUserMiddleware(true, true), async (req, res) => {
if (!tfa || !tfa.user.equals(req.user._id)) { let { id } = req.params;
throw new RequestError("Invalid id", HttpStatusCode.BAD_REQUEST); let tfa = await TwoFactor.findById(id);
} if (!tfa || !tfa.user.equals(req.user._id)) {
tfa.valid = false; throw new RequestError("Invalid id", HttpStatusCode.BAD_REQUEST);
await TwoFactor.save(tfa); }
res.json({ success: true }); tfa.valid = false;
})); await TwoFactor.save(tfa);
res.json({ success: true });
})
);
TwoFactorRouter.use("/yubikey", YubiKeyRoute); TwoFactorRouter.use("/yubikey", YubiKeyRoute);
TwoFactorRouter.use("/otc", OTCRoute); TwoFactorRouter.use("/otc", OTCRoute);
TwoFactorRouter.use("/backup", BackupCodeRoute); TwoFactorRouter.use("/backup", BackupCodeRoute);
export default TwoFactorRouter; export default TwoFactorRouter;

200
src/api/user/twofactor/otc/index.ts
View File

@ -1,7 +1,10 @@
import { Router } from "express" import { Router } from "express";
import Stacker from "../../../middlewares/stacker"; import Stacker from "../../../middlewares/stacker";
import { GetUserMiddleware } from "../../../middlewares/user"; import { GetUserMiddleware } from "../../../middlewares/user";
import TwoFactor, { TFATypes as TwoFATypes, IOTC } from "../../../../models/twofactor"; import TwoFactor, {
TFATypes as TwoFATypes,
IOTC,
} from "../../../../models/twofactor";
import RequestError, { HttpStatusCode } from "../../../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
import moment = require("moment"); import moment = require("moment");
import { upgradeToken } from "../helper"; import { upgradeToken } from "../helper";
@ -13,93 +16,120 @@ import config from "../../../../config";
const OTCRoute = Router(); const OTCRoute = Router();
OTCRoute.post("/", Stacker(GetUserMiddleware(true, true), async (req, res) => { OTCRoute.post(
const { type } = req.query; "/",
if (type === "create") { Stacker(GetUserMiddleware(true, true), async (req, res) => {
//Generating new const { type } = req.query;
let secret = speakeasy.generateSecret({ if (type === "create") {
name: config.core.name, //Generating new
issuer: config.core.name let secret = speakeasy.generateSecret({
}); name: config.core.name,
let twofactor = TwoFactor.new(<IOTC>{ issuer: config.core.name,
user: req.user._id, });
type: TwoFATypes.OTC, let twofactor = TwoFactor.new(<IOTC>{
valid: false, user: req.user._id,
data: secret.base32 type: TwoFATypes.OTC,
}) valid: false,
let dataurl = await qrcode.toDataURL(secret.otpauth_url); data: secret.base32,
await TwoFactor.save(twofactor); });
res.json({ let dataurl = await qrcode.toDataURL(secret.otpauth_url);
image: dataurl,
id: twofactor._id
})
} else if (type === "validate") {
// Checking code and marking as valid
const { code, id } = req.body;
Logging.debug(req.body, id);
let twofactor: IOTC = await TwoFactor.findById(id);
const err = () => { throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST) };
if (!twofactor || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.OTC || !twofactor.data || twofactor.valid) {
Logging.debug("Not found or wrong user", twofactor);
err();
}
if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
await TwoFactor.delete(twofactor);
Logging.debug("Expired!", twofactor);
err();
}
let valid = speakeasy.totp.verify({
secret: twofactor.data,
encoding: "base32",
token: code
})
if (valid) {
twofactor.expires = undefined;
twofactor.valid = true;
await TwoFactor.save(twofactor); await TwoFactor.save(twofactor);
res.json({ success: true }); res.json({
image: dataurl,
id: twofactor._id,
});
} else if (type === "validate") {
// Checking code and marking as valid
const { code, id } = req.body;
Logging.debug(req.body, id);
let twofactor: IOTC = await TwoFactor.findById(id);
const err = () => {
throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST);
};
if (
!twofactor ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.OTC ||
!twofactor.data ||
twofactor.valid
) {
Logging.debug("Not found or wrong user", twofactor);
err();
}
if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
await TwoFactor.delete(twofactor);
Logging.debug("Expired!", twofactor);
err();
}
let valid = speakeasy.totp.verify({
secret: twofactor.data,
encoding: "base32",
token: code,
});
if (valid) {
twofactor.expires = undefined;
twofactor.valid = true;
await TwoFactor.save(twofactor);
res.json({ success: true });
} else {
throw new RequestError("Invalid Code!", HttpStatusCode.BAD_REQUEST);
}
} else { } else {
throw new RequestError("Invalid Code!", HttpStatusCode.BAD_REQUEST); throw new RequestError("Invalid type", HttpStatusCode.BAD_REQUEST);
} }
} else {
throw new RequestError("Invalid type", HttpStatusCode.BAD_REQUEST);
}
}));
OTCRoute.put("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => {
let { login, special } = req.token;
let { id, code } = req.body;
let twofactor: IOTC = await TwoFactor.findById(id);
if (!twofactor || !twofactor.valid || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.OTC) {
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
}
let valid = speakeasy.totp.verify({
secret: twofactor.data,
encoding: "base32",
token: code
}) })
);
if (valid) { OTCRoute.put(
let [login_exp, special_exp] = await Promise.all([ "/",
upgradeToken(login), Stacker(
upgradeToken(special) GetUserMiddleware(true, false, undefined, false),
]); async (req, res) => {
res.json({ success: true, login_exp, special_exp }) let { login, special } = req.token;
} else { let { id, code } = req.body;
throw new RequestError("Invalid Code", HttpStatusCode.BAD_REQUEST); let twofactor: IOTC = await TwoFactor.findById(id);
}
})) if (
!twofactor ||
!twofactor.valid ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.OTC
) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
let valid = speakeasy.totp.verify({
secret: twofactor.data,
encoding: "base32",
token: code,
});
if (valid) {
let [login_exp, special_exp] = await Promise.all([
upgradeToken(login),
upgradeToken(special),
]);
res.json({ success: true, login_exp, special_exp });
} else {
throw new RequestError("Invalid Code", HttpStatusCode.BAD_REQUEST);
}
}
)
);
export default OTCRoute; export default OTCRoute;

288
src/api/user/twofactor/yubikey/index.ts
View File

@ -1,9 +1,12 @@
import { Router, Request } from "express" import { Router, Request } from "express";
import Stacker from "../../../middlewares/stacker"; import Stacker from "../../../middlewares/stacker";
import { UserMiddleware, GetUserMiddleware } from "../../../middlewares/user"; import { UserMiddleware, GetUserMiddleware } from "../../../middlewares/user";
import * as u2f from "u2f"; import * as u2f from "u2f";
import config from "../../../../config"; import config from "../../../../config";
import TwoFactor, { TFATypes as TwoFATypes, IYubiKey } from "../../../../models/twofactor"; import TwoFactor, {
TFATypes as TwoFATypes,
IYubiKey,
} from "../../../../models/twofactor";
import RequestError, { HttpStatusCode } from "../../../../helper/request_error"; import RequestError, { HttpStatusCode } from "../../../../helper/request_error";
import moment = require("moment"); import moment = require("moment");
import LoginToken from "../../../../models/login_token"; import LoginToken from "../../../../models/login_token";
@ -15,120 +18,189 @@ const U2FRoute = Router();
/** /**
* Registerinf a new YubiKey * Registerinf a new YubiKey
*/ */
U2FRoute.post("/", Stacker(GetUserMiddleware(true, true), async (req, res) => { U2FRoute.post(
const { type } = req.query; "/",
if (type === "challenge") { Stacker(GetUserMiddleware(true, true), async (req, res) => {
const registrationRequest = u2f.request(config.core.url); const { type } = req.query;
if (type === "challenge") {
const registrationRequest = u2f.request(config.core.url);
let twofactor = TwoFactor.new(<IYubiKey>{ let twofactor = TwoFactor.new(<IYubiKey>{
user: req.user._id, user: req.user._id,
type: TwoFATypes.U2F, type: TwoFATypes.U2F,
valid: false, valid: false,
data: { data: {
registration: registrationRequest registration: registrationRequest,
} },
}) });
await TwoFactor.save(twofactor);
res.json({ request: registrationRequest, id: twofactor._id, appid: config.core.url });
} else {
const { response, id } = req.body;
Logging.debug(req.body, id);
let twofactor: IYubiKey = await TwoFactor.findById(id);
const err = () => { throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST) };
if (!twofactor || !twofactor.user.equals(req.user._id) || twofactor.type !== TwoFATypes.U2F || !twofactor.data.registration || twofactor.valid) {
Logging.debug("Not found or wrong user", twofactor);
err();
}
if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
await TwoFactor.delete(twofactor);
Logging.debug("Expired!", twofactor);
err();
}
const result = u2f.checkRegistration(twofactor.data.registration, response);
if (result.successful) {
twofactor.data = {
keyHandle: result.keyHandle,
publicKey: result.publicKey
}
twofactor.expires = undefined;
twofactor.valid = true;
await TwoFactor.save(twofactor); await TwoFactor.save(twofactor);
res.json({ success: true }); res.json({
request: registrationRequest,
id: twofactor._id,
appid: config.core.url,
});
} else { } else {
throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST); const { response, id } = req.body;
} Logging.debug(req.body, id);
} let twofactor: IYubiKey = await TwoFactor.findById(id);
})); const err = () => {
throw new RequestError("Invalid ID!", HttpStatusCode.BAD_REQUEST);
};
if (
!twofactor ||
!twofactor.user.equals(req.user._id) ||
twofactor.type !== TwoFATypes.U2F ||
!twofactor.data.registration ||
twofactor.valid
) {
Logging.debug("Not found or wrong user", twofactor);
err();
}
U2FRoute.get("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => { if (twofactor.expires && moment().isAfter(moment(twofactor.expires))) {
let { login, special } = req.token; await TwoFactor.delete(twofactor);
let twofactor: IYubiKey = await TwoFactor.findOne({ user: req.user._id, type: TwoFATypes.U2F, valid: true }) Logging.debug("Expired!", twofactor);
err();
}
if (!twofactor) { const result = u2f.checkRegistration(
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST); twofactor.data.registration,
} response
);
if (twofactor.expires) {
if (moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
}
}
let request = u2f.request(config.core.url, twofactor.data.keyHandle);
login.data = {
type: "ykr",
request
};
let r;;
if (special) {
special.data = login.data;
r = LoginToken.save(special);
}
await Promise.all([r, LoginToken.save(login)]);
res.json({ request });
}))
U2FRoute.put("/", Stacker(GetUserMiddleware(true, false, undefined, false), async (req, res) => {
let { login, special } = req.token;
let twofactor: IYubiKey = await TwoFactor.findOne({ user: req.user._id, type: TwoFATypes.U2F, valid: true })
let { response } = req.body;
if (!twofactor || !login.data || login.data.type !== "ykr" || special && (!special.data || special.data.type !== "ykr")) {
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError("Invalid Method!", HttpStatusCode.BAD_REQUEST);
}
let login_exp;
let special_exp;
let result = u2f.checkSignature(login.data.request, response, twofactor.data.publicKey);
if (result.successful) {
if (special) {
let result = u2f.checkSignature(special.data.request, response, twofactor.data.publicKey);
if (result.successful) { if (result.successful) {
special_exp = await upgradeToken(special); twofactor.data = {
} keyHandle: result.keyHandle,
else { publicKey: result.publicKey,
throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST); };
twofactor.expires = undefined;
twofactor.valid = true;
await TwoFactor.save(twofactor);
res.json({ success: true });
} else {
throw new RequestError(
result.errorMessage,
HttpStatusCode.BAD_REQUEST
);
} }
} }
login_exp = await upgradeToken(login); })
} );
else {
throw new RequestError(result.errorMessage, HttpStatusCode.BAD_REQUEST); U2FRoute.get(
} "/",
res.json({ success: true, login_exp, special_exp }) Stacker(
})) GetUserMiddleware(true, false, undefined, false),
async (req, res) => {
let { login, special } = req.token;
let twofactor: IYubiKey = await TwoFactor.findOne({
user: req.user._id,
type: TwoFATypes.U2F,
valid: true,
});
if (!twofactor) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires) {
if (moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
}
let request = u2f.request(config.core.url, twofactor.data.keyHandle);
login.data = {
type: "ykr",
request,
};
let r;
if (special) {
special.data = login.data;
r = LoginToken.save(special);
}
await Promise.all([r, LoginToken.save(login)]);
res.json({ request });
}
)
);
U2FRoute.put(
"/",
Stacker(
GetUserMiddleware(true, false, undefined, false),
async (req, res) => {
let { login, special } = req.token;
let twofactor: IYubiKey = await TwoFactor.findOne({
user: req.user._id,
type: TwoFATypes.U2F,
valid: true,
});
let { response } = req.body;
if (
!twofactor ||
!login.data ||
login.data.type !== "ykr" ||
(special && (!special.data || special.data.type !== "ykr"))
) {
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
if (twofactor.expires && moment().isAfter(twofactor.expires)) {
twofactor.valid = false;
await TwoFactor.save(twofactor);
throw new RequestError(
"Invalid Method!",
HttpStatusCode.BAD_REQUEST
);
}
let login_exp;
let special_exp;
let result = u2f.checkSignature(
login.data.request,
response,
twofactor.data.publicKey
);
if (result.successful) {
if (special) {
let result = u2f.checkSignature(
special.data.request,
response,
twofactor.data.publicKey
);
if (result.successful) {
special_exp = await upgradeToken(special);
} else {
throw new RequestError(
result.errorMessage,
HttpStatusCode.BAD_REQUEST
);
}
}
login_exp = await upgradeToken(login);
} else {
throw new RequestError(
result.errorMessage,
HttpStatusCode.BAD_REQUEST
);
}
res.json({ success: true, login_exp, special_exp });
}
)
);
export default U2FRoute; export default U2FRoute;

90
src/config.ts
View File

@ -7,64 +7,68 @@ import * as ini from "ini";
dotenv.config(); dotenv.config();
export interface DatabaseConfig { export interface DatabaseConfig {
host: string host: string;
database: string database: string;
} }
export interface WebConfig { export interface WebConfig {
port: string port: string;
secure: "true" | "false" | undefined secure: "true" | "false" | undefined;
} }
export interface CoreConfig { export interface CoreConfig {
name: string name: string;
url: string url: string;
dev: boolean dev: boolean;
} }
export interface Config { export interface Config {
core: CoreConfig core: CoreConfig;
database: DatabaseConfig database: DatabaseConfig;
web: WebConfig web: WebConfig;
} }
const config = parse({ const config = (parse(
core: { {
dev: { core: {
default: false, dev: {
type: Boolean default: false,
type: Boolean,
},
name: {
type: String,
default: "Open Auth",
},
url: String,
}, },
name: {
type: String,
default: "Open Auth"
},
url: String
},
database: {
database: { database: {
type: String, database: {
default: "openauth" type: String,
default: "openauth",
},
host: {
type: String,
default: "localhost",
},
},
web: {
port: {
type: Number,
default: 3004,
},
secure: {
type: Boolean,
default: false,
},
}, },
host: {
type: String,
default: "localhost"
}
}, },
web: { "config.ini"
port: { ) as any) as Config;
type: Number,
default: 3004
},
secure: {
type: Boolean,
default: false
}
}
}, "config.ini") as any as Config;
if (process.env.DEV === "true") if (process.env.DEV === "true") config.core.dev = true;
config.core.dev = true;
if (config.core.dev) if (config.core.dev)
Logging.warning("DEV mode active. This can cause major performance issues, data loss and vulnerabilities! ") Logging.warning(
"DEV mode active. This can cause major performance issues, data loss and vulnerabilities! "
);
export default config; export default config;

8
src/database.ts
View File

@ -1,11 +1,11 @@
import SafeMongo from "@hibas123/safe_mongo"; import SafeMongo from "@hibas123/safe_mongo";
import Config from "./config" import Config from "./config";
let dbname = "openauth" let dbname = "openauth";
let host = "localhost" let host = "localhost";
if (Config.database) { if (Config.database) {
if (Config.database.database) dbname = Config.database.database; if (Config.database.database) dbname = Config.database.database;
if (Config.database.host) host = Config.database.host; if (Config.database.host) host = Config.database.host;
} }
if (Config.core.dev) dbname += "_dev"; if (Config.core.dev) dbname += "_dev";
const DB = new SafeMongo("mongodb://" + host, dbname); const DB = new SafeMongo("mongodb://" + host, dbname);
export default DB; export default DB;

4
src/express.d.ts vendored
View File

@ -11,6 +11,6 @@ declare module "express" {
token: { token: {
login: ILoginToken; login: ILoginToken;
special?: ILoginToken; special?: ILoginToken;
} };
} }
} }

70
src/helper/jwt.ts
View File

@ -9,42 +9,52 @@ export interface OAuthJWT {
user: string; user: string;
username: string; username: string;
permissions: string[]; permissions: string[];
application: string application: string;
} }
const issuer = config.core.url; const issuer = config.core.url;
export const IDTokenJWTExp = moment.duration(30, "m").asSeconds(); export const IDTokenJWTExp = moment.duration(30, "m").asSeconds();
export function getIDToken(user: IUser, client_id: string, nonce: string) { export function getIDToken(user: IUser, client_id: string, nonce: string) {
return createJWT({ return createJWT(
user: user.uid, {
name: user.name, user: user.uid,
nickname: user.username, name: user.name,
username: user.username, nickname: user.username,
preferred_username: user.username, username: user.username,
gender: Gender[user.gender], preferred_username: user.username,
nonce gender: Gender[user.gender],
}, { nonce,
expiresIn: IDTokenJWTExp, },
issuer, {
algorithm: "RS256", expiresIn: IDTokenJWTExp,
subject: user.uid, issuer,
audience: client_id algorithm: "RS256",
}) subject: user.uid,
audience: client_id,
}
);
} }
export const AccessTokenJWTExp = moment.duration(6, "h"); export const AccessTokenJWTExp = moment.duration(6, "h");
export function getAccessTokenJWT(token: { user: IUser, permissions: ObjectID[], client: IClient }) { export function getAccessTokenJWT(token: {
return createJWT(<OAuthJWT>{ user: IUser;
user: token.user.uid, permissions: ObjectID[];
username: token.user.username, client: IClient;
permissions: token.permissions.map(p => p.toHexString()), }) {
application: token.client.client_id return createJWT(
}, { <OAuthJWT>{
expiresIn: AccessTokenJWTExp.asSeconds(), user: token.user.uid,
issuer, username: token.user.username,
algorithm: "RS256", permissions: token.permissions.map((p) => p.toHexString()),
subject: token.user.uid, application: token.client.client_id,
audience: token.client.client_id },
}) {
} expiresIn: AccessTokenJWTExp.asSeconds(),
issuer,
algorithm: "RS256",
subject: token.user.uid,
audience: token.client.client_id,
}
);
}

10
src/helper/promiseMiddleware.ts
View File

@ -1,5 +1,7 @@
import { Request, Response, NextFunction } from "express" import { Request, Response, NextFunction } from "express";
export default (fn: (req: Request, res: Response, next: NextFunction) => Promise<any>) => (req: Request, res: Response, next: NextFunction) => { export default (
Promise.resolve(fn(req, res, next)).catch(next) fn: (req: Request, res: Response, next: NextFunction) => Promise<any>
} ) => (req: Request, res: Response, next: NextFunction) => {
Promise.resolve(fn(req, res, next)).catch(next);
};

2
src/helper/random.ts
View File

@ -2,4 +2,4 @@ import { randomBytes } from "crypto";
export function randomString(length: number) { export function randomString(length: number) {
return randomBytes(length).toString("base64").slice(0, length); return randomBytes(length).toString("base64").slice(0, length);
} }

16
src/helper/request_error.ts
View File

@ -1,10 +1,8 @@
/** /**
* Hypertext Transfer Protocol (HTTP) response status codes. * Hypertext Transfer Protocol (HTTP) response status codes.
* @see {@link https://en.wikipedia.org/wiki/List_of_HTTP_status_codes} * @see {@link https://en.wikipedia.org/wiki/List_of_HTTP_status_codes}
*/ */
export enum HttpStatusCode { export enum HttpStatusCode {
/** /**
* The server has received the request headers and the client should proceed to send the request body * The server has received the request headers and the client should proceed to send the request body
* (in the case of a request for which a body needs to be sent; for example, a POST request). * (in the case of a request for which a body needs to be sent; for example, a POST request).
@ -376,13 +374,17 @@ export enum HttpStatusCode {
* Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used * Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used
* to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot). * to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
*/ */
NETWORK_AUTHENTICATION_REQUIRED = 511 NETWORK_AUTHENTICATION_REQUIRED = 511,
} }
export default class RequestError extends Error { export default class RequestError extends Error {
constructor(message: any, public status: HttpStatusCode, public nolog: boolean = false, public additional: any = undefined) { constructor(
super("") message: any,
public status: HttpStatusCode,
public nolog: boolean = false,
public additional: any = undefined
) {
super("");
this.message = message; this.message = message;
} }
} }

16
src/helper/user_key.ts
View File

@ -1,14 +1,18 @@
// import * as crypto from "crypto-js" // import * as crypto from "crypto-js"
import { IUser } from "../models/user"; import { IUser } from "../models/user";
import { IClient } from "../models/client"; import { IClient } from "../models/client";
import * as crypto from "crypto" import * as crypto from "crypto";
function sha512(text: string) { function sha512(text: string) {
let hash = crypto.createHash("sha512") let hash = crypto.createHash("sha512");
hash.update(text) hash.update(text);
return hash.digest("base64") return hash.digest("base64");
} }
export function getEncryptionKey(user: IUser, client: IClient) { export function getEncryptionKey(user: IUser, client: IClient) {
return sha512(sha512(user.encryption_key) + sha512(client._id.toHexString()) + sha512(client.client_id)) return sha512(
} sha512(user.encryption_key) +
sha512(client._id.toHexString()) +
sha512(client.client_id)
);
}

103
src/index.ts
View File

@ -13,67 +13,78 @@ import config from "./config";
// } // }
if (!config.web) { if (!config.web) {
Logging.error("No web config set. Terminating.") Logging.error("No web config set. Terminating.");
process.exit(); process.exit();
} }
import * as i18n from "i18n" import * as i18n from "i18n";
i18n.configure({ i18n.configure({
locales: ["en", "de"], locales: ["en", "de"],
directory: "./locales", directory: "./locales",
}) });
import Web from "./web"; import Web from "./web";
import TestData from "./testdata"; import TestData from "./testdata";
import DB from "./database"; import DB from "./database";
Logging.log("Connecting to Database") Logging.log("Connecting to Database");
if (config.core.dev) { if (config.core.dev) {
Logging.warning("Running in dev mode! Database will be cleared!") Logging.warning("Running in dev mode! Database will be cleared!");
} }
DB.connect().then(async () => { DB.connect()
Logging.log("Database connected") .then(async () => {
if (config.core.dev) Logging.log("Database connected");
await TestData() if (config.core.dev) await TestData();
let web = new Web(config.web) let web = new Web(config.web);
web.listen() web.listen();
let already = new Set(); let already = new Set();
function print(path, layer) { function print(path, layer) {
if (layer.route) { if (layer.route) {
layer.route.stack.forEach(print.bind(null, path.concat(split(layer.route.path)))) layer.route.stack.forEach(
} else if (layer.name === 'router' && layer.handle.stack) { print.bind(null, path.concat(split(layer.route.path)))
layer.handle.stack.forEach(print.bind(null, path.concat(split(layer.regexp)))) );
} else if (layer.method) { } else if (layer.name === "router" && layer.handle.stack) {
let me: string = layer.method.toUpperCase(); layer.handle.stack.forEach(
me += " ".repeat(6 - me.length); print.bind(null, path.concat(split(layer.regexp)))
let msg = `${me} /${path.concat(split(layer.regexp)).filter(Boolean).join('/')}`; );
if (!already.has(msg)) { } else if (layer.method) {
already.add(msg); let me: string = layer.method.toUpperCase();
Logging.log(msg); me += " ".repeat(6 - me.length);
let msg = `${me} /${path
.concat(split(layer.regexp))
.filter(Boolean)
.join("/")}`;
if (!already.has(msg)) {
already.add(msg);
Logging.log(msg);
}
} }
} }
}
function split(thing) { function split(thing) {
if (typeof thing === 'string') { if (typeof thing === "string") {
return thing.split('/') return thing.split("/");
} else if (thing.fast_slash) { } else if (thing.fast_slash) {
return '' return "";
} else { } else {
var match = thing.toString() var match = thing
.replace('\\/?', '') .toString()
.replace('(?=\\/|$)', '$') .replace("\\/?", "")
.match(/^\/\^((?:\\[.*+?^${}()|[\]\\\/]|[^.*+?^${}()|[\]\\\/])*)\$\//) .replace("(?=\\/|$)", "$")
return match .match(
? match[1].replace(/\\(.)/g, '$1').split('/') /^\/\^((?:\\[.*+?^${}()|[\]\\\/]|[^.*+?^${}()|[\]\\\/])*)\$\//
: '<complex:' + thing.toString() + '>' );
return match
? match[1].replace(/\\(.)/g, "$1").split("/")
: "<complex:" + thing.toString() + ">";
}
} }
} // Logging.log("--- Endpoints: ---");
// Logging.log("--- Endpoints: ---"); // web.server._router.stack.forEach(print.bind(null, []))
// web.server._router.stack.forEach(print.bind(null, [])) // Logging.log("--- Endpoints end ---")
// Logging.log("--- Endpoints end ---") })
}).catch(e => { .catch((e) => {
Logging.error(e) Logging.error(e);
process.exit(); process.exit();
}) });

42
src/keys.ts
View File

@ -1,10 +1,10 @@
import Logging from "@hibas123/nodelogging"; import Logging from "@hibas123/nodelogging";
import * as fs from "fs" import * as fs from "fs";
let private_key: string; let private_key: string;
let rsa: RSA; let rsa: RSA;
export function sign(message: Buffer): Buffer { export function sign(message: Buffer): Buffer {
return rsa.sign(message, "buffer") return rsa.sign(message, "buffer");
} }
export function verify(message: Buffer, signature: Buffer): boolean { export function verify(message: Buffer, signature: Buffer): boolean {
@ -19,28 +19,28 @@ import config from "./config";
export function createJWT(payload: any, options: jwt.SignOptions) { export function createJWT(payload: any, options: jwt.SignOptions) {
return new Promise<string>((resolve, reject) => { return new Promise<string>((resolve, reject) => {
return jwt.sign(payload, private_key, options, (err, token) => { return jwt.sign(payload, private_key, options, (err, token) => {
if (err) reject(err) if (err) reject(err);
else resolve(token) else resolve(token);
}); });
}) });
} }
export async function validateJWT(data: string) { export async function validateJWT(data: string) {
return new Promise<any>((resolve, reject) => { return new Promise<any>((resolve, reject) => {
jwt.verify(data, public_key, (err, valid) => { jwt.verify(data, public_key, (err, valid) => {
if (err) reject(err) if (err) reject(err);
else resolve(valid) else resolve(valid);
}); });
}) });
} }
let create = false; let create = false;
if (fs.existsSync("./keys")) { if (fs.existsSync("./keys")) {
if (fs.existsSync("./keys/private.pem")) { if (fs.existsSync("./keys/private.pem")) {
if (fs.existsSync("./keys/public.pem")) { if (fs.existsSync("./keys/public.pem")) {
Logging.log("Using existing private and public key") Logging.log("Using existing private and public key");
private_key = fs.readFileSync("./keys/private.pem").toString("utf8") private_key = fs.readFileSync("./keys/private.pem").toString("utf8");
public_key = fs.readFileSync("./keys/public.pem").toString("utf8") public_key = fs.readFileSync("./keys/public.pem").toString("utf8");
if (!private_key || !public_key) { if (!private_key || !public_key) {
create = true; create = true;
@ -49,21 +49,21 @@ if (fs.existsSync("./keys")) {
} else create = true; } else create = true;
} else create = true; } else create = true;
import * as RSA from "node-rsa" import * as RSA from "node-rsa";
if (create === true) { if (create === true) {
Logging.log("Started RSA Key gen") Logging.log("Started RSA Key gen");
let rsa = new RSA({ b: 4096 }); let rsa = new RSA({ b: 4096 });
private_key = rsa.exportKey("private") private_key = rsa.exportKey("private");
public_key = rsa.exportKey("public") public_key = rsa.exportKey("public");
if (!fs.existsSync("./keys")) { if (!fs.existsSync("./keys")) {
fs.mkdirSync("./keys") fs.mkdirSync("./keys");
} }
fs.writeFileSync("./keys/private.pem", private_key) fs.writeFileSync("./keys/private.pem", private_key);
fs.writeFileSync("./keys/public.pem", public_key) fs.writeFileSync("./keys/public.pem", public_key);
Logging.log("Key pair generated") Logging.log("Key pair generated");
} }
rsa = new RSA(private_key, "private") rsa = new RSA(private_key, "private");
rsa.importKey(public_key, "public") rsa.importKey(public_key, "public");

30
src/models/client.ts
View File

@ -4,21 +4,21 @@ import { ObjectID } from "mongodb";
import { v4 } from "uuid"; import { v4 } from "uuid";
export interface IClient extends ModelDataBase { export interface IClient extends ModelDataBase {
maintainer: ObjectID maintainer: ObjectID;
internal: boolean internal: boolean;
name: string name: string;
redirect_url: string redirect_url: string;
website: string website: string;
logo?: string logo?: string;
client_id: string client_id: string;
client_secret: string client_secret: string;
} }
const Client = DB.addModel<IClient>({ const Client = DB.addModel<IClient>({
name: "client", name: "client",
versions: [ versions: [
{ {
migration: () => { }, migration: () => {},
schema: { schema: {
maintainer: { type: ObjectID }, maintainer: { type: ObjectID },
internal: { type: Boolean, default: false }, internal: { type: Boolean, default: false },
@ -27,10 +27,10 @@ const Client = DB.addModel<IClient>({
website: { type: String }, website: { type: String },
logo: { type: String, optional: true }, logo: { type: String, optional: true },
client_id: { type: String, default: () => v4() }, client_id: { type: String, default: () => v4() },
client_secret: { type: String } client_secret: { type: String },
} },
} },
] ],
}) });
export default Client; export default Client;

30
src/models/client_code.ts
View File

@ -4,24 +4,26 @@ import { ObjectID } from "mongodb";
import { v4 } from "uuid"; import { v4 } from "uuid";
export interface IClientCode extends ModelDataBase { export interface IClientCode extends ModelDataBase {
user: ObjectID user: ObjectID;
code: string; code: string;
client: ObjectID client: ObjectID;
permissions: ObjectID[] permissions: ObjectID[];
validTill: Date; validTill: Date;
} }
const ClientCode = DB.addModel<IClientCode>({ const ClientCode = DB.addModel<IClientCode>({
name: "client_code", name: "client_code",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
user: { type: ObjectID }, schema: {
code: { type: String }, user: { type: ObjectID },
client: { type: ObjectID }, code: { type: String },
permissions: { type: Array }, client: { type: ObjectID },
validTill: { type: Date } permissions: { type: Array },
} validTill: { type: Date },
}] },
},
],
}); });
export default ClientCode; export default ClientCode;

20
src/models/grants.ts
View File

@ -10,14 +10,16 @@ export interface IGrant extends ModelDataBase {
const Grant = DB.addModel<IGrant>({ const Grant = DB.addModel<IGrant>({
name: "grant", name: "grant",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
user: { type: ObjectID }, schema: {
client: { type: ObjectID }, user: { type: ObjectID },
permissions: { type: ObjectID, array: true } client: { type: ObjectID },
} permissions: { type: ObjectID, array: true },
}] },
}) },
],
});
export default Grant; export default Grant;

91
src/models/login_token.ts
View File

@ -16,52 +16,61 @@ export interface ILoginToken extends ModelDataBase {
} }
const LoginToken = DB.addModel<ILoginToken>({ const LoginToken = DB.addModel<ILoginToken>({
name: "login_token", name: "login_token",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
token: { type: String }, schema: {
special: { type: Boolean, default: () => false }, token: { type: String },
user: { type: ObjectID }, special: { type: Boolean, default: () => false },
validTill: { type: Date }, user: { type: ObjectID },
valid: { type: Boolean } validTill: { type: Date },
} valid: { type: Boolean },
}, { },
migration: (doc: ILoginToken) => { doc.validated = true; }, },
schema: { {
token: { type: String }, migration: (doc: ILoginToken) => {
special: { type: Boolean, default: () => false }, doc.validated = true;
user: { type: ObjectID }, },
validTill: { type: Date }, schema: {
valid: { type: Boolean }, token: { type: String },
validated: { type: Boolean, default: false } special: { type: Boolean, default: () => false },
} user: { type: ObjectID },
}, { validTill: { type: Date },
migration: (doc: ILoginToken) => { doc.validated = true; }, valid: { type: Boolean },
schema: { validated: { type: Boolean, default: false },
token: { type: String }, },
special: { type: Boolean, default: () => false }, },
user: { type: ObjectID }, {
validTill: { type: Date }, migration: (doc: ILoginToken) => {
valid: { type: Boolean }, doc.validated = true;
validated: { type: Boolean, default: false }, },
data: { type: "any", optional: true }, schema: {
ip: { type: String, optional: true }, token: { type: String },
browser: { type: String, optional: true } special: { type: Boolean, default: () => false },
} user: { type: ObjectID },
}] validTill: { type: Date },
}) valid: { type: Boolean },
validated: { type: Boolean, default: false },
data: { type: "any", optional: true },
ip: { type: String, optional: true },
browser: { type: String, optional: true },
},
},
],
});
export async function CheckToken(token: ILoginToken, validated: boolean = true): Promise<boolean> { export async function CheckToken(
if (!token || !token.valid) token: ILoginToken,
return false; validated: boolean = true
if (validated && !token.validated) ): Promise<boolean> {
return false; if (!token || !token.valid) return false;
if (validated && !token.validated) return false;
if (moment().isAfter(token.validTill)) { if (moment().isAfter(token.validTill)) {
token.valid = false; token.valid = false;
await LoginToken.save(token) await LoginToken.save(token);
return false; return false;
} }
return true; return true;
} }
export default LoginToken; export default LoginToken;

22
src/models/mail.ts
View File

@ -9,14 +9,16 @@ export interface IMail extends ModelDataBase {
const Mail = DB.addModel<IMail>({ const Mail = DB.addModel<IMail>({
name: "mail", name: "mail",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
mail: { type: String }, schema: {
verified: { type: Boolean, default: false }, mail: { type: String },
primary: { type: Boolean } verified: { type: Boolean, default: false },
} primary: { type: Boolean },
}] },
}) },
],
});
export default Mail; export default Mail;

39
src/models/permissions.ts
View File

@ -11,22 +11,27 @@ export interface IPermission extends ModelDataBase {
const Permission = DB.addModel<IPermission>({ const Permission = DB.addModel<IPermission>({
name: "permission", name: "permission",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
name: { type: String }, schema: {
description: { type: String }, name: { type: String },
client: { type: ObjectID } description: { type: String },
} client: { type: ObjectID },
}, { },
migration: (old) => { old.grant_type = "user" }, },
schema: { {
name: { type: String }, migration: (old) => {
description: { type: String }, old.grant_type = "user";
client: { type: ObjectID }, },
grant_type: { type: String, default: "user" } schema: {
} name: { type: String },
}] description: { type: String },
}) client: { type: ObjectID },
grant_type: { type: String, default: "user" },
},
},
],
});
export default Permission; export default Permission;

28
src/models/refresh_token.ts
View File

@ -14,17 +14,19 @@ export interface IRefreshToken extends ModelDataBase {
const RefreshToken = DB.addModel<IRefreshToken>({ const RefreshToken = DB.addModel<IRefreshToken>({
name: "refresh_token", name: "refresh_token",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
token: { type: String }, schema: {
user: { type: ObjectID }, token: { type: String },
client: { type: ObjectID }, user: { type: ObjectID },
permissions: { type: Array }, client: { type: ObjectID },
validTill: { type: Date }, permissions: { type: Array },
valid: { type: Boolean } validTill: { type: Date },
} valid: { type: Boolean },
}] },
}) },
],
});
export default RefreshToken; export default RefreshToken;

22
src/models/regcodes.ts
View File

@ -11,15 +11,17 @@ export interface IRegCode extends ModelDataBase {
const RegCode = DB.addModel<IRegCode>({ const RegCode = DB.addModel<IRegCode>({
name: "reg_code", name: "reg_code",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
token: { type: String }, schema: {
valid: { type: Boolean }, token: { type: String },
validTill: { type: Date } valid: { type: Boolean },
} validTill: { type: Date },
}] },
}) },
],
});
export default RegCode; export default RegCode;
@ -52,4 +54,4 @@ export default RegCode;
// @Column // @Column
// @DeletedAt // @DeletedAt
// deletionDate: Date; // deletionDate: Date;
// } // }

38
src/models/twofactor.ts
View File

@ -6,7 +6,7 @@ export enum TFATypes {
OTC, OTC,
BACKUP_CODE, BACKUP_CODE,
U2F, U2F,
APP_ALLOW APP_ALLOW,
} }
export const TFANames = new Map<TFATypes, string>(); export const TFANames = new Map<TFATypes, string>();
@ -16,11 +16,11 @@ TFANames.set(TFATypes.U2F, "Security Key (U2F)");
TFANames.set(TFATypes.APP_ALLOW, "App Push"); TFANames.set(TFATypes.APP_ALLOW, "App Push");
export interface ITwoFactor extends ModelDataBase { export interface ITwoFactor extends ModelDataBase {
user: ObjectID user: ObjectID;
valid: boolean valid: boolean;
expires?: Date; expires?: Date;
name?: string; name?: string;
type: TFATypes type: TFATypes;
data: any; data: any;
} }
@ -33,7 +33,7 @@ export interface IYubiKey extends ITwoFactor {
registration?: any; registration?: any;
publicKey: string; publicKey: string;
keyHandle: string; keyHandle: string;
} };
} }
export interface IU2F extends ITwoFactor { export interface IU2F extends ITwoFactor {
@ -42,7 +42,7 @@ export interface IU2F extends ITwoFactor {
publicKey: string; publicKey: string;
keyHandle: string; keyHandle: string;
registration?: string; registration?: string;
} };
} }
export interface IBackupCode extends ITwoFactor { export interface IBackupCode extends ITwoFactor {
@ -51,17 +51,19 @@ export interface IBackupCode extends ITwoFactor {
const TwoFactor = DB.addModel<ITwoFactor>({ const TwoFactor = DB.addModel<ITwoFactor>({
name: "twofactor", name: "twofactor",
versions: [{ versions: [
migration: (e) => { }, {
schema: { migration: (e) => {},
user: { type: ObjectID }, schema: {
valid: { type: Boolean }, user: { type: ObjectID },
expires: { type: Date, optional: true }, valid: { type: Boolean },
name: { type: String, optional: true }, expires: { type: Date, optional: true },
type: { type: Number }, name: { type: String, optional: true },
data: { type: "any" }, type: { type: Number },
} data: { type: "any" },
}] },
},
],
}); });
export default TwoFactor; export default TwoFactor;

197
src/models/user.ts
View File

@ -8,7 +8,7 @@ export enum Gender {
none, none,
male, male,
female, female,
other other,
} }
export interface IUser extends ModelDataBase { export interface IUser extends ModelDataBase {
@ -16,112 +16,119 @@ export interface IUser extends ModelDataBase {
username: string; username: string;
name: string; name: string;
birthday?: Date birthday?: Date;
gender: Gender; gender: Gender;
admin: boolean; admin: boolean;
password: string; password: string;
salt: string; salt: string;
mails: ObjectID[]; mails: ObjectID[];
phones: { phone: string, verified: boolean, primary: boolean }[]; phones: { phone: string; verified: boolean; primary: boolean }[];
encryption_key: string; encryption_key: string;
} }
const User = DB.addModel<IUser>({ const User = DB.addModel<IUser>({
name: "user", name: "user",
versions: [{ versions: [
migration: () => { }, {
schema: { migration: () => {},
uid: { type: String, default: () => v4() }, schema: {
username: { type: String }, uid: { type: String, default: () => v4() },
name: { type: String }, username: { type: String },
birthday: { type: Date, optional: true }, name: { type: String },
gender: { type: Number }, birthday: { type: Date, optional: true },
admin: { type: Boolean }, gender: { type: Number },
password: { type: String }, admin: { type: Boolean },
salt: { type: String }, password: { type: String },
mails: { type: Array, default: () => [] }, salt: { type: String },
phones: { mails: { type: Array, default: () => [] },
array: true, phones: {
model: true, array: true,
type: { model: true,
phone: { type: String }, type: {
verified: { type: Boolean }, phone: { type: String },
primary: { type: Boolean } verified: { type: Boolean },
} primary: { type: Boolean },
},
},
twofactor: {
array: true,
model: true,
type: {
token: { type: String },
valid: { type: Boolean },
type: { type: Number },
},
},
}, },
twofactor: { },
array: true, {
model: true, migration: (e: IUser) => {
type: { e.encryption_key = randomString(64);
token: { type: String },
valid: { type: Boolean },
type: { type: Number }
}
}
}
}, {
migration: (e: IUser) => { e.encryption_key = randomString(64) },
schema: {
uid: { type: String, default: () => v4() },
username: { type: String },
name: { type: String },
birthday: { type: Date, optional: true },
gender: { type: Number },
admin: { type: Boolean },
password: { type: String },
salt: { type: String },
mails: { type: Array, default: () => [] },
phones: {
array: true,
model: true,
type: {
phone: { type: String },
verified: { type: Boolean },
primary: { type: Boolean }
}
}, },
twofactor: { schema: {
array: true, uid: { type: String, default: () => v4() },
model: true, username: { type: String },
type: { name: { type: String },
token: { type: String }, birthday: { type: Date, optional: true },
valid: { type: Boolean }, gender: { type: Number },
type: { type: Number } admin: { type: Boolean },
} password: { type: String },
salt: { type: String },
mails: { type: Array, default: () => [] },
phones: {
array: true,
model: true,
type: {
phone: { type: String },
verified: { type: Boolean },
primary: { type: Boolean },
},
},
twofactor: {
array: true,
model: true,
type: {
token: { type: String },
valid: { type: Boolean },
type: { type: Number },
},
},
encryption_key: {
type: String,
default: () => randomString(64),
},
}, },
encryption_key: { },
type: String, {
default: () => randomString(64) migration: (e: any) => {
} delete e.twofactor;
}
},
{
migration: (e: any) => { delete e.twofactor },
schema: {
uid: { type: String, default: () => v4() },
username: { type: String },
name: { type: String },
birthday: { type: Date, optional: true },
gender: { type: Number },
admin: { type: Boolean },
password: { type: String },
salt: { type: String },
mails: { type: Array, default: () => [] },
phones: {
array: true,
model: true,
type: {
phone: { type: String },
verified: { type: Boolean },
primary: { type: Boolean }
}
}, },
encryption_key: { schema: {
type: String, uid: { type: String, default: () => v4() },
default: () => randomString(64) username: { type: String },
} name: { type: String },
} birthday: { type: Date, optional: true },
}] gender: { type: Number },
}) admin: { type: Boolean },
password: { type: String },
salt: { type: String },
mails: { type: Array, default: () => [] },
phones: {
array: true,
model: true,
type: {
phone: { type: String },
verified: { type: Boolean },
primary: { type: Boolean },
},
},
encryption_key: {
type: String,
default: () => randomString(64),
},
},
},
],
});
export default User; export default User;

50
src/testdata.ts
View File

@ -8,7 +8,6 @@ import { ObjectID } from "bson";
import DB from "./database"; import DB from "./database";
import TwoFactor from "./models/twofactor"; import TwoFactor from "./models/twofactor";
import * as speakeasy from "speakeasy"; import * as speakeasy from "speakeasy";
import LoginToken from "./models/login_token"; import LoginToken from "./models/login_token";
import Mail from "./models/mail"; import Mail from "./models/mail";
@ -21,13 +20,12 @@ export default async function TestData() {
mail = Mail.new({ mail = Mail.new({
mail: "test@test.de", mail: "test@test.de",
primary: true, primary: true,
verified: true verified: true,
}) });
await Mail.save(mail); await Mail.save(mail);
} }
let u = await User.findOne({ username: "test" }); let u = await User.findOne({ username: "test" });
if (!u) { if (!u) {
Logging.log("Adding test user"); Logging.log("Adding test user");
@ -36,21 +34,22 @@ export default async function TestData() {
birthday: new Date(), birthday: new Date(),
gender: Gender.male, gender: Gender.male,
name: "Test Test", name: "Test Test",
password: "125d6d03b32c84d492747f79cf0bf6e179d287f341384eb5d6d3197525ad6be8e6df0116032935698f99a09e265073d1d6c32c274591bf1d0a20ad67cba921bc", password:
"125d6d03b32c84d492747f79cf0bf6e179d287f341384eb5d6d3197525ad6be8e6df0116032935698f99a09e265073d1d6c32c274591bf1d0a20ad67cba921bc",
salt: "test", salt: "test",
admin: true, admin: true,
phones: [ phones: [
{ phone: "+4915962855955", primary: true, verified: true }, { phone: "+4915962855955", primary: true, verified: true },
{ phone: "+4915962855932", primary: false, verified: false } { phone: "+4915962855932", primary: false, verified: false },
], ],
mails: [mail._id] mails: [mail._id],
}) });
await User.save(u); await User.save(u);
} }
let c = await Client.findOne({ client_id: "test001" }); let c = await Client.findOne({ client_id: "test001" });
if (!c) { if (!c) {
Logging.log("Adding test client") Logging.log("Adding test client");
c = Client.new({ c = Client.new({
client_id: "test001", client_id: "test001",
client_secret: "test001", client_secret: "test001",
@ -58,19 +57,19 @@ export default async function TestData() {
maintainer: u._id, maintainer: u._id,
name: "Test Client", name: "Test Client",
website: "http://example.com", website: "http://example.com",
redirect_url: "http://example.com" redirect_url: "http://example.com",
}) });
await Client.save(c); await Client.save(c);
} }
let perm = await Permission.findOne({ id: 0 }); let perm = await Permission.findOne({ id: 0 });
if (!perm) { if (!perm) {
Logging.log("Adding test permission") Logging.log("Adding test permission");
perm = Permission.new({ perm = Permission.new({
_id: new ObjectID("507f1f77bcf86cd799439011"), _id: new ObjectID("507f1f77bcf86cd799439011"),
name: "TestPerm", name: "TestPerm",
description: "Permission just for testing purposes", description: "Permission just for testing purposes",
client: c._id client: c._id,
}); });
await (await (Permission as any)._collection).insertOne(perm); await (await (Permission as any)._collection).insertOne(perm);
@ -80,30 +79,29 @@ export default async function TestData() {
let r = await RegCode.findOne({ token: "test" }); let r = await RegCode.findOne({ token: "test" });
if (!r) { if (!r) {
Logging.log("Adding test reg_code") Logging.log("Adding test reg_code");
r = RegCode.new({ r = RegCode.new({
token: "test", token: "test",
valid: true, valid: true,
validTill: moment().add("1", "year").toDate() validTill: moment().add("1", "year").toDate(),
}) });
await RegCode.save(r); await RegCode.save(r);
} }
let t = await TwoFactor.findOne({ user: u._id, type: 0 }) let t = await TwoFactor.findOne({ user: u._id, type: 0 });
if (!t) { if (!t) {
t = TwoFactor.new({ t = TwoFactor.new({
user: u._id, user: u._id,
type: 0, type: 0,
valid: true, valid: true,
data: "IIRW2P2UJRDDO2LDIRYW4LSREZLWMOKDNBJES2LLHRREK3R6KZJQ", data: "IIRW2P2UJRDDO2LDIRYW4LSREZLWMOKDNBJES2LLHRREK3R6KZJQ",
expires: null expires: null,
}) });
TwoFactor.save(t); TwoFactor.save(t);
} }
let login_token = await LoginToken.findOne({ token: "test01" }); let login_token = await LoginToken.findOne({ token: "test01" });
if (login_token) if (login_token) await LoginToken.delete(login_token);
await LoginToken.delete(login_token);
login_token = LoginToken.new({ login_token = LoginToken.new({
browser: "DEMO", browser: "DEMO",
@ -113,13 +111,12 @@ export default async function TestData() {
valid: true, valid: true,
validTill: moment().add("10", "years").toDate(), validTill: moment().add("10", "years").toDate(),
user: u._id, user: u._id,
validated: true validated: true,
}); });
await LoginToken.save(login_token); await LoginToken.save(login_token);
let special_token = await LoginToken.findOne({ token: "test02" }); let special_token = await LoginToken.findOne({ token: "test02" });
if (special_token) if (special_token) await LoginToken.delete(special_token);
await LoginToken.delete(special_token);
special_token = LoginToken.new({ special_token = LoginToken.new({
browser: "DEMO", browser: "DEMO",
@ -129,11 +126,10 @@ export default async function TestData() {
valid: true, valid: true,
validTill: moment().add("10", "years").toDate(), validTill: moment().add("10", "years").toDate(),
user: u._id, user: u._id,
validated: true validated: true,
}); });
await LoginToken.save(special_token); await LoginToken.save(special_token);
// setInterval(() => { // setInterval(() => {
// let code = speakeasy.totp({ // let code = speakeasy.totp({
// secret: t.data, // secret: t.data,
@ -141,4 +137,4 @@ export default async function TestData() {
// }) // })
// Logging.debug("OTC Code is:", code); // Logging.debug("OTC Code is:", code);
// }, 1000) // }, 1000)
} }

12
src/views/admin.ts
View File

@ -1,6 +1,6 @@
import * as handlebars from "handlebars" import * as handlebars from "handlebars";
import { readFileSync } from "fs"; import { readFileSync } from "fs";
import { __ as i__ } from "i18n" import { __ as i__ } from "i18n";
import config from "../config"; import config from "../config";
let template: handlebars.TemplateDelegate<any>; let template: handlebars.TemplateDelegate<any>;
@ -11,11 +11,11 @@ function loadStatic() {
export default function GetAdminPage(__: typeof i__): string { export default function GetAdminPage(__: typeof i__): string {
if (config.core.dev) { if (config.core.dev) {
loadStatic() loadStatic();
} }
let data = {} let data = {};
return template(data, { helpers: { "i18n": __ } }) return template(data, { helpers: { i18n: __ } });
} }
loadStatic() loadStatic();

34
src/views/authorize.ts
View File

@ -1,26 +1,34 @@
import { compile, TemplateDelegate } from "handlebars" import { compile, TemplateDelegate } from "handlebars";
import { readFileSync } from "fs"; import { readFileSync } from "fs";
import { __ as i__ } from "i18n" import { __ as i__ } from "i18n";
import config from "../config"; import config from "../config";
let template: TemplateDelegate<any>; let template: TemplateDelegate<any>;
function loadStatic() { function loadStatic() {
let html = readFileSync("./views/out/authorize/authorize.html").toString(); let html = readFileSync("./views/out/authorize/authorize.html").toString();
template = compile(html) template = compile(html);
} }
export default function GetAuthPage(__: typeof i__, appname: string, scopes: { name: string, description: string, logo: string }[]): string { export default function GetAuthPage(
__: typeof i__,
appname: string,
scopes: { name: string; description: string; logo: string }[]
): string {
if (config.core.dev) { if (config.core.dev) {
loadStatic() loadStatic();
} }
return template({ return template(
title: __("Authorize %s", appname), {
information: __("By clicking on ALLOW, you allow this app to access the requested recources."), title: __("Authorize %s", appname),
scopes: scopes, information: __(
// request: request "By clicking on ALLOW, you allow this app to access the requested recources."
}, { helpers: { "i18n": __ } }); ),
scopes: scopes,
// request: request
},
{ helpers: { i18n: __ } }
);
} }
loadStatic() loadStatic();

16
src/views/login.ts
View File

@ -1,6 +1,6 @@
import * as handlebars from "handlebars" import * as handlebars from "handlebars";
import { readFileSync } from "fs"; import { readFileSync } from "fs";
import { __ as i__ } from "i18n" import { __ as i__ } from "i18n";
import config from "../config"; import config from "../config";
let template: handlebars.TemplateDelegate<any>; let template: handlebars.TemplateDelegate<any>;
@ -16,8 +16,8 @@ function loadStatic() {
* - prod 6sec * - prod 6sec
* Mustache: * Mustache:
* - dev : 15sec * - dev : 15sec
* - prod: 12sec * - prod: 12sec
* *
* Handlebars: * Handlebars:
* Compile + Render * Compile + Render
* - dev 13sec * - dev 13sec
@ -29,11 +29,11 @@ function loadStatic() {
export default function GetLoginPage(__: typeof i__): string { export default function GetLoginPage(__: typeof i__): string {
if (config.core.dev) { if (config.core.dev) {
loadStatic() loadStatic();
} }
let data = {} let data = {};
return template(data, { helpers: { "i18n": __ } }); return template(data, { helpers: { i18n: __ } });
} }
loadStatic() loadStatic();

12
src/views/register.ts
View File

@ -1,6 +1,6 @@
import * as handlebars from "handlebars" import * as handlebars from "handlebars";
import { readFileSync } from "fs"; import { readFileSync } from "fs";
import { __ as i__ } from "i18n" import { __ as i__ } from "i18n";
import config from "../config"; import config from "../config";
let template: handlebars.TemplateDelegate<any>; let template: handlebars.TemplateDelegate<any>;
@ -11,11 +11,11 @@ function loadStatic() {
export default function GetRegistrationPage(__: typeof i__): string { export default function GetRegistrationPage(__: typeof i__): string {
if (config.core.dev) { if (config.core.dev) {
loadStatic() loadStatic();
} }
let data = {} let data = {};
return template(data, { helpers: { "i18n": __ } }) return template(data, { helpers: { i18n: __ } });
} }
loadStatic() loadStatic();

30
tsconfig.json
View File

@ -1,23 +1,17 @@
{ {
"compilerOptions": { "compilerOptions": {
/* Basic Options */ /* Basic Options */
"target": "es2017", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017','ES2018' or 'ESNEXT'. */ "target": "es2017" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017','ES2018' or 'ESNEXT'. */,
"module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */ "module": "commonjs" /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */,
"declaration": true, /* Generates corresponding '.d.ts' file. */ "declaration": true /* Generates corresponding '.d.ts' file. */,
"sourceMap": true, /* Generates corresponding '.map' file. */ "sourceMap": true /* Generates corresponding '.map' file. */,
"outDir": "./lib", /* Redirect output structure to the directory. */ "outDir": "./lib" /* Redirect output structure to the directory. */,
"strict": false, /* Enable all strict type-checking options. */ "strict": false /* Enable all strict type-checking options. */,
"preserveWatchOutput": true, "preserveWatchOutput": true,
"experimentalDecorators": true, /* Enables experimental support for ES7 decorators. */ "experimentalDecorators": true /* Enables experimental support for ES7 decorators. */,
"emitDecoratorMetadata": true, /* Enables experimental support for emitting type metadata for decorators. */ "emitDecoratorMetadata": true /* Enables experimental support for emitting type metadata for decorators. */
}, },
"exclude": [ "exclude": ["node_modules/"],
"node_modules/" "files": ["src/express.d.ts"],
], "include": ["./src"]
"files": [ }
"src/express.d.ts"
],
"include": [
"./src"
]
}

128
views/build.js
View File

@ -5,49 +5,45 @@ const {
copyFileSync, copyFileSync,
writeFileSync, writeFileSync,
readFileSync, readFileSync,
exists exists,
} = require('fs') } = require("fs");
const { const { join, basename, dirname } = require("path");
join,
basename,
dirname
} = require('path')
const isDirectory = (source) => lstatSync(source).isDirectory();
const getDirectories = (source) =>
const isDirectory = source => lstatSync(source).isDirectory() readdirSync(source)
const getDirectories = source => .map((name) => join(source, name))
readdirSync(source).map(name => join(source, name)).filter(isDirectory) .filter(isDirectory);
function ensureDir(folder) { function ensureDir(folder) {
try { try {
if (!isDirectory(folder)) mkdirSync(folder) if (!isDirectory(folder)) mkdirSync(folder);
} catch (e) { } catch (e) {
mkdirSync(folder) mkdirSync(folder);
} }
} }
const fileExists = (filename) =>
new Promise((yes, no) => exists(filename, (exi) => yes(exi)));
ensureDir("./out");
const fileExists = (filename) => new Promise((yes, no) => exists(filename, (exi) => yes(exi))); const sass = require("sass");
ensureDir("./out")
const sass = require('sass');
function findHead(elm) { function findHead(elm) {
if (elm.tagName === "head") return elm; if (elm.tagName === "head") return elm;
for (let i = 0; i < elm.childNodes.length; i++) { for (let i = 0; i < elm.childNodes.length; i++) {
let res = findHead(elm.childNodes[i]) let res = findHead(elm.childNodes[i]);
if (res) return res; if (res) return res;
} }
return undefined; return undefined;
} }
const rollup = require("rollup") const rollup = require("rollup");
const includepaths = require("rollup-plugin-includepaths") const includepaths = require("rollup-plugin-includepaths");
const typescript = require("rollup-plugin-typescript2"); const typescript = require("rollup-plugin-typescript2");
const resolve = require("rollup-plugin-node-resolve"); const resolve = require("rollup-plugin-node-resolve");
const minify = require("html-minifier").minify const minify = require("html-minifier").minify;
const gzipSize = require('gzip-size'); const gzipSize = require("gzip-size");
async function file_name(folder, name, exts) { async function file_name(folder, name, exts) {
for (let ext of exts) { for (let ext of exts) {
@ -61,58 +57,57 @@ async function buildPage(folder) {
const pagename = basename(folder); const pagename = basename(folder);
const outpath = "./out/" + pagename; const outpath = "./out/" + pagename;
ensureDir(outpath) ensureDir(outpath);
const basefile = await file_name(folder, pagename, ["tsx", "ts", "js"]); const basefile = await file_name(folder, pagename, ["tsx", "ts", "js"]);
let bundle = await rollup.rollup({ let bundle = await rollup.rollup({
input: basefile, input: basefile,
plugins: [ plugins: [
includepaths({ includepaths({
paths: ["shared", "node_modules"] paths: ["shared", "node_modules"],
}), }),
typescript(), typescript(),
resolve({ resolve({
// not all files you want to resolve are .js files // not all files you want to resolve are .js files
extensions: ['.mjs', '.js', '.jsx', '.json'], // Default: [ '.mjs', '.js', '.json', '.node' ] extensions: [".mjs", ".js", ".jsx", ".json"], // Default: [ '.mjs', '.js', '.json', '.node' ]
// whether to prefer built-in modules (e.g. `fs`, `path`) or // whether to prefer built-in modules (e.g. `fs`, `path`) or
// local ones with the same names // local ones with the same names
preferBuiltins: false, // Default: true preferBuiltins: false, // Default: true
}) }),
], ],
treeshake: true treeshake: true,
}) });
let { output } = await bundle.generate({ let { output } = await bundle.generate({
format: "iife", format: "iife",
compact: true compact: true,
}) });
let { code } = output[0]; let { code } = output[0];
let sass_res = sass.renderSync({ let sass_res = sass.renderSync({
file: folder + `/${pagename}.scss`, file: folder + `/${pagename}.scss`,
includePaths: ["./node_modules", folder, "./shared"], includePaths: ["./node_modules", folder, "./shared"],
outputStyle: "compressed" outputStyle: "compressed",
}) });
let css = "<style>\n" + sass_res.css.toString("utf8") + "\n</style>\n"; let css = "<style>\n" + sass_res.css.toString("utf8") + "\n</style>\n";
let script = "<script>\n" + code + "\n</script>\n"; let script = "<script>\n" + code + "\n</script>\n";
let html = readFileSync(`${folder}/${pagename}.hbs`).toString("utf8"); let html = readFileSync(`${folder}/${pagename}.hbs`).toString("utf8");
let idx = html.indexOf("</head>") let idx = html.indexOf("</head>");
if (idx < 0) throw new Error("No head element found") if (idx < 0) throw new Error("No head element found");
let idx2 = html.indexOf("</body>") let idx2 = html.indexOf("</body>");
if (idx2 < 0) throw new Error("No body element found") if (idx2 < 0) throw new Error("No body element found");
if (idx < idx2) { if (idx < idx2) {
let part1 = html.slice(0, idx) let part1 = html.slice(0, idx);
let part2 = html.slice(idx, idx2); let part2 = html.slice(idx, idx2);
let part3 = html.slice(idx2, html.length); let part3 = html.slice(idx2, html.length);
html = part1 + css + part2 + script + part3; html = part1 + css + part2 + script + part3;
} else { } else {
let part1 = html.slice(0, idx2) let part1 = html.slice(0, idx2);
let part2 = html.slice(idx2, idx); let part2 = html.slice(idx2, idx);
let part3 = html.slice(idx, html.length); let part3 = html.slice(idx, html.length);
html = part1 + script + part2 + css + part3; html = part1 + script + part2 + css + part3;
@ -126,45 +121,50 @@ async function buildPage(folder) {
minifyCSS: false, minifyCSS: false,
minifyJS: false, minifyJS: false,
removeComments: true, removeComments: true,
useShortDoctype: true useShortDoctype: true,
}) });
let gzips = await gzipSize(result) let gzips = await gzipSize(result);
writeFileSync(`${outpath}/${pagename}.html`, result) writeFileSync(`${outpath}/${pagename}.html`, result);
let stats = { let stats = {
sass: sass_res.stats, sass: sass_res.stats,
js: { js: {
chars: code.length chars: code.length,
}, },
css: { css: {
chars: css.length chars: css.length,
}, },
bundle_size: result.length, bundle_size: result.length,
gzip_size: gzips gzip_size: gzips,
} };
writeFileSync(outpath + `/stats.json`, JSON.stringify(stats, null, " ")) writeFileSync(outpath + `/stats.json`, JSON.stringify(stats, null, " "));
} }
async function run() { async function run() {
console.log("Start compiling!"); console.log("Start compiling!");
let pages = getDirectories("./src"); let pages = getDirectories("./src");
await Promise.all(pages.map(async e => { await Promise.all(
try { pages.map(async (e) => {
await buildPage(e) try {
} catch (er) { await buildPage(e);
console.error("Failed compiling", basename(e)) } catch (er) {
console.log(er) console.error("Failed compiling", basename(e));
} console.log(er);
})) }
console.log("Finished compiling!") })
);
console.log("Finished compiling!");
} }
const chokidar = require("chokidar"); const chokidar = require("chokidar");
if (process.argv.join(" ").toLowerCase().indexOf("watch") >= 0) if (process.argv.join(" ").toLowerCase().indexOf("watch") >= 0)
chokidar.watch(["./src", "./node_modules", "./package.json", "./package-lock.json"], { chokidar
ignoreInitial: true .watch(
}) ["./src", "./node_modules", "./package.json", "./package-lock.json"],
{
ignoreInitial: true,
}
)
.on("all", () => run()); .on("all", () => run());
run() run();

8
views/shared/cookie.js
View File

@ -1,15 +1,15 @@
export function setCookie(cname, cvalue, exdate) { export function setCookie(cname, cvalue, exdate) {
var expires = exdate ? `;expires=${exdate}` : ""; var expires = exdate ? `;expires=${exdate}` : "";
document.cookie = `${cname}=${cvalue}${expires}` document.cookie = `${cname}=${cvalue}${expires}`;
} }
export function getCookie(cname) { export function getCookie(cname) {
var name = cname + "="; var name = cname + "=";
var decodedCookie = decodeURIComponent(document.cookie); var decodedCookie = decodeURIComponent(document.cookie);
var ca = decodedCookie.split(';'); var ca = decodedCookie.split(";");
for (var i = 0; i < ca.length; i++) { for (var i = 0; i < ca.length; i++) {
var c = ca[i]; var c = ca[i];
while (c.charAt(0) == ' ') { while (c.charAt(0) == " ") {
c = c.substring(1); c = c.substring(1);
} }
if (c.indexOf(name) == 0) { if (c.indexOf(name) == 0) {
@ -17,4 +17,4 @@ export function getCookie(cname) {
} }
} }
return ""; return "";
} }

7
views/shared/event.js
View File

@ -2,12 +2,11 @@ export default function fireEvent(element, event) {
if (document.createEventObject) { if (document.createEventObject) {
// dispatch for IE // dispatch for IE
var evt = document.createEventObject(); var evt = document.createEventObject();
return element.fireEvent('on' + event, evt) return element.fireEvent("on" + event, evt);
} } else {
else {
// dispatch for firefox + others // dispatch for firefox + others
var evt = document.createEvent("HTMLEvents"); var evt = document.createEvent("HTMLEvents");
evt.initEvent(event, true, true); // event type,bubbling,cancelable evt.initEvent(event, true, true); // event type,bubbling,cancelable
return !element.dispatchEvent(evt); return !element.dispatchEvent(evt);
} }
} }

12
views/shared/formdata.js
View File

@ -1,14 +1,18 @@
export default function getFormData(element) { export default function getFormData(element) {
let data = {}; let data = {};
if (element.name !== undefined && element.name !== null && element.name !== "") { if (
element.name !== undefined &&
element.name !== null &&
element.name !== ""
) {
if (typeof element.name === "string") { if (typeof element.name === "string") {
if (element.type === "checkbox") data[element.name] = element.checked; if (element.type === "checkbox") data[element.name] = element.checked;
else data[element.name] = element.value; else data[element.name] = element.value;
} }
} }
element.childNodes.forEach(child => { element.childNodes.forEach((child) => {
let res = getFormData(child); let res = getFormData(child);
data = Object.assign(data, res); data = Object.assign(data, res);
}) });
return data; return data;
} }

22
views/shared/inputs.js
View File

@ -1,24 +1,24 @@
(() => { (() => {
const run = () => { const run = () => {
document.querySelectorAll(".floating>input").forEach(e => { document.querySelectorAll(".floating>input").forEach((e) => {
function checkState() { function checkState() {
if (e.value !== "") { if (e.value !== "") {
if (e.classList.contains("used")) return; if (e.classList.contains("used")) return;
e.classList.add("used") e.classList.add("used");
} else { } else {
if (e.classList.contains("used")) e.classList.remove("used") if (e.classList.contains("used")) e.classList.remove("used");
} }
} }
e.addEventListener("change", () => checkState()) e.addEventListener("change", () => checkState());
checkState() checkState();
}) });
} };
run(); run();
var mutationObserver = new MutationObserver(() => { var mutationObserver = new MutationObserver(() => {
run() run();
}); });
mutationObserver.observe(document.documentElement, { mutationObserver.observe(document.documentElement, {
@ -28,6 +28,6 @@
subtree: true, subtree: true,
}); });
window.Mutt window.Mutt;
window.addEventListener("DOMNodeInserted", () => run()) window.addEventListener("DOMNodeInserted", () => run());
})(); })();

24
views/shared/inputs.scss
View File

@ -5,7 +5,7 @@
min-height: 45px; min-height: 45px;
} }
.floating>input { .floating > input {
font-size: 18px; font-size: 18px;
padding: 10px 10px 10px 5px; padding: 10px 10px 10px 5px;
appearance: none; appearance: none;
@ -19,13 +19,13 @@
border-bottom: 1px solid #757575; border-bottom: 1px solid #757575;
} }
.floating>input:focus { .floating > input:focus {
outline: none; outline: none;
} }
/* Label */ /* Label */
.floating>label { .floating > label {
color: #999; color: #999;
font-size: 18px; font-size: 18px;
font-weight: normal; font-weight: normal;
@ -38,10 +38,10 @@
/* active */ /* active */
.floating>input:focus~label, .floating > input:focus ~ label,
.floating>input.used~label { .floating > input.used ~ label {
top: -.75em; top: -0.75em;
transform: scale(.75); transform: scale(0.75);
left: -2px; left: -2px;
/* font-size: 14px; */ /* font-size: 14px; */
color: $primary; color: $primary;
@ -58,7 +58,7 @@
.bar:before, .bar:before,
.bar:after { .bar:after {
content: ''; content: "";
height: 2px; height: 2px;
width: 0; width: 0;
bottom: 1px; bottom: 1px;
@ -77,8 +77,8 @@
/* active */ /* active */
.floating>input:focus~.bar:before, .floating > input:focus ~ .bar:before,
.floating>input:focus~.bar:after { .floating > input:focus ~ .bar:after {
width: 50%; width: 50%;
} }
@ -96,7 +96,7 @@
/* active */ /* active */
.floating>input:focus~.highlight { .floating > input:focus ~ .highlight {
animation: inputHighlighter 0.3s ease; animation: inputHighlighter 0.3s ease;
} }
@ -110,4 +110,4 @@
width: 0; width: 0;
background: transparent; background: transparent;
} }
} }

2
views/shared/mat_bs.scss
View File

@ -1,2 +1,2 @@
@import url("https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons"); @import url("https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Icons");
@import url("https://unpkg.com/bootstrap-material-design@4.1.1/dist/css/bootstrap-material-design.min.css"); @import url("https://unpkg.com/bootstrap-material-design@4.1.1/dist/css/bootstrap-material-design.min.css");

2
views/shared/preact.min.js vendored
View File

File diff suppressed because one or more lines are too long

28
views/shared/request.js
View File

@ -1,16 +1,26 @@
export default function request(endpoint, method, data) { export default function request(endpoint, method, data) {
var headers = new Headers(); var headers = new Headers();
headers.set('Content-Type', 'application/json'); headers.set("Content-Type", "application/json");
return fetch(endpoint, { return fetch(endpoint, {
method: method, method: method,
body: JSON.stringify(data), body: JSON.stringify(data),
headers: headers, headers: headers,
credentials: "include" credentials: "include",
}).then(async e => {
if (e.status !== 200) throw new Error(await e.text() || e.statusText);
return e.json()
}).then(e => {
if (e.error) return Promise.reject(new Error(typeof e.error === "string" ? e.error : JSON.stringify(e.error)));
return e;
}) })
} .then(async (e) => {
if (e.status !== 200)
throw new Error((await e.text()) || e.statusText);
return e.json();
})
.then((e) => {
if (e.error)
return Promise.reject(
new Error(
typeof e.error === "string"
? e.error
: JSON.stringify(e.error)
)
);
return e;
});
}

485
views/shared/sha512.js
View File

File diff suppressed because one or more lines are too long

4
views/shared/style.scss
View File

@ -1,7 +1,7 @@
// $primary: #4a89dc; // $primary: #4a89dc;
$primary: #1E88E5; $primary: #1e88e5;
$error: #ff2f00; $error: #ff2f00;
.btn-primary { .btn-primary {
color: white !important; color: white !important;
background-color: $primary !important; background-color: $primary !important;
} }

150
views/src/admin/admin.js
View File

@ -14,7 +14,7 @@ Handlebars.registerHelper("humangender", function (value, options) {
} }
}); });
// Deprecated since version 0.8.0 // Deprecated since version 0.8.0
Handlebars.registerHelper("formatDate", function (datetime, format) { Handlebars.registerHelper("formatDate", function (datetime, format) {
return new Date(datetime).toLocaleString(); return new Date(datetime).toLocaleString();
}); });
@ -26,9 +26,8 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
document.getElementById("sitename").innerText = title; document.getElementById("sitename").innerText = title;
} }
const cc = document.getElementById("custom_data");
const cc = document.getElementById("custom_data") const ccc = document.getElementById("custom_data_cont");
const ccc = document.getElementById("custom_data_cont")
function setCustomCard(content) { function setCustomCard(content) {
if (!content) { if (!content) {
@ -40,8 +39,8 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
} }
} }
const error_cont = document.getElementById("error_cont") const error_cont = document.getElementById("error_cont");
const error_msg = document.getElementById("error_msg") const error_msg = document.getElementById("error_msg");
function catchError(error) { function catchError(error) {
error_cont.style.display = ""; error_cont.style.display = "";
@ -50,40 +49,53 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
} }
async function renderUser() { async function renderUser() {
console.log("Rendering User") console.log("Rendering User");
setTitle("User") setTitle("User");
const listt = Handlebars.compile(document.getElementById("template-user-list").innerText) const listt = Handlebars.compile(
document.getElementById("template-user-list").innerText
);
async function loadList() { async function loadList() {
let data = await request("/api/admin/user", "GET"); let data = await request("/api/admin/user", "GET");
tableb.innerHTML = listt({ tableb.innerHTML = listt({
users: data users: data,
}) });
} }
window.userOnChangeType = (id) => { window.userOnChangeType = (id) => {
request("/api/admin/user?id=" + id, "PUT").then(() => loadList()).catch(catchError) request("/api/admin/user?id=" + id, "PUT")
} .then(() => loadList())
.catch(catchError);
};
window.deleteUser = (id) => { window.deleteUser = (id) => {
request("/api/admin/user?id=" + id, "DELETE").then(() => loadList()).catch(catchError) request("/api/admin/user?id=" + id, "DELETE")
} .then(() => loadList())
.catch(catchError);
};
await loadList(); await loadList();
} }
async function renderPermissions(client_id, client_name) { async function renderPermissions(client_id, client_name) {
const listt = Handlebars.compile(document.getElementById("template-permission-list").innerText); const listt = Handlebars.compile(
const formt = Handlebars.compile(document.getElementById("template-permission-form").innerText); document.getElementById("template-permission-list").innerText
);
const formt = Handlebars.compile(
document.getElementById("template-permission-form").innerText
);
setCustomCard(); setCustomCard();
async function loadList() { async function loadList() {
try { try {
let data = await request("/api/admin/permission?client=" + client_id, "GET"); let data = await request(
"/api/admin/permission?client=" + client_id,
"GET"
);
tableb.innerHTML = listt({ tableb.innerHTML = listt({
client_id: client_id, client_id: client_id,
client_name: client_name, client_name: client_name,
permissions: data permissions: data,
}) });
} catch (err) { } catch (err) {
catchError(err); catchError(err);
} }
@ -91,11 +103,13 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
window.gotoClients = () => { window.gotoClients = () => {
renderClient(); renderClient();
} };
window.deletePermission = (id) => { window.deletePermission = (id) => {
request("/api/admin/permission?id=" + id, "DELETE").then(() => loadList()).catch(catchError) request("/api/admin/permission?id=" + id, "DELETE")
} .then(() => loadList())
.catch(catchError);
};
window.createPermission = () => { window.createPermission = () => {
try { try {
@ -103,41 +117,49 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
} catch (err) { } catch (err) {
console.log("Err", err); console.log("Err", err);
} }
} };
window.createPermissionSubmit = (elm) => { window.createPermissionSubmit = (elm) => {
console.log(elm); console.log(elm);
let data = getFormData(elm); let data = getFormData(elm);
console.log(data); console.log(data);
request("/api/admin/permission", "POST", data).then(() => setCustomCard()).then(() => loadList()).catch(catchError) request("/api/admin/permission", "POST", data)
} .then(() => setCustomCard())
await loadList() .then(() => loadList())
.catch(catchError);
};
await loadList();
} }
async function renderClient() { async function renderClient() {
console.log("Rendering Client") console.log("Rendering Client");
setTitle("Client") setTitle("Client");
const listt = Handlebars.compile(document.getElementById("template-client-list").innerText) const listt = Handlebars.compile(
const formt = Handlebars.compile(document.getElementById("template-client-form").innerText) document.getElementById("template-client-list").innerText
);
const formt = Handlebars.compile(
document.getElementById("template-client-form").innerText
);
let clients = []; let clients = [];
async function loadList() { async function loadList() {
let data = await request("/api/admin/client", "GET"); let data = await request("/api/admin/client", "GET");
clients = data; clients = data;
tableb.innerHTML = listt({ tableb.innerHTML = listt({
clients: data clients: data,
}) });
} }
window.permissionsClient = (id) => { window.permissionsClient = (id) => {
renderPermissions(id, clients.find(e => e._id === id).name); renderPermissions(id, clients.find((e) => e._id === id).name);
} };
window.deleteClient = (id) => { window.deleteClient = (id) => {
request("/api/admin/client/id=" + id, "DELETE").then(() => loadList()).catch(catchError) request("/api/admin/client/id=" + id, "DELETE")
} .then(() => loadList())
.catch(catchError);
};
window.createClientSubmit = (elm) => { window.createClientSubmit = (elm) => {
console.log(elm); console.log(elm);
@ -146,45 +168,57 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
let id = data.id; let id = data.id;
delete data.id; delete data.id;
if (id && id !== "") { if (id && id !== "") {
request("/api/admin/client?id=" + id, "PUT", data).then(() => setCustomCard()).then(() => loadList()).catch(catchError) request("/api/admin/client?id=" + id, "PUT", data)
.then(() => setCustomCard())
.then(() => loadList())
.catch(catchError);
} else { } else {
request("/api/admin/client", "POST", data).then(() => setCustomCard()).then(() => loadList()).catch(catchError) request("/api/admin/client", "POST", data)
.then(() => setCustomCard())
.then(() => loadList())
.catch(catchError);
} }
} };
window.createClient = () => { window.createClient = () => {
setCustomCard(formt()); setCustomCard(formt());
} };
window.editClient = (id) => { window.editClient = (id) => {
let client = clients.find(e => e._id === id); let client = clients.find((e) => e._id === id);
if (!client) return catchError(new Error("Client does not exist!!")) if (!client) return catchError(new Error("Client does not exist!!"));
setCustomCard(formt(client)); setCustomCard(formt(client));
} };
await loadList().catch(catchError); await loadList().catch(catchError);
} }
async function renderRegCode() { async function renderRegCode() {
console.log("Rendering RegCode") console.log("Rendering RegCode");
setTitle("RegCode") setTitle("RegCode");
const listt = Handlebars.compile(document.getElementById("template-regcode-list").innerText) const listt = Handlebars.compile(
document.getElementById("template-regcode-list").innerText
);
async function loadList() { async function loadList() {
let data = await request("/api/admin/regcode", "GET"); let data = await request("/api/admin/regcode", "GET");
tableb.innerHTML = listt({ tableb.innerHTML = listt({
regcodes: data regcodes: data,
}) });
} }
window.deleteRegcode = (id) => { window.deleteRegcode = (id) => {
request("/api/admin/regcode?id=" + id, "DELETE").then(() => loadList()).catch(catchError) request("/api/admin/regcode?id=" + id, "DELETE")
} .then(() => loadList())
.catch(catchError);
};
window.createRegcode = () => { window.createRegcode = () => {
request("/api/admin/regcode", "POST").then(() => loadList()).catch(catchError); request("/api/admin/regcode", "POST")
} .then(() => loadList())
.catch(catchError);
};
await loadList().catch(catchError); await loadList().catch(catchError);
} }
@ -192,14 +226,14 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
const type = new URL(window.location.href).searchParams.get("type"); const type = new URL(window.location.href).searchParams.get("type");
switch (type) { switch (type) {
case "client": case "client":
renderClient().catch(catchError) renderClient().catch(catchError);
break break;
case "regcode": case "regcode":
renderRegCode().catch(catchError) renderRegCode().catch(catchError);
break; break;
case "user": case "user":
default: default:
renderUser().catch(catchError); renderUser().catch(catchError);
break; break;
} }
})() })();

2
views/src/admin/admin.scss
View File

@ -100,4 +100,4 @@ table td {
.col.form-group { .col.form-group {
padding-left: 0 !important; padding-left: 0 !important;
margin-left: 5px !important; margin-left: 5px !important;
} }

13
views/src/authorize/authorize.js
View File

@ -1,4 +1,6 @@
document.getElementById("hidden_form").action += window.location.href.split("?")[1]; document.getElementById("hidden_form").action += window.location.href.split(
"?"
)[1];
function submit() { function submit() {
document.getElementById("hidden_form").submit(); document.getElementById("hidden_form").submit();
@ -10,9 +12,10 @@ document.getElementById("cancel").onclick = () => {
if (uri === "$local") { if (uri === "$local") {
uri = "/code"; uri = "/code";
} }
window.location.href = uri + "?error=access_denied&state=" + u.searchParams.get("state"); window.location.href =
} uri + "?error=access_denied&state=" + u.searchParams.get("state");
};
document.getElementById("allow").onclick = () => { document.getElementById("allow").onclick = () => {
submit() submit();
} };

44
views/src/authorize/authorize.scss
View File

@ -10,29 +10,34 @@
hr { hr {
// display: block; // display: block;
// height: 1px; // height: 1px;
border: 0; border: 0;
border-top: 1px solid #b8b8b8; border-top: 1px solid #b8b8b8;
// margin: 1em 0; // margin: 1em 0;
// padding: 0; // padding: 0;
} }
body { body {
font-family: Helvetica; font-family: Helvetica;
background: #eee; background: #eee;
-webkit-font-smoothing: antialiased; -webkit-font-smoothing: antialiased;
} }
.title { .title {
text-align:center; text-align: center;
} }
h1, h3 { font-weight: 300; } h1,
h3 {
font-weight: 300;
}
h1 { color: #636363; } h1 {
color: #636363;
}
ul { ul {
list-style: none; list-style: none;
padding-left: 0; padding-left: 0;
} }
.permission { .permission {
display: flex; display: flex;
@ -70,10 +75,11 @@ ul {
} }
.card { .card {
max-width: 480px; max-width: 480px;
margin: 4em auto; margin: 4em auto;
padding: 3em 2em 2em 2em; padding: 3em 2em 2em 2em;
background: #fafafa; background: #fafafa;
border: 1px solid #ebebeb; border: 1px solid #ebebeb;
box-shadow: rgba(0,0,0,0.14902) 0px 1px 1px 0px,rgba(0,0,0,0.09804) 0px 1px 2px 0px; box-shadow: rgba(0, 0, 0, 0.14902) 0px 1px 1px 0px,
} rgba(0, 0, 0, 0.09804) 0px 1px 2px 0px;
}

152
views/src/login/login.js
View File

@ -1,114 +1,123 @@
import sha from "sha512"; import sha from "sha512";
import { import { setCookie, getCookie } from "cookie";
setCookie, import "inputs";
getCookie
} from "cookie"
import "inputs"
const loader = document.getElementById("loader") const loader = document.getElementById("loader");
const container = document.getElementById("container") const container = document.getElementById("container");
const usernameinput = document.getElementById("username") const usernameinput = document.getElementById("username");
const usernamegroup = document.getElementById("usernamegroup") const usernamegroup = document.getElementById("usernamegroup");
const uerrorfield = document.getElementById("uerrorfield") const uerrorfield = document.getElementById("uerrorfield");
const passwordinput = document.getElementById("password") const passwordinput = document.getElementById("password");
const passwordgroup = document.getElementById("passwordgroup") const passwordgroup = document.getElementById("passwordgroup");
const perrorfield = document.getElementById("perrorfield") const perrorfield = document.getElementById("perrorfield");
const nextbutton = document.getElementById("nextbutton") const nextbutton = document.getElementById("nextbutton");
const loginbutton = document.getElementById("loginbutton") const loginbutton = document.getElementById("loginbutton");
let username; let username;
let salt; let salt;
usernameinput.focus() usernameinput.focus();
const loading = () => { const loading = () => {
container.style.filter = "blur(2px)"; container.style.filter = "blur(2px)";
loader.style.display = ""; loader.style.display = "";
} };
const loading_fin = () => { const loading_fin = () => {
container.style.filter = "" container.style.filter = "";
loader.style.display = "none"; loader.style.display = "none";
} };
loading_fin(); loading_fin();
usernameinput.onkeydown = (e) => { usernameinput.onkeydown = (e) => {
var keycode = e.keyCode ? e.keyCode : e.which; var keycode = e.keyCode ? e.keyCode : e.which;
if (keycode === 13) nextbutton.click(); if (keycode === 13) nextbutton.click();
clearError(uerrorfield); clearError(uerrorfield);
} };
nextbutton.onclick = async () => { nextbutton.onclick = async () => {
loading(); loading();
username = usernameinput.value; username = usernameinput.value;
try { try {
let res = await fetch("/api/user/login?type=username&username=" + username, { let res = await fetch(
method: "POST" "/api/user/login?type=username&username=" + username,
}).then(e => { {
if (e.status !== 200) throw new Error(e.statusText) method: "POST",
return e.json()
}).then(data => {
if (data.error) {
return Promise.reject(new Error(data.error))
} }
return data; )
}) .then((e) => {
if (e.status !== 200) throw new Error(e.statusText);
return e.json();
})
.then((data) => {
if (data.error) {
return Promise.reject(new Error(data.error));
}
return data;
});
salt = res.salt; salt = res.salt;
usernamegroup.classList.add("invisible") usernamegroup.classList.add("invisible");
passwordgroup.classList.remove("invisible") passwordgroup.classList.remove("invisible");
passwordinput.focus() passwordinput.focus();
} catch (e) { } catch (e) {
showError(uerrorfield, e.message) showError(uerrorfield, e.message);
} }
loading_fin() loading_fin();
} };
passwordinput.onkeydown = (e) => { passwordinput.onkeydown = (e) => {
var keycode = e.keyCode ? e.keyCode : e.which; var keycode = e.keyCode ? e.keyCode : e.which;
if (keycode === 13) loginbutton.click(); if (keycode === 13) loginbutton.click();
clearError(perrorfield); clearError(perrorfield);
} };
loginbutton.onclick = async () => { loginbutton.onclick = async () => {
loading(); loading();
let pw = sha(salt + passwordinput.value); let pw = sha(salt + passwordinput.value);
try { try {
let { login, special, tfa } = await fetch("/api/user/login?type=password", { let { login, special, tfa } = await fetch(
method: "POST", "/api/user/login?type=password",
body: JSON.stringify({ {
username: usernameinput.value, method: "POST",
password: pw body: JSON.stringify({
}), username: usernameinput.value,
headers: { password: pw,
'content-type': 'application/json' }),
}, headers: {
}).then(e => { "content-type": "application/json",
if (e.status !== 200) throw new Error(e.statusText) },
return e.json()
}).then(data => {
if (data.error) {
return Promise.reject(new Error(data.error))
} }
return data; )
}) .then((e) => {
if (e.status !== 200) throw new Error(e.statusText);
return e.json();
})
.then((data) => {
if (data.error) {
return Promise.reject(new Error(data.error));
}
return data;
});
setCookie("login", login.token, new Date(login.expires).toUTCString()); setCookie("login", login.token, new Date(login.expires).toUTCString());
setCookie("special", special.token, new Date(special.expires).toUTCString()); setCookie(
let d = new Date() "special",
d.setTime(d.getTime() + (30 * 24 * 60 * 60 * 1000)); //Keep the username 30 days special.token,
new Date(special.expires).toUTCString()
);
let d = new Date();
d.setTime(d.getTime() + 30 * 24 * 60 * 60 * 1000); //Keep the username 30 days
setCookie("username", username, d.toUTCString()); setCookie("username", username, d.toUTCString());
let url = new URL(window.location.href); let url = new URL(window.location.href);
let state = url.searchParams.get("state") let state = url.searchParams.get("state");
let red = "/" let red = "/";
if (tfa) twofactor(tfa); if (tfa) twofactor(tfa);
else { else {
if (state) { if (state) {
let base64 = url.searchParams.get("base64") let base64 = url.searchParams.get("base64");
if (base64) if (base64) red = atob(state);
red = atob(state) else red = state;
else
red = state
} }
window.location.href = red; window.location.href = red;
} }
@ -117,19 +126,19 @@ loginbutton.onclick = async () => {
showError(perrorfield, e.message); showError(perrorfield, e.message);
} }
loading_fin(); loading_fin();
} };
function clearError(field) { function clearError(field) {
field.innerText = ""; field.innerText = "";
field.classList.add("invisible") field.classList.add("invisible");
} }
function showError(field, error) { function showError(field, error) {
field.innerText = error; field.innerText = error;
field.classList.remove("invisible") field.classList.remove("invisible");
} }
username = getCookie("username") username = getCookie("username");
if (username) { if (username) {
usernameinput.value = username; usernameinput.value = username;
@ -138,10 +147,9 @@ if (username) {
usernameinput.dispatchEvent(evt); usernameinput.dispatchEvent(evt);
} }
function twofactor(tfa) { function twofactor(tfa) {
let list = tfa let list = tfa
.map(entry => { .map((entry) => {
switch (entry) { switch (entry) {
case 0: // OTC case 0: // OTC
return "Authenticator App"; return "Authenticator App";
@ -150,9 +158,9 @@ function twofactor(tfa) {
} }
return undefined; return undefined;
}) })
.filter(e => e !== undefined) .filter((e) => e !== undefined)
.reduce((p, c) => p + `<li>${c}</li>`, ""); .reduce((p, c) => p + `<li>${c}</li>`, "");
let tfl = document.getElementById("tflist"); let tfl = document.getElementById("tflist");
tfl.innerHTML = list; tfl.innerHTML = list;
} }

55
views/src/login/login.scss
View File

@ -41,7 +41,8 @@ form {
padding: 3em 2em 2em 2em; padding: 3em 2em 2em 2em;
background: #fafafa; background: #fafafa;
border: 1px solid #ebebeb; border: 1px solid #ebebeb;
box-shadow: rgba(0, 0, 0, 0.14902) 0px 1px 1px 0px, rgba(0, 0, 0, 0.09804) 0px 1px 2px 0px; box-shadow: rgba(0, 0, 0, 0.14902) 0px 1px 1px 0px,
rgba(0, 0, 0, 0.09804) 0px 1px 2px 0px;
position: relative; position: relative;
} }
@ -50,35 +51,37 @@ form {
height: 64px; height: 64px;
margin: auto; margin: auto;
position: absolute; position: absolute;
top: 0; left: 0; bottom: 0; right: 0; top: 0;
left: 0;
bottom: 0;
right: 0;
} }
.loader{ .loader {
display: inline-block; display: inline-block;
position: relative; position: relative;
z-index: 100; z-index: 100;
} }
.loader:after { .loader:after {
content: " "; content: " ";
display: block; display: block;
width: 46px; width: 46px;
height: 46px; height: 46px;
margin: 1px; margin: 1px;
border-radius: 50%; border-radius: 50%;
border: 5px solid #000000; border: 5px solid #000000;
border-color: #000000 transparent #000000 transparent; border-color: #000000 transparent #000000 transparent;
animation: loader 1.2s linear infinite; animation: loader 1.2s linear infinite;
} }
@keyframes loader { @keyframes loader {
0% { 0% {
transform: rotate(0deg); transform: rotate(0deg);
} }
100% { 100% {
transform: rotate(360deg); transform: rotate(360deg);
} }
} }
footer { footer {
text-align: center; text-align: center;
} }
@ -86,13 +89,13 @@ footer {
footer p { footer p {
color: #888; color: #888;
font-size: 13px; font-size: 13px;
letter-spacing: .4px; letter-spacing: 0.4px;
} }
footer a { footer a {
color: $primary; color: $primary;
text-decoration: none; text-decoration: none;
transition: all .2s ease; transition: all 0.2s ease;
} }
footer a:hover { footer a:hover {
@ -102,11 +105,11 @@ footer a:hover {
footer img { footer img {
width: 80px; width: 80px;
transition: all .2s ease; transition: all 0.2s ease;
} }
footer img:hover { footer img:hover {
opacity: .83; opacity: 0.83;
} }
footer img:focus, footer img:focus,

634
views/src/login/login.tsx
View File

@ -1,316 +1,434 @@
import { h, Component, render } from "preact" import { h, Component, render } from "preact";
import "inputs" import "inputs";
import "./u2f-api-polyfill" import "./u2f-api-polyfill";
import sha from "sha512"; import sha from "sha512";
import { import { setCookie, getCookie } from "cookie";
setCookie,
getCookie
} from "cookie"
let appname = "test"; let appname = "test";
function Loader() { function Loader() {
return <div class="loader_box" id="loader"> return (
<div class="loader"></div> <div class="loader_box" id="loader">
</div> <div class="loader"></div>
</div>
);
} }
class Username extends Component<{ username: string, onNext: (username: string, salt: string) => void }, { error: string, loading: boolean }> { class Username extends Component<
username_input: HTMLInputElement; { username: string; onNext: (username: string, salt: string) => void },
constructor() { { error: string; loading: boolean }
super(); > {
this.state = { error: undefined, loading: false } username_input: HTMLInputElement;
} constructor() {
super();
this.state = { error: undefined, loading: false };
}
async onClick() { async onClick() {
this.setState({ loading: true }); this.setState({ loading: true });
try { try {
let res = await fetch("/api/user/login?type=username&username=" + this.username_input.value, { let res = await fetch(
method: "POST" "/api/user/login?type=username&username=" +
}).then(e => { this.username_input.value,
if (e.status !== 200) throw new Error(e.statusText) {
return e.json() method: "POST",
}).then(data => { }
if (data.error) { )
return Promise.reject(new Error(data.error)) .then((e) => {
} if (e.status !== 200) throw new Error(e.statusText);
return data; return e.json();
}) })
let salt = res.salt; .then((data) => {
this.props.onNext(this.username_input.value, salt); if (data.error) {
} catch (err) { return Promise.reject(new Error(data.error));
this.setState({ }
error: err.message return data;
}); });
} let salt = res.salt;
this.setState({ loading: false }); this.props.onNext(this.username_input.value, salt);
} } catch (err) {
this.setState({
error: err.message,
});
}
this.setState({ loading: false });
}
render() { render() {
if (this.state.loading) return <Loader /> if (this.state.loading) return <Loader />;
return <div> return (
<div>
<div class="floating group"> <div class="floating group">
<input onKeyDown={e => { <input
let k = e.keyCode | e.which; onKeyDown={(e) => {
if (k === 13) this.onClick(); let k = e.keyCode | e.which;
this.setState({ error: undefined }) if (k === 13) this.onClick();
}} type="text" value={this.username_input ? this.username_input.value : this.props.username} autofocus ref={elm => elm ? this.username_input = elm : undefined} /> this.setState({ error: undefined });
<span class="highlight"></span> }}
<span class="bar"></span> type="text"
<label>Username or Email</label> value={
{this.state.error ? <div class="error"> {this.state.error}</div> : undefined} this.username_input
? this.username_input.value
: this.props.username
}
autofocus
ref={(elm) => (elm ? (this.username_input = elm) : undefined)}
/>
<span class="highlight"></span>
<span class="bar"></span>
<label>Username or Email</label>
{this.state.error ? (
<div class="error"> {this.state.error}</div>
) : undefined}
</div> </div>
<button type="button" class="mdc-button mdc-button--raised spanned-btn" onClick={() => this.onClick()}>Next</button> <button
</div> type="button"
} class="mdc-button mdc-button--raised spanned-btn"
onClick={() => this.onClick()}
>
Next
</button>
</div>
);
}
} }
enum TFATypes { enum TFATypes {
OTC, OTC,
BACKUP_CODE, BACKUP_CODE,
YUBI_KEY, YUBI_KEY,
APP_ALLOW APP_ALLOW,
} }
interface TwoFactors { interface TwoFactors {
id: string; id: string;
name: string; name: string;
type: TFATypes; type: TFATypes;
} }
class Password extends Component<{ username: string, salt: string, onNext: (login: Token, special: Token, tfa: TwoFactors[]) => void }, { error: string, loading: boolean }> { class Password extends Component<
password_input: HTMLInputElement; {
constructor() { username: string;
super(); salt: string;
this.state = { error: undefined, loading: false } onNext: (login: Token, special: Token, tfa: TwoFactors[]) => void;
} },
{ error: string; loading: boolean }
> {
password_input: HTMLInputElement;
constructor() {
super();
this.state = { error: undefined, loading: false };
}
async onClick() { async onClick() {
this.setState({ this.setState({
loading: true loading: true,
}); });
try { try {
let pw = sha(this.props.salt + this.password_input.value); let pw = sha(this.props.salt + this.password_input.value);
let { login, special, tfa } = await fetch("/api/user/login?type=password", { let { login, special, tfa } = await fetch(
method: "POST", "/api/user/login?type=password",
body: JSON.stringify({ {
username: this.props.username, method: "POST",
password: pw body: JSON.stringify({
}), username: this.props.username,
headers: { password: pw,
'content-type': 'application/json' }),
}, headers: {
}).then(e => { "content-type": "application/json",
if (e.status !== 200) throw new Error(e.statusText) },
return e.json()
}).then(data => {
if (data.error) {
return Promise.reject(new Error(data.error))
}
return data;
})
this.props.onNext(login, special, tfa);
} catch (err) {
this.setState({ error: err.messagae });
}
this.setState({ loading: false });
}
render() {
if (this.state.loading) return <Loader />
return <div>
<div class="floating group" >
<input onKeyDown={e => {
let k = e.keyCode | e.which;
if (k === 13) this.onClick();
this.setState({ error: undefined })
}} type="password" ref={(elm: HTMLInputElement) => {
if (elm) {
this.password_input = elm
setTimeout(() => elm.focus(), 200)
// elm.focus();
}
}
} />
<span class="highlight"></span>
<span class="bar"></span>
<label>Password</label>
{this.state.error ? <div class="error"> {this.state.error}</div> : undefined}
</div>
<button type="button" class="mdc-button mdc-button--raised spanned-btn" onClick={() => this.onClick()}>Login</button>
</div>
}
}
class TwoFactor extends Component<{ twofactors: TwoFactors[], next: (id: string, type: TFATypes) => void }, {}> {
render() {
let tfs = this.props.twofactors.map(fac => {
let name: string;
switch (fac.type) {
case TFATypes.OTC:
name = "Authenticator"
break;
case TFATypes.BACKUP_CODE:
name = "Backup code";
break;
case TFATypes.APP_ALLOW:
name = "Use App: %s"
break;
case TFATypes.YUBI_KEY:
name = "Use Yubikey: %s"
break;
} }
)
.then((e) => {
if (e.status !== 200) throw new Error(e.statusText);
return e.json();
})
.then((data) => {
if (data.error) {
return Promise.reject(new Error(data.error));
}
return data;
});
this.props.onNext(login, special, tfa);
} catch (err) {
this.setState({ error: err.messagae });
}
this.setState({ loading: false });
}
name = name.replace("%s", fac.name ? fac.name : ""); render() {
if (this.state.loading) return <Loader />;
return (
<div>
<div class="floating group">
<input
onKeyDown={(e) => {
let k = e.keyCode | e.which;
if (k === 13) this.onClick();
this.setState({ error: undefined });
}}
type="password"
ref={(elm: HTMLInputElement) => {
if (elm) {
this.password_input = elm;
setTimeout(() => elm.focus(), 200);
// elm.focus();
}
}}
/>
<span class="highlight"></span>
<span class="bar"></span>
<label>Password</label>
{this.state.error ? (
<div class="error"> {this.state.error}</div>
) : undefined}
</div>
<button
type="button"
class="mdc-button mdc-button--raised spanned-btn"
onClick={() => this.onClick()}
>
Login
</button>
</div>
);
}
}
return <li onClick={() => { class TwoFactor extends Component<
console.log("Click on Solution") { twofactors: TwoFactors[]; next: (id: string, type: TFATypes) => void },
this.props.next(fac.id, fac.type) {}
}}> > {
{name} render() {
let tfs = this.props.twofactors.map((fac) => {
let name: string;
switch (fac.type) {
case TFATypes.OTC:
name = "Authenticator";
break;
case TFATypes.BACKUP_CODE:
name = "Backup code";
break;
case TFATypes.APP_ALLOW:
name = "Use App: %s";
break;
case TFATypes.YUBI_KEY:
name = "Use Yubikey: %s";
break;
}
name = name.replace("%s", fac.name ? fac.name : "");
return (
<li
onClick={() => {
console.log("Click on Solution");
this.props.next(fac.id, fac.type);
}}
>
{name}
</li> </li>
}) );
return <div> });
return (
<div>
<h1>Select one</h1> <h1>Select one</h1>
<ul> <ul>{tfs}</ul>
{tfs} </div>
</ul> );
</div> }
}
} }
// class TFA_YubiKey extends Component<{ id: string, login: Token, special: Token, next: (login: Token, special: Token) => void }, {}> { // class TFA_YubiKey extends Component<{ id: string, login: Token, special: Token, next: (login: Token, special: Token) => void }, {}> {
// render() { // render() {
// } // }
// } // }
enum Page { enum Page {
username, username,
password, password,
twofactor, twofactor,
yubikey yubikey,
} }
interface Token { interface Token {
token: string; token: string;
expires: string; expires: string;
} }
async function apiRequest(endpoint: string, method: "GET" | "POST" | "DELETE" | "PUT" = "GET", body: string = undefined) { async function apiRequest(
return fetch(endpoint, { endpoint: string,
method, method: "GET" | "POST" | "DELETE" | "PUT" = "GET",
body, body: string = undefined
credentials: "same-origin", ) {
headers: { return fetch(endpoint, {
"content-type": "application/json" method,
} body,
}).then(e => { credentials: "same-origin",
if (e.status !== 200) throw new Error(e.statusText) headers: {
return e.json() "content-type": "application/json",
}).then(data => { },
if (data.error) { })
return Promise.reject(new Error(data.error)) .then((e) => {
} if (e.status !== 200) throw new Error(e.statusText);
return data; return e.json();
}) })
.then((data) => {
if (data.error) {
return Promise.reject(new Error(data.error));
}
return data;
});
} }
class App extends Component<
{},
{
page: Page;
username: string;
salt: string;
twofactor: TwoFactors[];
twofactor_id: string;
}
> {
login: Token;
special: Token;
constructor() {
super();
this.state = {
page: Page.username,
username: getCookie("username"),
salt: undefined,
twofactor: [],
twofactor_id: null,
};
}
class App extends Component<{}, { page: Page, username: string, salt: string, twofactor: TwoFactors[], twofactor_id: string }> { setCookies() {
login: Token; setCookie(
special: Token; "login",
constructor() { this.login.token,
super(); new Date(this.login.expires).toUTCString()
this.state = { page: Page.username, username: getCookie("username"), salt: undefined, twofactor: [], twofactor_id: null } );
} setCookie(
"special",
this.special.token,
new Date(this.special.expires).toUTCString()
);
}
setCookies() { finish() {
setCookie("login", this.login.token, new Date(this.login.expires).toUTCString()); this.setCookies();
setCookie("special", this.special.token, new Date(this.special.expires).toUTCString()); let d = new Date();
} d.setTime(d.getTime() + 30 * 24 * 60 * 60 * 1000); //Keep the username 30 days
setCookie("username", this.state.username, d.toUTCString());
let url = new URL(window.location.href);
let state = url.searchParams.get("state");
let red = "/";
finish() { if (state) {
this.setCookies(); let base64 = url.searchParams.get("base64");
let d = new Date() if (base64) red = atob(state);
d.setTime(d.getTime() + (30 * 24 * 60 * 60 * 1000)); //Keep the username 30 days else red = state;
setCookie("username", this.state.username, d.toUTCString()); }
let url = new URL(window.location.href); window.location.href = red;
let state = url.searchParams.get("state") }
let red = "/"
if (state) { render() {
let base64 = url.searchParams.get("base64") let cont;
if (base64) switch (this.state.page) {
red = atob(state) case Page.username:
else cont = (
red = state <Username
} username={this.state.username}
window.location.href = red; onNext={(username, salt) => {
} this.setState({ username, salt, page: Page.password });
localStorage.setItem("username", username);
}}
/>
);
break;
case Page.password:
cont = (
<Password
username={this.state.username}
salt={this.state.salt}
onNext={(login, special, twofactor) => {
this.login = login;
this.special = special;
this.setCookies();
render() { if (!twofactor) {
let cont;
switch (this.state.page) {
case Page.username:
cont = <Username username={this.state.username} onNext={(username, salt) => {
this.setState({ username, salt, page: Page.password })
localStorage.setItem("username", username);
}} />
break;
case Page.password:
cont = <Password username={this.state.username} salt={this.state.salt} onNext={(login, special, twofactor) => {
this.login = login;
this.special = special;
this.setCookies();
if (!twofactor) {
this.finish(); this.finish();
} else { } else {
this.setState({ twofactor, page: Page.twofactor }); this.setState({ twofactor, page: Page.twofactor });
} }
}} /> }}
break; />
case Page.twofactor: );
cont = <TwoFactor twofactors={this.state.twofactor} next={async (id, type) => { break;
if (type === TFATypes.YUBI_KEY) { case Page.twofactor:
let { request } = await apiRequest("/api/user/twofactor/yubikey", "GET"); cont = (
<TwoFactor
twofactors={this.state.twofactor}
next={async (id, type) => {
if (type === TFATypes.YUBI_KEY) {
let { request } = await apiRequest(
"/api/user/twofactor/yubikey",
"GET"
);
console.log(request); console.log(request);
(window as any).u2f.sign(request.appId, [request.challenge], [request], async (response) => { (window as any).u2f.sign(
let res = await apiRequest("/api/user/twofactor/yubikey", "PUT", JSON.stringify({ response })); request.appId,
if (res.success) { [request.challenge],
this.login.expires = res.login_exp; [request],
this.special.expires = res.special_exp; async (response) => {
this.finish(); let res = await apiRequest(
} "/api/user/twofactor/yubikey",
}) "PUT",
} JSON.stringify({ response })
}} /> );
break; if (res.success) {
// case Page.yubikey: this.login.expires = res.login_exp;
// cont = <TFA_YubiKey id={this.state.twofactor_id} login={this.login} special={this.special} next={(login, special) => { this.special.expires = res.special_exp;
// this.login = login; this.finish();
// this.special = special; }
// this.finish() }
// }} /> );
// break; }
} }}
return <div> />
);
break;
// case Page.yubikey:
// cont = <TFA_YubiKey id={this.state.twofactor_id} login={this.login} special={this.special} next={(login, special) => {
// this.login = login;
// this.special = special;
// this.finish()
// }} />
// break;
}
return (
<div>
<header> <header>
<h1>Login</h1> <h1>Login</h1>
</header> </header>
<form action="JavaScript:void(0)"> <form action="JavaScript:void(0)">{cont}</form>
{cont}
</form>
<footer> <footer>
<p>Powered by {appname}</p> <p>Powered by {appname}</p>
</footer> </footer>
</div> </div>
} );
}
} }
document.addEventListener('DOMContentLoaded', function () { document.addEventListener(
render(<App />, document.body.querySelector("#content")) "DOMContentLoaded",
}, false) function () {
render(<App />, document.body.querySelector("#content"));
},
false
);

1514
views/src/login/u2f-api-polyfill.js
View File

File diff suppressed because it is too large Load Diff

2
views/src/main/main.js
View File

@ -1 +1 @@
console.log("Hello World") console.log("Hello World");

132
views/src/register/register.js
View File

@ -1,23 +1,25 @@
import "inputs"; import "inputs";
import sha from "sha512"; import sha from "sha512";
import fireEvent from "event" import fireEvent from "event";
(() => { (() => {
const translations = JSON.parse(document.getElementById("error_codes").innerText) const translations = JSON.parse(
document.getElementById("error_codes").innerText
);
const regcode = document.getElementById("regcode") const regcode = document.getElementById("regcode");
regcode.value = new URL(window.location.href).searchParams.get("regcode") regcode.value = new URL(window.location.href).searchParams.get("regcode");
fireEvent(regcode, "change"); fireEvent(regcode, "change");
function showError(element, message) { function showError(element, message) {
if (typeof element === "string") if (typeof element === "string")
element = document.getElementById(element) element = document.getElementById(element);
if (!element) console.error("Element not found,", element) if (!element) console.error("Element not found,", element);
element.innerText = message; element.innerText = message;
if (!message) { if (!message) {
if (!element.classList.contains("invisible")) if (!element.classList.contains("invisible"))
element.classList.add("invisible") element.classList.add("invisible");
} else { } else {
element.classList.remove("invisible"); element.classList.remove("invisible");
} }
@ -25,7 +27,8 @@ import fireEvent from "event"
function makeid(length) { function makeid(length) {
var text = ""; var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; var possible =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < length; i++) for (var i = 0; i < length; i++)
text += possible.charAt(Math.floor(Math.random() * possible.length)); text += possible.charAt(Math.floor(Math.random() * possible.length));
@ -33,61 +36,61 @@ import fireEvent from "event"
return text; return text;
} }
const username = document.getElementById("username") const username = document.getElementById("username");
const name = document.getElementById("name") const name = document.getElementById("name");
const mail = document.getElementById("mail") const mail = document.getElementById("mail");
const password = document.getElementById("password") const password = document.getElementById("password");
const passwordrep = document.getElementById("passwordrep") const passwordrep = document.getElementById("passwordrep");
const radio_male = document.getElementById("radio-male") const radio_male = document.getElementById("radio-male");
const radio_female = document.getElementById("radio-female") const radio_female = document.getElementById("radio-female");
const radio_other = document.getElementById("radio-other") const radio_other = document.getElementById("radio-other");
const registerButton = document.getElementById("registerbutton") const registerButton = document.getElementById("registerbutton");
registerButton.onclick = () => { registerButton.onclick = () => {
console.log("Register") console.log("Register");
showError("error"); showError("error");
let error = false; let error = false;
if (!regcode.value) { if (!regcode.value) {
showError("err_regcode", translations["noregcode"]) showError("err_regcode", translations["noregcode"]);
error = true; error = true;
} else { } else {
showError("err_regcode") showError("err_regcode");
} }
if (!username.value) { if (!username.value) {
showError("err_username", translations["nousername"]) showError("err_username", translations["nousername"]);
error = true; error = true;
} else { } else {
showError("err_username") showError("err_username");
} }
if (!name.value) { if (!name.value) {
showError("err_name", translations["noname"]) showError("err_name", translations["noname"]);
error = true; error = true;
} else { } else {
showError("err_name") showError("err_name");
} }
if (!mail.value) { if (!mail.value) {
showError("err_mail", translations["nomail"]) showError("err_mail", translations["nomail"]);
error = true; error = true;
} else { } else {
showError("err_mail") showError("err_mail");
} }
if (!password.value) { if (!password.value) {
showError("err_password", translations["nopassword"]) showError("err_password", translations["nopassword"]);
error = true; error = true;
} else { } else {
showError("err_password") showError("err_password");
} }
if (password.value !== passwordrep.value) { if (password.value !== passwordrep.value) {
showError("err_passwordrep", translations["nomatch"]) showError("err_passwordrep", translations["nomatch"]);
error = true; error = true;
} else { } else {
showError("err_passwordrep") showError("err_passwordrep");
} }
if (error) return; if (error) return;
@ -95,14 +98,14 @@ import fireEvent from "event"
let gender; let gender;
if (radio_male.checked) { if (radio_male.checked) {
gender = "male" gender = "male";
} else if (radio_female.checked) { } else if (radio_female.checked) {
gender = "female" gender = "female";
} else { } else {
gender = "other" gender = "other";
} }
let salt = makeid(10) let salt = makeid(10);
//username, password, salt, mail, gender, name, birthday, regcode //username, password, salt, mail, gender, name, birthday, regcode
@ -113,37 +116,44 @@ import fireEvent from "event"
name: name.value, name: name.value,
regcode: regcode.value, regcode: regcode.value,
salt: salt, salt: salt,
password: sha(salt + password.value) password: sha(salt + password.value),
} };
fetch("/api/user/register", { fetch("/api/user/register", {
method: "POST", method: "POST",
body: JSON.stringify(body), body: JSON.stringify(body),
headers: { headers: {
'content-type': 'application/json' "content-type": "application/json",
}, },
}).then(async e => {
if (e.status !== 200) return Promise.reject(new Error(await e.text() || e.statusText));
return e.json()
}).then(data => {
if (data.error) {
if (!Array.isArray(data.error)) return Promise.reject(new Error(data.error));
let ce = [];
data.error.forEach(e => {
let ef = document.getElementById("err_" + e.field);
if (!ef) ce.push(e);
else {
showError(ef, e.message);
}
})
if (ce.length > 0) {
showError("error", ce.join("<br>"));
}
} else {
window.location.href = "/login";
}
}).catch(e => {
showError("error", e.message);
}) })
} .then(async (e) => {
})() if (e.status !== 200)
return Promise.reject(
new Error((await e.text()) || e.statusText)
);
return e.json();
})
.then((data) => {
if (data.error) {
if (!Array.isArray(data.error))
return Promise.reject(new Error(data.error));
let ce = [];
data.error.forEach((e) => {
let ef = document.getElementById("err_" + e.field);
if (!ef) ce.push(e);
else {
showError(ef, e.message);
}
});
if (ce.length > 0) {
showError("error", ce.join("<br>"));
}
} else {
window.location.href = "/login";
}
})
.catch((e) => {
showError("error", e.message);
});
};
})();

15
views/src/register/register.scss
View File

@ -36,13 +36,14 @@ form {
padding: 3em 2em 2em 2em; padding: 3em 2em 2em 2em;
background: #fafafa; background: #fafafa;
border: 1px solid #ebebeb; border: 1px solid #ebebeb;
box-shadow: rgba(0, 0, 0, 0.14902) 0px 1px 1px 0px, rgba(0, 0, 0, 0.09804) 0px 1px 2px 0px; box-shadow: rgba(0, 0, 0, 0.14902) 0px 1px 1px 0px,
rgba(0, 0, 0, 0.09804) 0px 1px 2px 0px;
} }
#registerbutton { #registerbutton {
width: 100%; width: 100%;
background: $primary; background: $primary;
text-shadow: 1px 1px 0 rgba(39, 110, 204, .5); text-shadow: 1px 1px 0 rgba(39, 110, 204, 0.5);
} }
footer { footer {
@ -52,13 +53,13 @@ footer {
footer p { footer p {
color: #888; color: #888;
font-size: 13px; font-size: 13px;
letter-spacing: .4px; letter-spacing: 0.4px;
} }
footer a { footer a {
color: $primary; color: $primary;
text-decoration: none; text-decoration: none;
transition: all .2s ease; transition: all 0.2s ease;
} }
footer a:hover { footer a:hover {
@ -68,11 +69,11 @@ footer a:hover {
footer img { footer img {
width: 80px; width: 80px;
transition: all .2s ease; transition: all 0.2s ease;
} }
footer img:hover { footer img:hover {
opacity: .83; opacity: 0.83;
} }
footer img:focus, footer img:focus,
@ -92,4 +93,4 @@ footer a:focus {
color: $error; color: $error;
margin-top: 5px; margin-top: 5px;
font-size: 13px; font-size: 13px;
} }

25
views/tsconfig.json
View File

@ -1,18 +1,9 @@
{ {
"compilerOptions": { "compilerOptions": {
"lib": [ "lib": ["dom", "es2015", "es6", "es7", "es2018", "esnext"],
"dom", "jsxFactory": "h",
"es2015", "jsx": "react",
"es6", "module": "esnext"
"es7", },
"es2018", "include": ["./types.d.ts"]
"esnext" }
],
"jsxFactory": "h",
"jsx": "react",
"module": "esnext"
},
"include": [
"./types.d.ts"
]
}

10
views/types.d.ts vendored
View File

@ -1,9 +1,9 @@
declare module "sha512" { declare module "sha512" {
const val: any; const val: any;
export default val; export default val;
} }
declare module "cookie" { declare module "cookie" {
export function getCookie(name: string): string | undefined; export function getCookie(name: string): string | undefined;
export function setCookie(name: string, value: string, exp?: string): void; export function setCookie(name: string, value: string, exp?: string): void;
} }

2
views_repo

@ -1 +1 @@
Subproject commit e4d08dcbf93f58ff85f54f7770ae7db490ff14d6 Subproject commit 4191522b24334f20f7dcda811ca43959b02fef7a