summaryrefslogtreecommitdiff
path: root/backend/node
Unidiff
Diffstat (limited to 'backend/node') (more/less context) (ignore whitespace changes)
-rw-r--r--backend/node/properties/node.properties.json5
-rw-r--r--backend/node/src/app.js49
-rw-r--r--backend/node/src/clipperz.data.sql5
-rw-r--r--backend/node/src/clipperz.js537
-rw-r--r--backend/node/src/clipperz.schema.sql60
-rw-r--r--backend/node/src/conf.json3
-rw-r--r--backend/node/src/package.json15
7 files changed, 674 insertions, 0 deletions
diff --git a/backend/node/properties/node.properties.json b/backend/node/properties/node.properties.json
new file mode 100644
index 0000000..b5ecc1e
--- a/dev/null
+++ b/backend/node/properties/node.properties.json
@@ -0,0 +1,5 @@
1{
2 "request.path": "/json",
3 "dump.path": "/dump",
4 "should.pay.toll": "false"
5}
diff --git a/backend/node/src/app.js b/backend/node/src/app.js
new file mode 100644
index 0000000..d4d60c2
--- a/dev/null
+++ b/backend/node/src/app.js
@@ -0,0 +1,49 @@
1var BUNYAN = require('bunyan');
2var LOGGER = BUNYAN.createLogger({
3 name: 'clipperz',
4 streams: [
5 { name: "console", stream:process.stderr,level:'trace'}
6 ],
7 serializers: {
8 req: BUNYAN.stdSerializers.req,
9 res: BUNYAN.stdSerializers.res,
10 err: BUNYAN.stdSerializers.err
11 },
12 src: true
13});
14
15
16var EXPRESS = require('express');
17var HTTP = require('http');
18var PATH = require('path');
19
20var app = EXPRESS();
21
22app.set('port', process.env.PORT || 3000);
23app.use(EXPRESS.logger('dev'));
24app.use(EXPRESS.urlencoded());
25app.use(EXPRESS.methodOverride());
26app.use(EXPRESS.cookieParser('your secret here'));
27app.use(EXPRESS.session());
28app.use(app.router);
29app.use(EXPRESS.static(PATH.join(__dirname, 'htdocs/')));
30if ('development' == app.get('env')) {
31 app.use(EXPRESS.errorHandler());
32}
33
34
35var CLIPPERZ = require('./clipperz');
36var CONF = require('./conf');
37var clipperz = CLIPPERZ({
38 psql: CONF.psql||'postgresql:///clipperz',
39 logger: LOGGER,
40 dump_template: PATH.join(__dirname,'htdocs/beta/index.html')
41});
42
43app.post('/json',clipperz.json);
44app.get('/beta/dump',clipperz.dump);
45
46
47HTTP.createServer(app).listen(app.get('port'), function(){
48 LOGGER.info({port:app.get('port')},"Listener established");
49});
diff --git a/backend/node/src/clipperz.data.sql b/backend/node/src/clipperz.data.sql
new file mode 100644
index 0000000..482b196
--- a/dev/null
+++ b/backend/node/src/clipperz.data.sql
@@ -0,0 +1,5 @@
1INSERT INTO clipperz.otpstatus (otps_code,otps_name,otps_desc) VALUES
2 ('ACTIVE','Active','Active'),
3 ('REQUESTED','Requested','Requested'),
4 ('USED','Used','Used'),
5 ('DISABLED','Disabled','Disabled');
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js
new file mode 100644
index 0000000..6c13f16
--- a/dev/null
+++ b/backend/node/src/clipperz.js
@@ -0,0 +1,537 @@
1var FS = require('fs');
2var CRYPTO = require('crypto');
3var BIGNUM = require('bignum');
4var ASYNC = require('async');
5
6function clipperz_hash(v) {
7 return CRYPTO.createHash('sha256').update(
8 CRYPTO.createHash('sha256').update(v).digest('binary')
9 ).digest('hex');
10};
11function clipperz_random() {
12 for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16));
13 return r.substr(0,64);
14};
15var srp_g = BIGNUM(2);
16var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16);
17var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00';
18
19
20var CLIPPERZ = module.exports = function(CONFIG) {
21
22 var LOGGER = CONFIG.logger||{trace:function(){}};
23
24 var PG = {
25 url: CONFIG.psql,
26 PG: require('pg').native,
27 Q: function(q,a,cb) {
28 if('function'===typeof a) cb=a,a=[];
29 LOGGER.trace({query:q,args:a},'SQL: %s',q);
30 PG.PG.connect(PG.url,function(e,C,D) {
31 if(e) return cb(e);
32 var t0=new Date();
33 C.query(q,a,function(e,r) {
34 var t1=new Date(), dt=t1-t0;
35 D();
36 LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount},"SQL query '%s' took %dms",q,dt);
37 cb(e,r);
38 });
39 });
40 },
41 T: function(cb) {
42 PG.PG.connect(PG.url,function(e,C,D) {
43 if(e) return cb(e);
44 C.query('BEGIN',function(e){
45 if(e) return D(),cb(e);
46 cb(null,{
47 Q: function(q,a,cb) {
48 LOGGER.trace({query:q,args:a},'SQL: %s',q);
49 if(this.over) return cb(new Error('game over'));
50 if('function'===typeof a) cb=a,a=[];
51 var t0=new Date();
52 C.query(q,a,function(e,r) {
53 var t1=new Date(), dt=t1-t0;
54 LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount},"SQL query '%s' took %dms",q,dt);
55 cb(e,r);
56 });
57 },
58 commit: function(cb) {
59 LOGGER.trace('SQL: commit');
60 if(this.over) return cb(new Error('game over'));
61 return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)});
62 },
63 rollback: function(cb) {
64 LOGGER.trace('SQL: rollback');
65 if(this.over) return cb(new Error('game over'));
66 return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)});
67 },
68 end: function(e,cb) {
69 if(e) LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb);
70 this.commit(cb);
71 }
72 });
73 });
74 });
75 }
76 };
77
78
79 return {
80
81 json: function clipperz_json(req,res,cb) {
82 var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters;
83 var message = pp.message;
84 var ppp = pp.parameters;
85 res.res = function(o) { return res.json({result:o}) };
86 LOGGER.trace({method:method,parameters:pp},"JSON request");
87
88 switch(method) {
89 case 'registration':
90 switch(message) {
91 case 'completeRegistration': return PG.Q(
92 "INSERT INTO clipperz.theuser"
93 +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)"
94 +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)",
95 [pp.credentials.C, pp.credentials.s, pp.credentials.v,
96 pp.credentials.version,pp.user.header, pp.user.statistics,
97 pp.user.version, pp.user.lock], function(e,r) {
98 if(e) return cb(e);
99 res.res({lock:pp.user.lock,result:'done'});
100 });
101 }
102 break;
103
104 case 'handshake':
105 switch(message) {
106 case 'connect': return ASYNC.auto({
107 u: function(cb) { PG.Q(
108 "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1",
109 [ppp.C], function(e,r) {
110 if(e) return cb(e);
111 if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123});
112 cb(null,r.rows[0]);
113 }) },
114 otp: ['u',function(cb,r) {
115 if(!req.session.otp) return cb();
116 if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch'));
117 PG.Q(
118 "UPDATE clipperz.theotp AS otp"
119 +" SET"
120 +" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN ("
121 +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'"
122 +" ) ELSE otp.otps_id END,"
123 +" otp_utime=current_timestamp"
124 +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
125 +" WHERE"
126 +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id"
127 +" AND otp.otp_id=$1 AND otp.u_id=$2"
128 +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref",
129 [ req.session.otp, req.session.u ],
130 function(e,r) {
131 if(e) return cb(e);
132 if(!r.rowCount) return cb(new Error('no OTP found'));
133 r=r.rows[0];
134 if(!r.yes) return cb(new Error('OTP is in a sorry state'));
135 cb(null,{ref:r.otp_ref});
136 });
137 }]
138 },function(e,r) {
139 if(e) return cb(e);
140 req.session.C = ppp.C; req.session.A = ppp.A;
141 req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v;
142 req.session.u = r.u.u_id;
143 req.session.b = clipperz_random();
144 req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16);
145 var rv = {s:req.session.s,B:req.session.B}
146 if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref;
147 res.res(rv);
148 });
149
150 case 'credentialCheck':
151 var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10));
152 var A = BIGNUM(req.session.A,16);
153 var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(
154 BIGNUM(req.session.b,16), srp_n);
155 var K = clipperz_hash(S.toString(10));
156 var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16));
157 if(M1!=ppp.M1) return res.res({error:'?'});
158 req.session.K = K;
159 var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16));
160 return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeededd:false,lock:'----'});
161
162 case 'oneTimePassword': return PG.Q(
163 "UPDATE clipperz.theotp AS otp"
164 +" SET"
165 +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE ("
166 +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE"
167 +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'"
168 +" ELSE 'DISABLED' END"
169 +" ) END,"
170 +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END,"
171 +" otp_utime = current_timestamp,"
172 +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END"
173 +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
174 +" WHERE"
175 +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1"
176 +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version",
177 [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ],
178 function(e,r) {
179 if(e) return cb(e);
180 if(!r.rowCount) return cb(new Error('OTP not found'));
181 r=r.rows[0];
182 if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum)
183 return cb(new Error('OTP was disabled because of checksum mismatch'));
184 if(r.otps_code!='ACTIVE')
185 return cb(new Error("OTP wasn't active, sorry"));
186 req.session.u=r.u_id; req.session.otp=r.otp_id;
187 res.res({data:r.otp_data,version:r.otp_version});
188 });
189 }
190 break;
191
192 case 'message':
193 if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"});
194 if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'});
195 switch(message) {
196 case 'getUserDetails': return ASYNC.parallel({
197 u: function(cb) {
198 PG.Q("SELECT u_header,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1",
199 [req.session.u],function(e,r) {
200 if(e) return cb(e);
201 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
202 cb(null,r.rows[0]);
203 });
204 },
205 stats: function(cb) {
206 PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1",
207 [req.session.u],function(e,r) {
208 if(e) return cb(e);
209 cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{}));
210 });
211 }
212 },function(e,r) {
213 if(e) return cb(e);
214 res.res({header:JSON.stringify(r.u.u_header),statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats});
215 });
216
217 case 'saveChanges': return PG.T(function(e,T) {
218 if(e) return cb(e);
219 ASYNC.auto({
220 user: function(cb) {
221 T.Q(
222 "UPDATE clipperz.theuser"
223 +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)"
224 +" WHERE u_id=$5"
225 +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u],
226 function(e,r) {
227 if(e) return cb(e);
228 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
229 cb(null,r.rows[0]);
230 });
231 },
232 updaterecords: function(cb) {
233 if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb();
234 ASYNC.each(ppp.records.updated,function(r,cb) {
235 ASYNC.auto({
236 updater: function(cb) {
237 T.Q(
238 "UPDATE clipperz.therecord"
239 +" SET r_data=$2, r_version=$3, r_mtime=current_timestamp"
240 +" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id",
241 [r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) {
242 if(e) return cb(e);
243 return cb(null,r.rows.length?r.rows[0]:null);
244 });
245 },
246 insertr: ['updater',function(cb,rr) {
247 if(rr.updater) return cb();
248 T.Q(
249 "INSERT INTO clipperz.therecord"
250 +" (u_id,r_ref,r_data,r_version)"
251 +" VALUES ($1,$2,$3,$4) RETURNING r_id",[req.session.u,r.record.reference,r.record.data,r.record.version],
252 function(e,r) {
253 if(e) return cb(e);
254 return cb(null,r.rows[0]);
255 });
256 }],
257 updatev: ['updater','insertr',function(cb,rr) {
258 var crv=r.currentRecordVersion;
259 T.Q(
260 "UPDATE clipperz.therecordversion"
261 +" SET rv_ref=$1, rv_data=$2, rv_version=$3,"
262 +" rv_previous_id=COALESCE($4,rv_previous_id),"
263 +" rv_previous_key=$5, r_id=$6, rv_mtime=current_timestamp"
264 +" WHERE"
265 +" rv_id=(SELECT rv_id FROM clipperz.therecordversion WHERE r_id=$6 ORDER BY r_id ASC LIMIT 1)"
266 +" RETURNING rv_id",
267 [crv.reference,crv.data,crv.version,
268 crv.previousVersion||null,crv.previousVersionKey,
269 (rr.updater||rr.insertr).r_id],
270 function(e,r) {
271 if(e) return cb(e);
272 return cb(null,r.rows.length?r.rows[0]:null);
273 });
274 }],
275 insertv: ['updatev',function(cb,rr) {
276 if(rr.updatev) return cb();
277 var crv=r.currentRecordVersion;
278 T.Q(
279 "INSERT INTO clipperz.therecordversion"
280 +" (r_id,rv_ref,rv_data,rv_version,rv_previous_id,rv_previous_key)"
281 +" VALUES ($1,$2,$3,$4,$5,$6) RETURNING rv_id",
282 [(rr.updater||rr.insertr).r_id,
283 crv.reference, crv.data, crv.version,
284 crv.previousVersion||null,crv.previousVersionKey],
285 function(e,r) {
286 if(e) return cb(e);
287 return cb(null,r.rows[0]);
288 });
289 }]
290 },cb);
291 },cb);
292 },
293 deleterecords: function(cb) {
294 if(!(ppp.records && ppp.records.deleted && ppp.records.deleted.length)) return cb();
295 T.Q(
296 "DELETE FROM clipperz.therecord"
297 +" WHERE r_ref = ANY($1::text[]) AND u_id=$2",
298 [ '{'+ppp.records.deleted.join(',')+'}', req.session.u ], cb);
299 }
300 },function(e,r) {
301 T.end(e, function(e) {
302 if(e) return cb(e);
303 res.res({result:'done',lock:r.user.u_lock});
304 });
305 });
306 });
307
308 case 'getRecordDetail': return ASYNC.auto({ // TODO: could be done in one query instead
309 record: function(cb) {
310 PG.Q(
311 "SELECT r_id,r_ref,r_data,r_version, r_ctime, r_mtime, r_atime FROM clipperz.therecord WHERE r_ref=$1",
312 [ppp.reference],function(e,r) {
313 if(e) return cb(e);
314 if(!r.rowCount) return cb(new Error('no record found'));
315 return cb(null,r.rows[0]);
316 });
317 },
318 version: ['record',function(cb,r) {
319 PG.Q(
320 "SELECT rv_ref, rv_data, rv_header, rv_version, rv_ctime, rv_mtime, rv_atime"
321 +" FROM clipperz.therecordversion WHERE r_id=$1 ORDER BY rv_id ASC LIMIT 1",
322 [r.record.r_id],function(e,r) {
323 if(e) return cb(e);
324 if(!r.rowCount) return cb(new Error('no record version found'));
325 return cb(null,r.rows[0]);
326 });
327 }]
328 },function(e,r) {
329 if(e) return cb(e);
330 var v = {};
331 v[r.version.rv_ref] = {
332 reference: r.version.rv_ref,
333 data: r.version.rv_data, header: r.version.rv_header,
334 version: r.version.rv_version,
335 creationDate: r.version.rv_ctime, updateDate: r.version.rv_mtime, accessDate: r.version.rv_atime
336 };
337 res.res({ versions: v, currentVersion: r.version.rv_ref, reference: r.record.r_ref,
338 data: r.record.r_data, version: r.record.r_version,
339 creationDate: r.record.r_ctime, updateDate: r.record.r_mtime, accessDate: r.record.r_atime,
340 oldestUsedEncryptedVersion: '---' });
341 });
342
343 case 'addNewOneTimePassword': return PG.T(function(e,T) {
344 if(e) return cb(e);
345 ASYNC.parallel({
346 otp: function(cb) {
347 var otp = ppp.oneTimePassword;
348 T.Q(
349 "INSERT INTO clipperz.theotp"
350 +" (u_id,otp_ref,otp_key,otp_key_checksum,otp_data,otp_version,otps_id)"
351 +" SELECT $1,$2,$3,$4,$5,$6,otps_id FROM clipperz.otpstatus"
352 +" WHERE otps_code='ACTIVE'",
353 [ req.session.u, otp.reference, otp.key, otp.keyChecksum,
354 otp.data, otp.version], function(e,r) {
355 if(e) return cb(e);
356 if(!r.rowCount) return cb(new Error('no user or status'));
357 cb();
358 });
359 },
360 user: function(cb) {
361 var u = ppp.user;
362 T.Q(
363 "UPDATE clipperz.theuser"
364 +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)"
365 +" WHERE u_id=$5",
366 [ u.header, u.statistics, u.version, u.lock||null, req.session.u],
367 function(e,r) {
368 if(e) return cb(e);
369 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
370 cb();
371 });
372 }
373 },function(e,r) {
374 T.end(e, function(e) {
375 if(e) return cb(e);
376 res.res({result:'done',lock:ppp.user.lock});
377 });
378 });
379 });
380
381 case 'updateOneTimePasswords': return PG.T(function(e,T) {
382 if(e) return cb(e);
383 ASYNC.parallel({
384 otp: function(cb) {
385 T.Q(
386 "DELETE FROM clipperz.theotp"
387 +" WHERE u_id=$1"
388 +" AND NOT otp_ref = ANY($2::text[])",
389 [ req.session.u,'{'+ppp.oneTimePasswords.join(',')+'}' ],cb);
390 },
391 user: function(cb) {
392 var u = ppp.user;
393 T.Q(
394 "UPDATE clipperz.theuser"
395 +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)"
396 +" WHERE u_id=$5",
397 [ u.header, u.statistics, u.version, u.lock||null, req.session.u],
398 function(e,r) {
399 if(e) return cb(e);
400 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
401 cb();
402 });
403 }
404 },function(e,r) {
405 T.end(e, function(e) {
406 if(e) return cb(e);
407 res.res({result:ppp.user.lock});
408 });
409 });
410 });
411
412 case 'upgradeUserCredentials': return PG.T(function(e,T) {
413 if(e) return cb(e);
414 ASYNC.parallel({
415 user: function(cb) {
416 var u = ppp.user, c = ppp.credentials;
417 T.Q(
418 "UPDATE clipperz.theuser"
419 +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock),"
420 +" u_name=$5, u_srp_s=$6, u_srp_v=$7, u_authversion=$8"
421 +" WHERE u_id=$9 RETURNING u_lock",
422 [ u.header,u.statistics,u.version,u.lock||null,
423 c.C,c.s,c.v,c.version, req.session.u ],function(e,r) {
424 if(e) return cb(e);
425 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
426 cb(e,r.rows[0]);
427 });
428 },
429 otp: function(cb) {
430 var otps=ppp.oneTimePasswords;
431 if(!otps) return cb();
432 ASYNC.each(Object.keys(otps),function(r,cb) {
433 T.Q(
434 "UPDATE clipperz.theotp"
435 +" SET otp_data=$1, otp_utime=current_timestamp WHERE otp_ref=$2 AND u_id=$3",
436 [ otps[r], r, req.session.u ], function(e,r) {
437 if(e) return cb(e);
438 if(!r.rowCount) return cb(new Error("OTP's gone AWOL"));
439 cb();
440 });
441 },cb);
442 }
443 },function(e,r) {
444 T.end(e, function(e) {
445 if(e) return cb(e);
446 res.res({result:'done',lock:r.user.u_lock});
447 });
448 });
449 });
450
451 case 'deleteUser': return PG.Q(
452 "DELETE FROM clipperz.theuser WHERE u_id=$1",
453 [req.session.u],function(e,r) {
454 if(e) return cb(e);
455 res.res({result:'ok'});
456 });
457
458 case 'echo': return res.res({result:ppp});
459 case 'getOneTimePasswordsDetails': return res.res({});
460 case 'getLoginHistory': return res.res({result:[]});
461 }
462 break;
463 case 'logout': return req.session.destroy(function(e){res.res({})});
464 }
465 cb();
466 },
467
468 dump: function(req,res,cb) {
469 if(!req.session.u) return cb(new Error('logging in helps'));
470 return ASYNC.parallel({
471 u: function(cb) {
472 PG.Q(
473 "SELECT"
474 +" u_name, u_srp_s, u_srp_v, u_authversion, u_header, u_statistics, u_version"
475 +" FROM clipperz.theuser WHERE u_id=$1",[req.session.u],function(e,r) {
476 if(e) return cb(e);
477 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
478 r = r.rows[0];
479 return cb(null,{u:r.u_name,d:{s:r.u_srp_s,v:r.u_srp_v, version:r.u_authversion,
480 maxNumberOfRecords: '100', userDetails: JSON.stringify(r.u_header),
481 statistics: r.u_statistics, userDetailsVersion: r.u_version
482 }});
483 });
484 },
485 records: function(cb) {
486 PG.Q(
487 "SELECT"
488 +" r.r_id, r.r_ref, r_data, r_version, r_ctime, r_mtime, r_atime,"
489 +" rv.rv_id, rv.rv_ref AS rv_ref, rv_header, rv_data, rv_version, rv_ctime, rv_mtime, rv_atime"
490 +" FROM"
491 +" clipperz.therecord AS r"
492 +" LEFT JOIN clipperz.therecordversion AS rv USING (r_id)"
493 +" WHERE r.u_id=$1"
494 +" ORDER BY r.r_id ASC, rv.rv_id ASC", [req.session.u],function(e,r) {
495 if(e) return cb(e);
496 var rv = {};
497 r.rows.forEach(function(r) {
498 if(!rv[r.r_ref]) rv[r.r_ref] = {
499 data: r.r_data, version: r.r_version,
500 creationDate: r.r_ctime.toString(),
501 updateDate: r.r_mtime.toString(),
502 accessDate: r.r_atime.toString(),
503 versions: {}
504 };
505 if(!r.rv_id) return;
506 rv[r.r_ref].versions[rv[r.r_ref].currentVersion=r.rv_ref] = {
507 header: r.rv_header, data: r.rv_data, version: r.rv_version,
508 creationDate: r.rv_ctime.toString(),
509 updateDate: r.rv_mtime.toString(),
510 accessDate: r.rv_atime.toString()
511 };
512 });
513 cb(null,rv);
514 });
515 },
516 html: function(cb) {
517 FS.readFile(CONFIG.dump_template,{encoding:'utf-8'},cb);
518 }
519 },function(e,r) {
520 if(e) return cb(e);
521 var d = new Date();
522 res.attachment('Clipperz_'+d.getFullYear()+'_'+(d.getMonth()+1)+'_'+d.getDate()+'.html');
523 var ojs = { users: {
524 catchAllUser: { __masterkey_test_value__: 'masterkey', s: n123, v: n123 }
525 } };
526 r.u.d.records = r.records;
527 ojs.users[r.u.u] = r.u.d;
528 res.send(r.html.replace('/*offline_data_placeholder*/',
529 "_clipperz_dump_data_="+JSON.stringify(ojs)
530 +";"
531 +"Clipperz.PM.Proxy.defaultProxy = new Clipperz.PM.Proxy.Offline();"
532 +"Clipperz.Crypto.PRNG.defaultRandomGenerator().fastEntropyAccumulationForTestingPurpose();"));
533 });
534 }
535 };
536
537};
diff --git a/backend/node/src/clipperz.schema.sql b/backend/node/src/clipperz.schema.sql
new file mode 100644
index 0000000..ba6f482
--- a/dev/null
+++ b/backend/node/src/clipperz.schema.sql
@@ -0,0 +1,60 @@
1CREATE SCHEMA clipperz;
2
3CREATE TABLE clipperz.theuser (
4 u_id serial PRIMARY KEY,
5 u_name varchar NOT NULL UNIQUE,
6 u_srp_s varchar NOT NULL,
7 u_srp_v varchar NOT NULL,
8 u_header json NOT NULL,
9 u_statistics varchar NOT NULL,
10 u_authversion varchar NOT NULL,
11 u_version varchar NOT NULL,
12 u_lock varchar NOT NULL
13);
14
15CREATE TABLE clipperz.therecord (
16 r_id serial PRIMARY KEY,
17 u_id integer NOT NULL REFERENCES clipperz.theuser(u_id) ON UPDATE CASCADE ON DELETE CASCADE,
18 r_ref varchar NOT NULL UNIQUE,
19 r_data varchar NOT NULL,
20 r_version varchar NOT NULL,
21 r_ctime timestamp NOT NULL DEFAULT current_timestamp,
22 r_mtime timestamp NOT NULL DEFAULT current_timestamp,
23 r_atime timestamp NOT NULL DEFAULT current_timestamp
24);
25CREATE INDEX therecord_u_id_key ON clipperz.therecord (u_id);
26
27CREATE TABLE clipperz.therecordversion (
28 rv_id serial PRIMARY KEY,
29 r_id integer NOT NULL REFERENCES clipperz.therecord (r_id) ON UPDATE CASCADE ON DELETE CASCADE,
30 rv_ref varchar NOT NULL UNIQUE,
31 rv_header varchar,
32 rv_data varchar NOT NULL,
33 rv_version varchar NOT NULL,
34 rv_previous_key varchar NOT NULL,
35 rv_previous_id varchar,
36 rv_ctime timestamp NOT NULL DEFAULT current_timestamp,
37 rv_mtime timestamp NOT NULL DEFAULT current_timestamp,
38 rv_atime timestamp NOT NULL DEFAULT current_timestamp
39);
40
41CREATE TABLE clipperz.otpstatus (
42 otps_id serial PRIMARY KEY,
43 otps_code varchar NOT NULL,
44 otps_name varchar NOT NULL,
45 otps_desc varchar NOT NULL
46);
47
48CREATE TABLE clipperz.theotp (
49 otp_id serial PRIMARY KEY,
50 u_id integer REFERENCES clipperz.theuser (u_id) ON UPDATE CASCADE ON DELETE CASCADE,
51 otps_id integer REFERENCES clipperz.otpstatus (otps_id) ON UPDATE CASCADE ON DELETE CASCADE,
52 otp_ref varchar NOT NULL UNIQUE,
53 otp_key varchar NOT NULL UNIQUE,
54 otp_key_checksum varchar NOT NULL,
55 otp_data varchar NOT NULL,
56 otp_version varchar NOT NULL,
57 otp_ctime timestamp NOT NULL DEFAULT current_timestamp,
58 otp_rtime timestamp NOT NULL DEFAULT current_timestamp,
59 otp_utime timestamp NOT NULL DEFAULT current_timestamp
60);
diff --git a/backend/node/src/conf.json b/backend/node/src/conf.json
new file mode 100644
index 0000000..bc1f65e
--- a/dev/null
+++ b/backend/node/src/conf.json
@@ -0,0 +1,3 @@
1{
2 "psql": "postgresql:///clipperz"
3}
diff --git a/backend/node/src/package.json b/backend/node/src/package.json
new file mode 100644
index 0000000..104cc72
--- a/dev/null
+++ b/backend/node/src/package.json
@@ -0,0 +1,15 @@
1{
2 "name": "clipperz",
3 "version": "0.0.0",
4 "private": true,
5 "scripts": {
6 "start": "node app"
7 },
8 "dependencies": {
9 "express": "3.4.4",
10 "async": "~0.2.9",
11 "bignum": "~0.6.2",
12 "pg": "~2.8.3",
13 "bunyan": "~0.22.0"
14 }
15}