author | Michael Krelin <hacker@klever.net> | 2013-11-27 17:11:49 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2013-11-27 17:11:49 (UTC) |
commit | 6cd9e34b5b49473923190a6a70c436908c98505e (patch) (unidiff) | |
tree | d6182625f7406f8b8facb71166c5e4a607dd2c65 | |
parent | 0f1cc2ac41835ee8fa5dded1593fa95092b54bbe (diff) | |
download | clipperz-6cd9e34b5b49473923190a6a70c436908c98505e.zip clipperz-6cd9e34b5b49473923190a6a70c436908c98505e.tar.gz clipperz-6cd9e34b5b49473923190a6a70c436908c98505e.tar.bz2 |
more tracelogging
-rw-r--r-- | backend/node/src/clipperz.js | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js index b8b4d3e..04b054a 100644 --- a/backend/node/src/clipperz.js +++ b/backend/node/src/clipperz.js | |||
@@ -1,270 +1,271 @@ | |||
1 | var FS = require('fs'); | 1 | var FS = require('fs'); |
2 | var CRYPTO = require('crypto'); | 2 | var CRYPTO = require('crypto'); |
3 | var BIGNUM = require('bignum'); | 3 | var BIGNUM = require('bignum'); |
4 | var ASYNC = require('async'); | 4 | var ASYNC = require('async'); |
5 | 5 | ||
6 | var express_store = require('express').session.Store; | 6 | var express_store = require('express').session.Store; |
7 | 7 | ||
8 | function clipperz_hash(v) { | 8 | function clipperz_hash(v) { |
9 | return CRYPTO.createHash('sha256').update( | 9 | return CRYPTO.createHash('sha256').update( |
10 | CRYPTO.createHash('sha256').update(v).digest('binary') | 10 | CRYPTO.createHash('sha256').update(v).digest('binary') |
11 | ).digest('hex'); | 11 | ).digest('hex'); |
12 | }; | 12 | }; |
13 | function clipperz_random() { | 13 | function clipperz_random() { |
14 | for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16)); | 14 | for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16)); |
15 | return r.substr(0,64); | 15 | return r.substr(0,64); |
16 | }; | 16 | }; |
17 | function clipperz_store(PG) { | 17 | function clipperz_store(PG) { |
18 | var rv = function(o) { express_store.call(this,o); } | 18 | var rv = function(o) { express_store.call(this,o); } |
19 | rv.prototype.get = function(sid,cb) { PG.Q( | 19 | rv.prototype.get = function(sid,cb) { PG.Q( |
20 | "SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid], | 20 | "SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid], |
21 | function(e,r) { cb(e,(e||!r.rowCount)?null:JSON.parse(r.rows[0].s_data)); } | 21 | function(e,r) { cb(e,(e||!r.rowCount)?null:JSON.parse(r.rows[0].s_data)); } |
22 | ) }; | 22 | ) }; |
23 | rv.prototype.set = function(sid,data,cb) { | 23 | rv.prototype.set = function(sid,data,cb) { |
24 | var d = JSON.stringify(data); | 24 | var d = JSON.stringify(data); |
25 | PG.Q( | 25 | PG.Q( |
26 | "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp" | 26 | "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp" |
27 | +" WHERE s_id=$2",[d,sid], function(e,r) { | 27 | +" WHERE s_id=$2",[d,sid], function(e,r) { |
28 | if(e) return cb(e); | 28 | if(e) return cb(e); |
29 | if(r.rowCount) return cb(); | 29 | if(r.rowCount) return cb(); |
30 | PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,d],cb); | 30 | PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,d],cb); |
31 | }); | 31 | }); |
32 | }; | 32 | }; |
33 | rv.prototype.destroy = function(sid,cb) { PG.Q( | 33 | rv.prototype.destroy = function(sid,cb) { PG.Q( |
34 | "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb | 34 | "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb |
35 | ) }; | 35 | ) }; |
36 | rv.prototype.length = function(cb) { PG.Q( | 36 | rv.prototype.length = function(cb) { PG.Q( |
37 | "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) { | 37 | "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) { |
38 | cb(e,e?null:r.rows[0].c); | 38 | cb(e,e?null:r.rows[0].c); |
39 | } | 39 | } |
40 | ) }; | 40 | ) }; |
41 | rv.prototype.length = function(cb) { PQ.Q( | 41 | rv.prototype.length = function(cb) { PQ.Q( |
42 | "DELETE FROM clipperz.thesession", cb | 42 | "DELETE FROM clipperz.thesession", cb |
43 | ) }; | 43 | ) }; |
44 | rv.prototype.__proto__ = express_store.prototype; | 44 | rv.prototype.__proto__ = express_store.prototype; |
45 | return rv; | 45 | return rv; |
46 | } | 46 | } |
47 | 47 | ||
48 | var srp_g = BIGNUM(2); | 48 | var srp_g = BIGNUM(2); |
49 | var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16); | 49 | var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16); |
50 | var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'; | 50 | var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'; |
51 | 51 | ||
52 | 52 | ||
53 | var CLIPPERZ = module.exports = function(CONFIG) { | 53 | var CLIPPERZ = module.exports = function(CONFIG) { |
54 | 54 | ||
55 | var LOGGER = CONFIG.logger||{trace:function(){}}; | 55 | var LOGGER = CONFIG.logger||{trace:function(){}}; |
56 | 56 | ||
57 | var PG = { | 57 | var PG = { |
58 | url: CONFIG.psql, | 58 | url: CONFIG.psql, |
59 | PG: require('pg').native, | 59 | PG: require('pg').native, |
60 | Q: function(q,a,cb) { | 60 | Q: function(q,a,cb) { |
61 | if('function'===typeof a) cb=a,a=[]; | 61 | if('function'===typeof a) cb=a,a=[]; |
62 | LOGGER.trace({query:q,args:a},'SQL: %s',q); | 62 | LOGGER.trace({query:q,args:a},'SQL: %s',q); |
63 | PG.PG.connect(PG.url,function(e,C,D) { | 63 | PG.PG.connect(PG.url,function(e,C,D) { |
64 | if(e) return cb(e); | 64 | if(e) return cb(e); |
65 | var t0=new Date(); | 65 | var t0=new Date(); |
66 | C.query(q,a,function(e,r) { | 66 | C.query(q,a,function(e,r) { |
67 | var t1=new Date(), dt=t1-t0; | 67 | var t1=new Date(), dt=t1-t0; |
68 | D(); | 68 | D(); |
69 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); | 69 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); |
70 | cb(e,r); | 70 | cb(e,r); |
71 | }); | 71 | }); |
72 | }); | 72 | }); |
73 | }, | 73 | }, |
74 | T: function(cb) { | 74 | T: function(cb) { |
75 | PG.PG.connect(PG.url,function(e,C,D) { | 75 | PG.PG.connect(PG.url,function(e,C,D) { |
76 | if(e) return cb(e); | 76 | if(e) return cb(e); |
77 | C.query('BEGIN',function(e){ | 77 | C.query('BEGIN',function(e){ |
78 | if(e) return D(),cb(e); | 78 | if(e) return D(),cb(e); |
79 | LOGGER.trace('SQL: transaction begun'); | ||
79 | cb(null,{ | 80 | cb(null,{ |
80 | Q: function(q,a,cb) { | 81 | Q: function(q,a,cb) { |
81 | LOGGER.trace({query:q,args:a},'SQL: %s',q); | 82 | LOGGER.trace({query:q,args:a},'SQL: %s',q); |
82 | if(this.over) return cb(new Error('game over')); | 83 | if(this.over) return cb(new Error('game over')); |
83 | if('function'===typeof a) cb=a,a=[]; | 84 | if('function'===typeof a) cb=a,a=[]; |
84 | var t0=new Date(); | 85 | var t0=new Date(); |
85 | C.query(q,a,function(e,r) { | 86 | C.query(q,a,function(e,r) { |
86 | var t1=new Date(), dt=t1-t0; | 87 | var t1=new Date(), dt=t1-t0; |
87 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); | 88 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); |
88 | cb(e,r); | 89 | cb(e,r); |
89 | }); | 90 | }); |
90 | }, | 91 | }, |
91 | commit: function(cb) { | 92 | commit: function(cb) { |
92 | LOGGER.trace('SQL: commit'); | 93 | LOGGER.trace('SQL: commit'); |
93 | if(this.over) return cb(new Error('game over')); | 94 | if(this.over) return cb(new Error('game over')); |
94 | return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)}); | 95 | return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)}); |
95 | }, | 96 | }, |
96 | rollback: function(cb) { | 97 | rollback: function(cb) { |
97 | LOGGER.trace('SQL: rollback'); | 98 | LOGGER.trace('SQL: rollback'); |
98 | if(this.over) return cb(new Error('game over')); | 99 | if(this.over) return cb(new Error('game over')); |
99 | return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)}); | 100 | return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)}); |
100 | }, | 101 | }, |
101 | end: function(e,cb) { | 102 | end: function(e,cb) { |
102 | if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb); | 103 | if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb); |
103 | this.commit(cb); | 104 | this.commit(cb); |
104 | } | 105 | } |
105 | }); | 106 | }); |
106 | }); | 107 | }); |
107 | }); | 108 | }); |
108 | } | 109 | } |
109 | }; | 110 | }; |
110 | 111 | ||
111 | 112 | ||
112 | var rv = { | 113 | var rv = { |
113 | 114 | ||
114 | json: function clipperz_json(req,res,cb) { | 115 | json: function clipperz_json(req,res,cb) { |
115 | var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters; | 116 | var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters; |
116 | var message = pp.message; | 117 | var message = pp.message; |
117 | var ppp = pp.parameters; | 118 | var ppp = pp.parameters; |
118 | res.res = function(o) { return res.json({result:o}) }; | 119 | res.res = function(o) { return res.json({result:o}) }; |
119 | LOGGER.trace({method:method,parameters:pp},"JSON request"); | 120 | LOGGER.trace({method:method,parameters:pp},"JSON request"); |
120 | 121 | ||
121 | switch(method) { | 122 | switch(method) { |
122 | case 'registration': | 123 | case 'registration': |
123 | switch(message) { | 124 | switch(message) { |
124 | case 'completeRegistration': return PG.Q( | 125 | case 'completeRegistration': return PG.Q( |
125 | "INSERT INTO clipperz.theuser" | 126 | "INSERT INTO clipperz.theuser" |
126 | +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)" | 127 | +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)" |
127 | +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)", | 128 | +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)", |
128 | [pp.credentials.C, pp.credentials.s, pp.credentials.v, | 129 | [pp.credentials.C, pp.credentials.s, pp.credentials.v, |
129 | pp.credentials.version,pp.user.header, pp.user.statistics, | 130 | pp.credentials.version,pp.user.header, pp.user.statistics, |
130 | pp.user.version, pp.user.lock], function(e,r) { | 131 | pp.user.version, pp.user.lock], function(e,r) { |
131 | if(e) return cb(e); | 132 | if(e) return cb(e); |
132 | res.res({lock:pp.user.lock,result:'done'}); | 133 | res.res({lock:pp.user.lock,result:'done'}); |
133 | }); | 134 | }); |
134 | } | 135 | } |
135 | break; | 136 | break; |
136 | 137 | ||
137 | case 'handshake': | 138 | case 'handshake': |
138 | switch(message) { | 139 | switch(message) { |
139 | case 'connect': return ASYNC.auto({ | 140 | case 'connect': return ASYNC.auto({ |
140 | u: function(cb) { PG.Q( | 141 | u: function(cb) { PG.Q( |
141 | "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1", | 142 | "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1", |
142 | [ppp.C], function(e,r) { | 143 | [ppp.C], function(e,r) { |
143 | if(e) return cb(e); | 144 | if(e) return cb(e); |
144 | if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123}); | 145 | if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123}); |
145 | cb(null,r.rows[0]); | 146 | cb(null,r.rows[0]); |
146 | }) }, | 147 | }) }, |
147 | otp: ['u',function(cb,r) { | 148 | otp: ['u',function(cb,r) { |
148 | if(!req.session.otp) return cb(); | 149 | if(!req.session.otp) return cb(); |
149 | if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch')); | 150 | if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch')); |
150 | PG.Q( | 151 | PG.Q( |
151 | "UPDATE clipperz.theotp AS otp" | 152 | "UPDATE clipperz.theotp AS otp" |
152 | +" SET" | 153 | +" SET" |
153 | +" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN (" | 154 | +" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN (" |
154 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'" | 155 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'" |
155 | +" ) ELSE otp.otps_id END," | 156 | +" ) ELSE otp.otps_id END," |
156 | +" otp_utime=current_timestamp" | 157 | +" otp_utime=current_timestamp" |
157 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" | 158 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" |
158 | +" WHERE" | 159 | +" WHERE" |
159 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id" | 160 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id" |
160 | +" AND otp.otp_id=$1 AND otp.u_id=$2" | 161 | +" AND otp.otp_id=$1 AND otp.u_id=$2" |
161 | +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref", | 162 | +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref", |
162 | [ req.session.otp, req.session.u ], | 163 | [ req.session.otp, req.session.u ], |
163 | function(e,r) { | 164 | function(e,r) { |
164 | if(e) return cb(e); | 165 | if(e) return cb(e); |
165 | if(!r.rowCount) return cb(new Error('no OTP found')); | 166 | if(!r.rowCount) return cb(new Error('no OTP found')); |
166 | r=r.rows[0]; | 167 | r=r.rows[0]; |
167 | if(!r.yes) return cb(new Error('OTP is in a sorry state')); | 168 | if(!r.yes) return cb(new Error('OTP is in a sorry state')); |
168 | cb(null,{ref:r.otp_ref}); | 169 | cb(null,{ref:r.otp_ref}); |
169 | }); | 170 | }); |
170 | }] | 171 | }] |
171 | },function(e,r) { | 172 | },function(e,r) { |
172 | if(e) return cb(e); | 173 | if(e) return cb(e); |
173 | req.session.C = ppp.C; req.session.A = ppp.A; | 174 | req.session.C = ppp.C; req.session.A = ppp.A; |
174 | req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v; | 175 | req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v; |
175 | req.session.u = r.u.u_id; | 176 | req.session.u = r.u.u_id; |
176 | req.session.b = clipperz_random(); | 177 | req.session.b = clipperz_random(); |
177 | req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16); | 178 | req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16); |
178 | var rv = {s:req.session.s,B:req.session.B} | 179 | var rv = {s:req.session.s,B:req.session.B} |
179 | if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref; | 180 | if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref; |
180 | res.res(rv); | 181 | res.res(rv); |
181 | }); | 182 | }); |
182 | 183 | ||
183 | case 'credentialCheck': | 184 | case 'credentialCheck': |
184 | var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10)); | 185 | var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10)); |
185 | var A = BIGNUM(req.session.A,16); | 186 | var A = BIGNUM(req.session.A,16); |
186 | var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm( | 187 | var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm( |
187 | BIGNUM(req.session.b,16), srp_n); | 188 | BIGNUM(req.session.b,16), srp_n); |
188 | var K = clipperz_hash(S.toString(10)); | 189 | var K = clipperz_hash(S.toString(10)); |
189 | var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16)); | 190 | var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16)); |
190 | if(M1!=ppp.M1) return res.res({error:'?'}); | 191 | if(M1!=ppp.M1) return res.res({error:'?'}); |
191 | req.session.K = K; | 192 | req.session.K = K; |
192 | var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16)); | 193 | var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16)); |
193 | return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'}); | 194 | return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'}); |
194 | 195 | ||
195 | case 'oneTimePassword': return PG.Q( | 196 | case 'oneTimePassword': return PG.Q( |
196 | "UPDATE clipperz.theotp AS otp" | 197 | "UPDATE clipperz.theotp AS otp" |
197 | +" SET" | 198 | +" SET" |
198 | +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE (" | 199 | +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE (" |
199 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE" | 200 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE" |
200 | +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'" | 201 | +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'" |
201 | +" ELSE 'DISABLED' END" | 202 | +" ELSE 'DISABLED' END" |
202 | +" ) END," | 203 | +" ) END," |
203 | +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END," | 204 | +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END," |
204 | +" otp_utime = current_timestamp," | 205 | +" otp_utime = current_timestamp," |
205 | +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END" | 206 | +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END" |
206 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" | 207 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" |
207 | +" WHERE" | 208 | +" WHERE" |
208 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1" | 209 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1" |
209 | +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version", | 210 | +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version", |
210 | [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ], | 211 | [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ], |
211 | function(e,r) { | 212 | function(e,r) { |
212 | if(e) return cb(e); | 213 | if(e) return cb(e); |
213 | if(!r.rowCount) return cb(new Error('OTP not found')); | 214 | if(!r.rowCount) return cb(new Error('OTP not found')); |
214 | r=r.rows[0]; | 215 | r=r.rows[0]; |
215 | if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum) | 216 | if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum) |
216 | return cb(new Error('OTP was disabled because of checksum mismatch')); | 217 | return cb(new Error('OTP was disabled because of checksum mismatch')); |
217 | if(r.otps_code!='ACTIVE') | 218 | if(r.otps_code!='ACTIVE') |
218 | return cb(new Error("OTP wasn't active, sorry")); | 219 | return cb(new Error("OTP wasn't active, sorry")); |
219 | req.session.u=r.u_id; req.session.otp=r.otp_id; | 220 | req.session.u=r.u_id; req.session.otp=r.otp_id; |
220 | res.res({data:r.otp_data,version:r.otp_version}); | 221 | res.res({data:r.otp_data,version:r.otp_version}); |
221 | }); | 222 | }); |
222 | } | 223 | } |
223 | break; | 224 | break; |
224 | 225 | ||
225 | case 'message': | 226 | case 'message': |
226 | if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"}); | 227 | if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"}); |
227 | if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'}); | 228 | if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'}); |
228 | switch(message) { | 229 | switch(message) { |
229 | case 'getUserDetails': return ASYNC.parallel({ | 230 | case 'getUserDetails': return ASYNC.parallel({ |
230 | u: function(cb) { | 231 | u: function(cb) { |
231 | PG.Q("SELECT u_header,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1", | 232 | PG.Q("SELECT u_header,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1", |
232 | [req.session.u],function(e,r) { | 233 | [req.session.u],function(e,r) { |
233 | if(e) return cb(e); | 234 | if(e) return cb(e); |
234 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); | 235 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); |
235 | cb(null,r.rows[0]); | 236 | cb(null,r.rows[0]); |
236 | }); | 237 | }); |
237 | }, | 238 | }, |
238 | stats: function(cb) { | 239 | stats: function(cb) { |
239 | PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1", | 240 | PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1", |
240 | [req.session.u],function(e,r) { | 241 | [req.session.u],function(e,r) { |
241 | if(e) return cb(e); | 242 | if(e) return cb(e); |
242 | cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{})); | 243 | cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{})); |
243 | }); | 244 | }); |
244 | } | 245 | } |
245 | },function(e,r) { | 246 | },function(e,r) { |
246 | if(e) return cb(e); | 247 | if(e) return cb(e); |
247 | res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats}); | 248 | res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats}); |
248 | }); | 249 | }); |
249 | 250 | ||
250 | case 'saveChanges': return PG.T(function(e,T) { | 251 | case 'saveChanges': return PG.T(function(e,T) { |
251 | if(e) return cb(e); | 252 | if(e) return cb(e); |
252 | ASYNC.auto({ | 253 | ASYNC.auto({ |
253 | user: function(cb) { | 254 | user: function(cb) { |
254 | T.Q( | 255 | T.Q( |
255 | "UPDATE clipperz.theuser" | 256 | "UPDATE clipperz.theuser" |
256 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)" | 257 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)" |
257 | +" WHERE u_id=$5" | 258 | +" WHERE u_id=$5" |
258 | +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u], | 259 | +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u], |
259 | function(e,r) { | 260 | function(e,r) { |
260 | if(e) return cb(e); | 261 | if(e) return cb(e); |
261 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); | 262 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); |
262 | cb(null,r.rows[0]); | 263 | cb(null,r.rows[0]); |
263 | }); | 264 | }); |
264 | }, | 265 | }, |
265 | updaterecords: function(cb) { | 266 | updaterecords: function(cb) { |
266 | if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb(); | 267 | if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb(); |
267 | ASYNC.each(ppp.records.updated,function(r,cb) { | 268 | ASYNC.each(ppp.records.updated,function(r,cb) { |
268 | ASYNC.auto({ | 269 | ASYNC.auto({ |
269 | updater: function(cb) { | 270 | updater: function(cb) { |
270 | T.Q( | 271 | T.Q( |