| author | Michael Krelin <hacker@klever.net> | 2013-11-27 17:11:26 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2013-11-27 17:11:26 (UTC) |
| commit | 0f1cc2ac41835ee8fa5dded1593fa95092b54bbe (patch) (unidiff) | |
| tree | 8563cd1578aad126c803be452dedd3b9dd9e0921 /backend/node | |
| parent | b59defff1efe85e43850243910007dd1fe3a4ef2 (diff) | |
| download | clipperz-0f1cc2ac41835ee8fa5dded1593fa95092b54bbe.zip clipperz-0f1cc2ac41835ee8fa5dded1593fa95092b54bbe.tar.gz clipperz-0f1cc2ac41835ee8fa5dded1593fa95092b54bbe.tar.bz2 | |
switched postgresql schema from json type to plaintext
| -rw-r--r-- | backend/node/src/clipperz.js | 20 | ||||
| -rw-r--r-- | backend/node/src/clipperz.schema.sql | 4 |
2 files changed, 13 insertions, 11 deletions
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js index b98c00e..b8b4d3e 100644 --- a/backend/node/src/clipperz.js +++ b/backend/node/src/clipperz.js | |||
| @@ -1,126 +1,128 @@ | |||
| 1 | var FS = require('fs'); | 1 | var FS = require('fs'); |
| 2 | var CRYPTO = require('crypto'); | 2 | var CRYPTO = require('crypto'); |
| 3 | var BIGNUM = require('bignum'); | 3 | var BIGNUM = require('bignum'); |
| 4 | var ASYNC = require('async'); | 4 | var ASYNC = require('async'); |
| 5 | 5 | ||
| 6 | var express_store = require('express').session.Store; | 6 | var express_store = require('express').session.Store; |
| 7 | 7 | ||
| 8 | function clipperz_hash(v) { | 8 | function clipperz_hash(v) { |
| 9 | return CRYPTO.createHash('sha256').update( | 9 | return CRYPTO.createHash('sha256').update( |
| 10 | CRYPTO.createHash('sha256').update(v).digest('binary') | 10 | CRYPTO.createHash('sha256').update(v).digest('binary') |
| 11 | ).digest('hex'); | 11 | ).digest('hex'); |
| 12 | }; | 12 | }; |
| 13 | function clipperz_random() { | 13 | function clipperz_random() { |
| 14 | for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16)); | 14 | for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16)); |
| 15 | return r.substr(0,64); | 15 | return r.substr(0,64); |
| 16 | }; | 16 | }; |
| 17 | function clipperz_store(PG) { | 17 | function clipperz_store(PG) { |
| 18 | var rv = function(o) { express_store.call(this,o); } | 18 | var rv = function(o) { express_store.call(this,o); } |
| 19 | rv.prototype.get = function(sid,cb) { PG.Q( | 19 | rv.prototype.get = function(sid,cb) { PG.Q( |
| 20 | "SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid], | 20 | "SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid], |
| 21 | function(e,r) { cb(e,(e||!r.rowCount)?null:r.rows[0].s_data); } | 21 | function(e,r) { cb(e,(e||!r.rowCount)?null:JSON.parse(r.rows[0].s_data)); } |
| 22 | ) }; | 22 | ) }; |
| 23 | rv.prototype.set = function(sid,data,cb) { PG.Q( | 23 | rv.prototype.set = function(sid,data,cb) { |
| 24 | "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp" | 24 | var d = JSON.stringify(data); |
| 25 | +" WHERE s_id=$2",[data,sid], function(e,r) { | 25 | PG.Q( |
| 26 | "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp" | ||
| 27 | +" WHERE s_id=$2",[d,sid], function(e,r) { | ||
| 26 | if(e) return cb(e); | 28 | if(e) return cb(e); |
| 27 | if(r.rowCount) return cb(); | 29 | if(r.rowCount) return cb(); |
| 28 | PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,data],cb); | 30 | PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,d],cb); |
| 29 | } | 31 | }); |
| 30 | ) }; | 32 | }; |
| 31 | rv.prototype.destroy = function(sid,cb) { PG.Q( | 33 | rv.prototype.destroy = function(sid,cb) { PG.Q( |
| 32 | "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb | 34 | "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb |
| 33 | ) }; | 35 | ) }; |
| 34 | rv.prototype.length = function(cb) { PG.Q( | 36 | rv.prototype.length = function(cb) { PG.Q( |
| 35 | "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) { | 37 | "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) { |
| 36 | cb(e,e?null:r.rows[0].c); | 38 | cb(e,e?null:r.rows[0].c); |
| 37 | } | 39 | } |
| 38 | ) }; | 40 | ) }; |
| 39 | rv.prototype.length = function(cb) { PQ.Q( | 41 | rv.prototype.length = function(cb) { PQ.Q( |
| 40 | "DELETE FROM clipperz.thesession", cb | 42 | "DELETE FROM clipperz.thesession", cb |
| 41 | ) }; | 43 | ) }; |
| 42 | rv.prototype.__proto__ = express_store.prototype; | 44 | rv.prototype.__proto__ = express_store.prototype; |
| 43 | return rv; | 45 | return rv; |
| 44 | } | 46 | } |
| 45 | 47 | ||
| 46 | var srp_g = BIGNUM(2); | 48 | var srp_g = BIGNUM(2); |
| 47 | var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16); | 49 | var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16); |
| 48 | var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'; | 50 | var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'; |
| 49 | 51 | ||
| 50 | 52 | ||
| 51 | var CLIPPERZ = module.exports = function(CONFIG) { | 53 | var CLIPPERZ = module.exports = function(CONFIG) { |
| 52 | 54 | ||
| 53 | var LOGGER = CONFIG.logger||{trace:function(){}}; | 55 | var LOGGER = CONFIG.logger||{trace:function(){}}; |
| 54 | 56 | ||
| 55 | var PG = { | 57 | var PG = { |
| 56 | url: CONFIG.psql, | 58 | url: CONFIG.psql, |
| 57 | PG: require('pg').native, | 59 | PG: require('pg').native, |
| 58 | Q: function(q,a,cb) { | 60 | Q: function(q,a,cb) { |
| 59 | if('function'===typeof a) cb=a,a=[]; | 61 | if('function'===typeof a) cb=a,a=[]; |
| 60 | LOGGER.trace({query:q,args:a},'SQL: %s',q); | 62 | LOGGER.trace({query:q,args:a},'SQL: %s',q); |
| 61 | PG.PG.connect(PG.url,function(e,C,D) { | 63 | PG.PG.connect(PG.url,function(e,C,D) { |
| 62 | if(e) return cb(e); | 64 | if(e) return cb(e); |
| 63 | var t0=new Date(); | 65 | var t0=new Date(); |
| 64 | C.query(q,a,function(e,r) { | 66 | C.query(q,a,function(e,r) { |
| 65 | var t1=new Date(), dt=t1-t0; | 67 | var t1=new Date(), dt=t1-t0; |
| 66 | D(); | 68 | D(); |
| 67 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); | 69 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); |
| 68 | cb(e,r); | 70 | cb(e,r); |
| 69 | }); | 71 | }); |
| 70 | }); | 72 | }); |
| 71 | }, | 73 | }, |
| 72 | T: function(cb) { | 74 | T: function(cb) { |
| 73 | PG.PG.connect(PG.url,function(e,C,D) { | 75 | PG.PG.connect(PG.url,function(e,C,D) { |
| 74 | if(e) return cb(e); | 76 | if(e) return cb(e); |
| 75 | C.query('BEGIN',function(e){ | 77 | C.query('BEGIN',function(e){ |
| 76 | if(e) return D(),cb(e); | 78 | if(e) return D(),cb(e); |
| 77 | cb(null,{ | 79 | cb(null,{ |
| 78 | Q: function(q,a,cb) { | 80 | Q: function(q,a,cb) { |
| 79 | LOGGER.trace({query:q,args:a},'SQL: %s',q); | 81 | LOGGER.trace({query:q,args:a},'SQL: %s',q); |
| 80 | if(this.over) return cb(new Error('game over')); | 82 | if(this.over) return cb(new Error('game over')); |
| 81 | if('function'===typeof a) cb=a,a=[]; | 83 | if('function'===typeof a) cb=a,a=[]; |
| 82 | var t0=new Date(); | 84 | var t0=new Date(); |
| 83 | C.query(q,a,function(e,r) { | 85 | C.query(q,a,function(e,r) { |
| 84 | var t1=new Date(), dt=t1-t0; | 86 | var t1=new Date(), dt=t1-t0; |
| 85 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); | 87 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); |
| 86 | cb(e,r); | 88 | cb(e,r); |
| 87 | }); | 89 | }); |
| 88 | }, | 90 | }, |
| 89 | commit: function(cb) { | 91 | commit: function(cb) { |
| 90 | LOGGER.trace('SQL: commit'); | 92 | LOGGER.trace('SQL: commit'); |
| 91 | if(this.over) return cb(new Error('game over')); | 93 | if(this.over) return cb(new Error('game over')); |
| 92 | return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)}); | 94 | return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)}); |
| 93 | }, | 95 | }, |
| 94 | rollback: function(cb) { | 96 | rollback: function(cb) { |
| 95 | LOGGER.trace('SQL: rollback'); | 97 | LOGGER.trace('SQL: rollback'); |
| 96 | if(this.over) return cb(new Error('game over')); | 98 | if(this.over) return cb(new Error('game over')); |
| 97 | return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)}); | 99 | return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)}); |
| 98 | }, | 100 | }, |
| 99 | end: function(e,cb) { | 101 | end: function(e,cb) { |
| 100 | if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb); | 102 | if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb); |
| 101 | this.commit(cb); | 103 | this.commit(cb); |
| 102 | } | 104 | } |
| 103 | }); | 105 | }); |
| 104 | }); | 106 | }); |
| 105 | }); | 107 | }); |
| 106 | } | 108 | } |
| 107 | }; | 109 | }; |
| 108 | 110 | ||
| 109 | 111 | ||
| 110 | var rv = { | 112 | var rv = { |
| 111 | 113 | ||
| 112 | json: function clipperz_json(req,res,cb) { | 114 | json: function clipperz_json(req,res,cb) { |
| 113 | var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters; | 115 | var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters; |
| 114 | var message = pp.message; | 116 | var message = pp.message; |
| 115 | var ppp = pp.parameters; | 117 | var ppp = pp.parameters; |
| 116 | res.res = function(o) { return res.json({result:o}) }; | 118 | res.res = function(o) { return res.json({result:o}) }; |
| 117 | LOGGER.trace({method:method,parameters:pp},"JSON request"); | 119 | LOGGER.trace({method:method,parameters:pp},"JSON request"); |
| 118 | 120 | ||
| 119 | switch(method) { | 121 | switch(method) { |
| 120 | case 'registration': | 122 | case 'registration': |
| 121 | switch(message) { | 123 | switch(message) { |
| 122 | case 'completeRegistration': return PG.Q( | 124 | case 'completeRegistration': return PG.Q( |
| 123 | "INSERT INTO clipperz.theuser" | 125 | "INSERT INTO clipperz.theuser" |
| 124 | +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)" | 126 | +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)" |
| 125 | +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)", | 127 | +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)", |
| 126 | [pp.credentials.C, pp.credentials.s, pp.credentials.v, | 128 | [pp.credentials.C, pp.credentials.s, pp.credentials.v, |
| @@ -133,193 +135,193 @@ var CLIPPERZ = module.exports = function(CONFIG) { | |||
| 133 | break; | 135 | break; |
| 134 | 136 | ||
| 135 | case 'handshake': | 137 | case 'handshake': |
| 136 | switch(message) { | 138 | switch(message) { |
| 137 | case 'connect': return ASYNC.auto({ | 139 | case 'connect': return ASYNC.auto({ |
| 138 | u: function(cb) { PG.Q( | 140 | u: function(cb) { PG.Q( |
| 139 | "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1", | 141 | "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1", |
| 140 | [ppp.C], function(e,r) { | 142 | [ppp.C], function(e,r) { |
| 141 | if(e) return cb(e); | 143 | if(e) return cb(e); |
| 142 | if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123}); | 144 | if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123}); |
| 143 | cb(null,r.rows[0]); | 145 | cb(null,r.rows[0]); |
| 144 | }) }, | 146 | }) }, |
| 145 | otp: ['u',function(cb,r) { | 147 | otp: ['u',function(cb,r) { |
| 146 | if(!req.session.otp) return cb(); | 148 | if(!req.session.otp) return cb(); |
| 147 | if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch')); | 149 | if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch')); |
| 148 | PG.Q( | 150 | PG.Q( |
| 149 | "UPDATE clipperz.theotp AS otp" | 151 | "UPDATE clipperz.theotp AS otp" |
| 150 | +" SET" | 152 | +" SET" |
| 151 | +" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN (" | 153 | +" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN (" |
| 152 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'" | 154 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'" |
| 153 | +" ) ELSE otp.otps_id END," | 155 | +" ) ELSE otp.otps_id END," |
| 154 | +" otp_utime=current_timestamp" | 156 | +" otp_utime=current_timestamp" |
| 155 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" | 157 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" |
| 156 | +" WHERE" | 158 | +" WHERE" |
| 157 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id" | 159 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id" |
| 158 | +" AND otp.otp_id=$1 AND otp.u_id=$2" | 160 | +" AND otp.otp_id=$1 AND otp.u_id=$2" |
| 159 | +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref", | 161 | +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref", |
| 160 | [ req.session.otp, req.session.u ], | 162 | [ req.session.otp, req.session.u ], |
| 161 | function(e,r) { | 163 | function(e,r) { |
| 162 | if(e) return cb(e); | 164 | if(e) return cb(e); |
| 163 | if(!r.rowCount) return cb(new Error('no OTP found')); | 165 | if(!r.rowCount) return cb(new Error('no OTP found')); |
| 164 | r=r.rows[0]; | 166 | r=r.rows[0]; |
| 165 | if(!r.yes) return cb(new Error('OTP is in a sorry state')); | 167 | if(!r.yes) return cb(new Error('OTP is in a sorry state')); |
| 166 | cb(null,{ref:r.otp_ref}); | 168 | cb(null,{ref:r.otp_ref}); |
| 167 | }); | 169 | }); |
| 168 | }] | 170 | }] |
| 169 | },function(e,r) { | 171 | },function(e,r) { |
| 170 | if(e) return cb(e); | 172 | if(e) return cb(e); |
| 171 | req.session.C = ppp.C; req.session.A = ppp.A; | 173 | req.session.C = ppp.C; req.session.A = ppp.A; |
| 172 | req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v; | 174 | req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v; |
| 173 | req.session.u = r.u.u_id; | 175 | req.session.u = r.u.u_id; |
| 174 | req.session.b = clipperz_random(); | 176 | req.session.b = clipperz_random(); |
| 175 | req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16); | 177 | req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16); |
| 176 | var rv = {s:req.session.s,B:req.session.B} | 178 | var rv = {s:req.session.s,B:req.session.B} |
| 177 | if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref; | 179 | if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref; |
| 178 | res.res(rv); | 180 | res.res(rv); |
| 179 | }); | 181 | }); |
| 180 | 182 | ||
| 181 | case 'credentialCheck': | 183 | case 'credentialCheck': |
| 182 | var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10)); | 184 | var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10)); |
| 183 | var A = BIGNUM(req.session.A,16); | 185 | var A = BIGNUM(req.session.A,16); |
| 184 | var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm( | 186 | var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm( |
| 185 | BIGNUM(req.session.b,16), srp_n); | 187 | BIGNUM(req.session.b,16), srp_n); |
| 186 | var K = clipperz_hash(S.toString(10)); | 188 | var K = clipperz_hash(S.toString(10)); |
| 187 | var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16)); | 189 | var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16)); |
| 188 | if(M1!=ppp.M1) return res.res({error:'?'}); | 190 | if(M1!=ppp.M1) return res.res({error:'?'}); |
| 189 | req.session.K = K; | 191 | req.session.K = K; |
| 190 | var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16)); | 192 | var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16)); |
| 191 | return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'}); | 193 | return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'}); |
| 192 | 194 | ||
| 193 | case 'oneTimePassword': return PG.Q( | 195 | case 'oneTimePassword': return PG.Q( |
| 194 | "UPDATE clipperz.theotp AS otp" | 196 | "UPDATE clipperz.theotp AS otp" |
| 195 | +" SET" | 197 | +" SET" |
| 196 | +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE (" | 198 | +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE (" |
| 197 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE" | 199 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE" |
| 198 | +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'" | 200 | +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'" |
| 199 | +" ELSE 'DISABLED' END" | 201 | +" ELSE 'DISABLED' END" |
| 200 | +" ) END," | 202 | +" ) END," |
| 201 | +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END," | 203 | +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END," |
| 202 | +" otp_utime = current_timestamp," | 204 | +" otp_utime = current_timestamp," |
| 203 | +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END" | 205 | +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END" |
| 204 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" | 206 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" |
| 205 | +" WHERE" | 207 | +" WHERE" |
| 206 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1" | 208 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1" |
| 207 | +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version", | 209 | +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version", |
| 208 | [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ], | 210 | [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ], |
| 209 | function(e,r) { | 211 | function(e,r) { |
| 210 | if(e) return cb(e); | 212 | if(e) return cb(e); |
| 211 | if(!r.rowCount) return cb(new Error('OTP not found')); | 213 | if(!r.rowCount) return cb(new Error('OTP not found')); |
| 212 | r=r.rows[0]; | 214 | r=r.rows[0]; |
| 213 | if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum) | 215 | if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum) |
| 214 | return cb(new Error('OTP was disabled because of checksum mismatch')); | 216 | return cb(new Error('OTP was disabled because of checksum mismatch')); |
| 215 | if(r.otps_code!='ACTIVE') | 217 | if(r.otps_code!='ACTIVE') |
| 216 | return cb(new Error("OTP wasn't active, sorry")); | 218 | return cb(new Error("OTP wasn't active, sorry")); |
| 217 | req.session.u=r.u_id; req.session.otp=r.otp_id; | 219 | req.session.u=r.u_id; req.session.otp=r.otp_id; |
| 218 | res.res({data:r.otp_data,version:r.otp_version}); | 220 | res.res({data:r.otp_data,version:r.otp_version}); |
| 219 | }); | 221 | }); |
| 220 | } | 222 | } |
| 221 | break; | 223 | break; |
| 222 | 224 | ||
| 223 | case 'message': | 225 | case 'message': |
| 224 | if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"}); | 226 | if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"}); |
| 225 | if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'}); | 227 | if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'}); |
| 226 | switch(message) { | 228 | switch(message) { |
| 227 | case 'getUserDetails': return ASYNC.parallel({ | 229 | case 'getUserDetails': return ASYNC.parallel({ |
| 228 | u: function(cb) { | 230 | u: function(cb) { |
| 229 | PG.Q("SELECT u_header::varchar,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1", | 231 | PG.Q("SELECT u_header,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1", |
| 230 | [req.session.u],function(e,r) { | 232 | [req.session.u],function(e,r) { |
| 231 | if(e) return cb(e); | 233 | if(e) return cb(e); |
| 232 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); | 234 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); |
| 233 | cb(null,r.rows[0]); | 235 | cb(null,r.rows[0]); |
| 234 | }); | 236 | }); |
| 235 | }, | 237 | }, |
| 236 | stats: function(cb) { | 238 | stats: function(cb) { |
| 237 | PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1", | 239 | PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1", |
| 238 | [req.session.u],function(e,r) { | 240 | [req.session.u],function(e,r) { |
| 239 | if(e) return cb(e); | 241 | if(e) return cb(e); |
| 240 | cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{})); | 242 | cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{})); |
| 241 | }); | 243 | }); |
| 242 | } | 244 | } |
| 243 | },function(e,r) { | 245 | },function(e,r) { |
| 244 | if(e) return cb(e); | 246 | if(e) return cb(e); |
| 245 | res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats}); | 247 | res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats}); |
| 246 | }); | 248 | }); |
| 247 | 249 | ||
| 248 | case 'saveChanges': return PG.T(function(e,T) { | 250 | case 'saveChanges': return PG.T(function(e,T) { |
| 249 | if(e) return cb(e); | 251 | if(e) return cb(e); |
| 250 | ASYNC.auto({ | 252 | ASYNC.auto({ |
| 251 | user: function(cb) { | 253 | user: function(cb) { |
| 252 | T.Q( | 254 | T.Q( |
| 253 | "UPDATE clipperz.theuser" | 255 | "UPDATE clipperz.theuser" |
| 254 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)" | 256 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)" |
| 255 | +" WHERE u_id=$5" | 257 | +" WHERE u_id=$5" |
| 256 | +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u], | 258 | +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u], |
| 257 | function(e,r) { | 259 | function(e,r) { |
| 258 | if(e) return cb(e); | 260 | if(e) return cb(e); |
| 259 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); | 261 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); |
| 260 | cb(null,r.rows[0]); | 262 | cb(null,r.rows[0]); |
| 261 | }); | 263 | }); |
| 262 | }, | 264 | }, |
| 263 | updaterecords: function(cb) { | 265 | updaterecords: function(cb) { |
| 264 | if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb(); | 266 | if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb(); |
| 265 | ASYNC.each(ppp.records.updated,function(r,cb) { | 267 | ASYNC.each(ppp.records.updated,function(r,cb) { |
| 266 | ASYNC.auto({ | 268 | ASYNC.auto({ |
| 267 | updater: function(cb) { | 269 | updater: function(cb) { |
| 268 | T.Q( | 270 | T.Q( |
| 269 | "UPDATE clipperz.therecord" | 271 | "UPDATE clipperz.therecord" |
| 270 | +" SET r_data=$2, r_version=$3, r_mtime=current_timestamp" | 272 | +" SET r_data=$2, r_version=$3, r_mtime=current_timestamp" |
| 271 | +" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id", | 273 | +" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id", |
| 272 | [r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) { | 274 | [r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) { |
| 273 | if(e) return cb(e); | 275 | if(e) return cb(e); |
| 274 | return cb(null,r.rows.length?r.rows[0]:null); | 276 | return cb(null,r.rows.length?r.rows[0]:null); |
| 275 | }); | 277 | }); |
| 276 | }, | 278 | }, |
| 277 | insertr: ['updater',function(cb,rr) { | 279 | insertr: ['updater',function(cb,rr) { |
| 278 | if(rr.updater) return cb(); | 280 | if(rr.updater) return cb(); |
| 279 | T.Q( | 281 | T.Q( |
| 280 | "INSERT INTO clipperz.therecord" | 282 | "INSERT INTO clipperz.therecord" |
| 281 | +" (u_id,r_ref,r_data,r_version)" | 283 | +" (u_id,r_ref,r_data,r_version)" |
| 282 | +" VALUES ($1,$2,$3,$4) RETURNING r_id",[req.session.u,r.record.reference,r.record.data,r.record.version], | 284 | +" VALUES ($1,$2,$3,$4) RETURNING r_id",[req.session.u,r.record.reference,r.record.data,r.record.version], |
| 283 | function(e,r) { | 285 | function(e,r) { |
| 284 | if(e) return cb(e); | 286 | if(e) return cb(e); |
| 285 | return cb(null,r.rows[0]); | 287 | return cb(null,r.rows[0]); |
| 286 | }); | 288 | }); |
| 287 | }], | 289 | }], |
| 288 | updatev: ['updater','insertr',function(cb,rr) { | 290 | updatev: ['updater','insertr',function(cb,rr) { |
| 289 | var crv=r.currentRecordVersion; | 291 | var crv=r.currentRecordVersion; |
| 290 | T.Q( | 292 | T.Q( |
| 291 | "UPDATE clipperz.therecordversion" | 293 | "UPDATE clipperz.therecordversion" |
| 292 | +" SET rv_ref=$1, rv_data=$2, rv_version=$3," | 294 | +" SET rv_ref=$1, rv_data=$2, rv_version=$3," |
| 293 | +" rv_previous_id=COALESCE($4,rv_previous_id)," | 295 | +" rv_previous_id=COALESCE($4,rv_previous_id)," |
| 294 | +" rv_previous_key=$5, r_id=$6, rv_mtime=current_timestamp" | 296 | +" rv_previous_key=$5, r_id=$6, rv_mtime=current_timestamp" |
| 295 | +" WHERE" | 297 | +" WHERE" |
| 296 | +" rv_id=(SELECT rv_id FROM clipperz.therecordversion WHERE r_id=$6 ORDER BY r_id ASC LIMIT 1)" | 298 | +" rv_id=(SELECT rv_id FROM clipperz.therecordversion WHERE r_id=$6 ORDER BY r_id ASC LIMIT 1)" |
| 297 | +" RETURNING rv_id", | 299 | +" RETURNING rv_id", |
| 298 | [crv.reference,crv.data,crv.version, | 300 | [crv.reference,crv.data,crv.version, |
| 299 | crv.previousVersion||null,crv.previousVersionKey, | 301 | crv.previousVersion||null,crv.previousVersionKey, |
| 300 | (rr.updater||rr.insertr).r_id], | 302 | (rr.updater||rr.insertr).r_id], |
| 301 | function(e,r) { | 303 | function(e,r) { |
| 302 | if(e) return cb(e); | 304 | if(e) return cb(e); |
| 303 | return cb(null,r.rows.length?r.rows[0]:null); | 305 | return cb(null,r.rows.length?r.rows[0]:null); |
| 304 | }); | 306 | }); |
| 305 | }], | 307 | }], |
| 306 | insertv: ['updatev',function(cb,rr) { | 308 | insertv: ['updatev',function(cb,rr) { |
| 307 | if(rr.updatev) return cb(); | 309 | if(rr.updatev) return cb(); |
| 308 | var crv=r.currentRecordVersion; | 310 | var crv=r.currentRecordVersion; |
| 309 | T.Q( | 311 | T.Q( |
| 310 | "INSERT INTO clipperz.therecordversion" | 312 | "INSERT INTO clipperz.therecordversion" |
| 311 | +" (r_id,rv_ref,rv_data,rv_version,rv_previous_id,rv_previous_key)" | 313 | +" (r_id,rv_ref,rv_data,rv_version,rv_previous_id,rv_previous_key)" |
| 312 | +" VALUES ($1,$2,$3,$4,$5,$6) RETURNING rv_id", | 314 | +" VALUES ($1,$2,$3,$4,$5,$6) RETURNING rv_id", |
| 313 | [(rr.updater||rr.insertr).r_id, | 315 | [(rr.updater||rr.insertr).r_id, |
| 314 | crv.reference, crv.data, crv.version, | 316 | crv.reference, crv.data, crv.version, |
| 315 | crv.previousVersion||null,crv.previousVersionKey], | 317 | crv.previousVersion||null,crv.previousVersionKey], |
| 316 | function(e,r) { | 318 | function(e,r) { |
| 317 | if(e) return cb(e); | 319 | if(e) return cb(e); |
| 318 | return cb(null,r.rows[0]); | 320 | return cb(null,r.rows[0]); |
| 319 | }); | 321 | }); |
| 320 | }] | 322 | }] |
| 321 | },cb); | 323 | },cb); |
| 322 | },cb); | 324 | },cb); |
| 323 | }, | 325 | }, |
| 324 | deleterecords: function(cb) { | 326 | deleterecords: function(cb) { |
| 325 | if(!(ppp.records && ppp.records.deleted && ppp.records.deleted.length)) return cb(); | 327 | if(!(ppp.records && ppp.records.deleted && ppp.records.deleted.length)) return cb(); |
| @@ -409,164 +411,164 @@ var CLIPPERZ = module.exports = function(CONFIG) { | |||
| 409 | }); | 411 | }); |
| 410 | }); | 412 | }); |
| 411 | 413 | ||
| 412 | case 'updateOneTimePasswords': return PG.T(function(e,T) { | 414 | case 'updateOneTimePasswords': return PG.T(function(e,T) { |
| 413 | if(e) return cb(e); | 415 | if(e) return cb(e); |
| 414 | ASYNC.parallel({ | 416 | ASYNC.parallel({ |
| 415 | otp: function(cb) { | 417 | otp: function(cb) { |
| 416 | T.Q( | 418 | T.Q( |
| 417 | "DELETE FROM clipperz.theotp" | 419 | "DELETE FROM clipperz.theotp" |
| 418 | +" WHERE u_id=$1" | 420 | +" WHERE u_id=$1" |
| 419 | +" AND NOT otp_ref = ANY($2::text[])", | 421 | +" AND NOT otp_ref = ANY($2::text[])", |
| 420 | [ req.session.u,'{'+ppp.oneTimePasswords.join(',')+'}' ],cb); | 422 | [ req.session.u,'{'+ppp.oneTimePasswords.join(',')+'}' ],cb); |
| 421 | }, | 423 | }, |
| 422 | user: function(cb) { | 424 | user: function(cb) { |
| 423 | var u = ppp.user; | 425 | var u = ppp.user; |
| 424 | T.Q( | 426 | T.Q( |
| 425 | "UPDATE clipperz.theuser" | 427 | "UPDATE clipperz.theuser" |
| 426 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)" | 428 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)" |
| 427 | +" WHERE u_id=$5", | 429 | +" WHERE u_id=$5", |
| 428 | [ u.header, u.statistics, u.version, u.lock||null, req.session.u], | 430 | [ u.header, u.statistics, u.version, u.lock||null, req.session.u], |
| 429 | function(e,r) { | 431 | function(e,r) { |
| 430 | if(e) return cb(e); | 432 | if(e) return cb(e); |
| 431 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); | 433 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); |
| 432 | cb(); | 434 | cb(); |
| 433 | }); | 435 | }); |
| 434 | } | 436 | } |
| 435 | },function(e,r) { | 437 | },function(e,r) { |
| 436 | T.end(e, function(e) { | 438 | T.end(e, function(e) { |
| 437 | if(e) return cb(e); | 439 | if(e) return cb(e); |
| 438 | res.res({result:ppp.user.lock}); | 440 | res.res({result:ppp.user.lock}); |
| 439 | }); | 441 | }); |
| 440 | }); | 442 | }); |
| 441 | }); | 443 | }); |
| 442 | 444 | ||
| 443 | case 'upgradeUserCredentials': return PG.T(function(e,T) { | 445 | case 'upgradeUserCredentials': return PG.T(function(e,T) { |
| 444 | if(e) return cb(e); | 446 | if(e) return cb(e); |
| 445 | ASYNC.parallel({ | 447 | ASYNC.parallel({ |
| 446 | user: function(cb) { | 448 | user: function(cb) { |
| 447 | var u = ppp.user, c = ppp.credentials; | 449 | var u = ppp.user, c = ppp.credentials; |
| 448 | T.Q( | 450 | T.Q( |
| 449 | "UPDATE clipperz.theuser" | 451 | "UPDATE clipperz.theuser" |
| 450 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)," | 452 | +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)," |
| 451 | +" u_name=$5, u_srp_s=$6, u_srp_v=$7, u_authversion=$8" | 453 | +" u_name=$5, u_srp_s=$6, u_srp_v=$7, u_authversion=$8" |
| 452 | +" WHERE u_id=$9 RETURNING u_lock", | 454 | +" WHERE u_id=$9 RETURNING u_lock", |
| 453 | [ u.header,u.statistics,u.version,u.lock||null, | 455 | [ u.header,u.statistics,u.version,u.lock||null, |
| 454 | c.C,c.s,c.v,c.version, req.session.u ],function(e,r) { | 456 | c.C,c.s,c.v,c.version, req.session.u ],function(e,r) { |
| 455 | if(e) return cb(e); | 457 | if(e) return cb(e); |
| 456 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); | 458 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); |
| 457 | cb(e,r.rows[0]); | 459 | cb(e,r.rows[0]); |
| 458 | }); | 460 | }); |
| 459 | }, | 461 | }, |
| 460 | otp: function(cb) { | 462 | otp: function(cb) { |
| 461 | var otps=ppp.oneTimePasswords; | 463 | var otps=ppp.oneTimePasswords; |
| 462 | if(!otps) return cb(); | 464 | if(!otps) return cb(); |
| 463 | ASYNC.each(Object.keys(otps),function(r,cb) { | 465 | ASYNC.each(Object.keys(otps),function(r,cb) { |
| 464 | T.Q( | 466 | T.Q( |
| 465 | "UPDATE clipperz.theotp" | 467 | "UPDATE clipperz.theotp" |
| 466 | +" SET otp_data=$1, otp_utime=current_timestamp WHERE otp_ref=$2 AND u_id=$3", | 468 | +" SET otp_data=$1, otp_utime=current_timestamp WHERE otp_ref=$2 AND u_id=$3", |
| 467 | [ otps[r], r, req.session.u ], function(e,r) { | 469 | [ otps[r], r, req.session.u ], function(e,r) { |
| 468 | if(e) return cb(e); | 470 | if(e) return cb(e); |
| 469 | if(!r.rowCount) return cb(new Error("OTP's gone AWOL")); | 471 | if(!r.rowCount) return cb(new Error("OTP's gone AWOL")); |
| 470 | cb(); | 472 | cb(); |
| 471 | }); | 473 | }); |
| 472 | },cb); | 474 | },cb); |
| 473 | } | 475 | } |
| 474 | },function(e,r) { | 476 | },function(e,r) { |
| 475 | T.end(e, function(e) { | 477 | T.end(e, function(e) { |
| 476 | if(e) return cb(e); | 478 | if(e) return cb(e); |
| 477 | res.res({result:'done',lock:r.user.u_lock}); | 479 | res.res({result:'done',lock:r.user.u_lock}); |
| 478 | }); | 480 | }); |
| 479 | }); | 481 | }); |
| 480 | }); | 482 | }); |
| 481 | 483 | ||
| 482 | case 'deleteUser': return PG.Q( | 484 | case 'deleteUser': return PG.Q( |
| 483 | "DELETE FROM clipperz.theuser WHERE u_id=$1", | 485 | "DELETE FROM clipperz.theuser WHERE u_id=$1", |
| 484 | [req.session.u],function(e,r) { | 486 | [req.session.u],function(e,r) { |
| 485 | if(e) return cb(e); | 487 | if(e) return cb(e); |
| 486 | res.res({result:'ok'}); | 488 | res.res({result:'ok'}); |
| 487 | }); | 489 | }); |
| 488 | 490 | ||
| 489 | case 'echo': return res.res({result:ppp}); | 491 | case 'echo': return res.res({result:ppp}); |
| 490 | case 'getOneTimePasswordsDetails': return res.res({}); | 492 | case 'getOneTimePasswordsDetails': return res.res({}); |
| 491 | case 'getLoginHistory': return res.res({result:[]}); | 493 | case 'getLoginHistory': return res.res({result:[]}); |
| 492 | } | 494 | } |
| 493 | break; | 495 | break; |
| 494 | case 'logout': return req.session.destroy(function(e){res.res({})}); | 496 | case 'logout': return req.session.destroy(function(e){res.res({})}); |
| 495 | } | 497 | } |
| 496 | cb(); | 498 | cb(); |
| 497 | }, | 499 | }, |
| 498 | 500 | ||
| 499 | dump: function(req,res,cb) { | 501 | dump: function(req,res,cb) { |
| 500 | if(!req.session.u) return cb(new Error('logging in helps')); | 502 | if(!req.session.u) return cb(new Error('logging in helps')); |
| 501 | return ASYNC.parallel({ | 503 | return ASYNC.parallel({ |
| 502 | u: function(cb) { | 504 | u: function(cb) { |
| 503 | PG.Q( | 505 | PG.Q( |
| 504 | "SELECT" | 506 | "SELECT" |
| 505 | +" u_name, u_srp_s, u_srp_v, u_authversion, u_header::varchar, u_statistics, u_version" | 507 | +" u_name, u_srp_s, u_srp_v, u_authversion, u_header, u_statistics, u_version" |
| 506 | +" FROM clipperz.theuser WHERE u_id=$1",[req.session.u],function(e,r) { | 508 | +" FROM clipperz.theuser WHERE u_id=$1",[req.session.u],function(e,r) { |
| 507 | if(e) return cb(e); | 509 | if(e) return cb(e); |
| 508 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); | 510 | if(!r.rowCount) return cb(new Error("user's gone AWOL")); |
| 509 | r = r.rows[0]; | 511 | r = r.rows[0]; |
| 510 | return cb(null,{u:r.u_name,d:{s:r.u_srp_s,v:r.u_srp_v, version:r.u_authversion, | 512 | return cb(null,{u:r.u_name,d:{s:r.u_srp_s,v:r.u_srp_v, version:r.u_authversion, |
| 511 | maxNumberOfRecords: '100', userDetails: r.u_header, | 513 | maxNumberOfRecords: '100', userDetails: r.u_header, |
| 512 | statistics: r.u_statistics, userDetailsVersion: r.u_version | 514 | statistics: r.u_statistics, userDetailsVersion: r.u_version |
| 513 | }}); | 515 | }}); |
| 514 | }); | 516 | }); |
| 515 | }, | 517 | }, |
| 516 | records: function(cb) { | 518 | records: function(cb) { |
| 517 | PG.Q( | 519 | PG.Q( |
| 518 | "SELECT" | 520 | "SELECT" |
| 519 | +" r.r_id, r.r_ref, r_data, r_version, r_ctime, r_mtime, r_atime," | 521 | +" r.r_id, r.r_ref, r_data, r_version, r_ctime, r_mtime, r_atime," |
| 520 | +" rv.rv_id, rv.rv_ref AS rv_ref, rv_header, rv_data, rv_version, rv_ctime, rv_mtime, rv_atime" | 522 | +" rv.rv_id, rv.rv_ref AS rv_ref, rv_header, rv_data, rv_version, rv_ctime, rv_mtime, rv_atime" |
| 521 | +" FROM" | 523 | +" FROM" |
| 522 | +" clipperz.therecord AS r" | 524 | +" clipperz.therecord AS r" |
| 523 | +" LEFT JOIN clipperz.therecordversion AS rv USING (r_id)" | 525 | +" LEFT JOIN clipperz.therecordversion AS rv USING (r_id)" |
| 524 | +" WHERE r.u_id=$1" | 526 | +" WHERE r.u_id=$1" |
| 525 | +" ORDER BY r.r_id ASC, rv.rv_id ASC", [req.session.u],function(e,r) { | 527 | +" ORDER BY r.r_id ASC, rv.rv_id ASC", [req.session.u],function(e,r) { |
| 526 | if(e) return cb(e); | 528 | if(e) return cb(e); |
| 527 | var rv = {}; | 529 | var rv = {}; |
| 528 | r.rows.forEach(function(r) { | 530 | r.rows.forEach(function(r) { |
| 529 | if(!rv[r.r_ref]) rv[r.r_ref] = { | 531 | if(!rv[r.r_ref]) rv[r.r_ref] = { |
| 530 | data: r.r_data, version: r.r_version, | 532 | data: r.r_data, version: r.r_version, |
| 531 | creationDate: r.r_ctime.toString(), | 533 | creationDate: r.r_ctime.toString(), |
| 532 | updateDate: r.r_mtime.toString(), | 534 | updateDate: r.r_mtime.toString(), |
| 533 | accessDate: r.r_atime.toString(), | 535 | accessDate: r.r_atime.toString(), |
| 534 | versions: {} | 536 | versions: {} |
| 535 | }; | 537 | }; |
| 536 | if(!r.rv_id) return; | 538 | if(!r.rv_id) return; |
| 537 | rv[r.r_ref].versions[rv[r.r_ref].currentVersion=r.rv_ref] = { | 539 | rv[r.r_ref].versions[rv[r.r_ref].currentVersion=r.rv_ref] = { |
| 538 | header: r.rv_header, data: r.rv_data, version: r.rv_version, | 540 | header: r.rv_header, data: r.rv_data, version: r.rv_version, |
| 539 | creationDate: r.rv_ctime.toString(), | 541 | creationDate: r.rv_ctime.toString(), |
| 540 | updateDate: r.rv_mtime.toString(), | 542 | updateDate: r.rv_mtime.toString(), |
| 541 | accessDate: r.rv_atime.toString() | 543 | accessDate: r.rv_atime.toString() |
| 542 | }; | 544 | }; |
| 543 | }); | 545 | }); |
| 544 | cb(null,rv); | 546 | cb(null,rv); |
| 545 | }); | 547 | }); |
| 546 | }, | 548 | }, |
| 547 | html: function(cb) { | 549 | html: function(cb) { |
| 548 | FS.readFile(CONFIG.dump_template,{encoding:'utf-8'},cb); | 550 | FS.readFile(CONFIG.dump_template,{encoding:'utf-8'},cb); |
| 549 | } | 551 | } |
| 550 | },function(e,r) { | 552 | },function(e,r) { |
| 551 | if(e) return cb(e); | 553 | if(e) return cb(e); |
| 552 | var d = new Date(); | 554 | var d = new Date(); |
| 553 | res.attachment('Clipperz_'+d.getFullYear()+'_'+(d.getMonth()+1)+'_'+d.getDate()+'.html'); | 555 | res.attachment('Clipperz_'+d.getFullYear()+'_'+(d.getMonth()+1)+'_'+d.getDate()+'.html'); |
| 554 | var ojs = { users: { | 556 | var ojs = { users: { |
| 555 | catchAllUser: { __masterkey_test_value__: 'masterkey', s: n123, v: n123 } | 557 | catchAllUser: { __masterkey_test_value__: 'masterkey', s: n123, v: n123 } |
| 556 | } }; | 558 | } }; |
| 557 | r.u.d.records = r.records; | 559 | r.u.d.records = r.records; |
| 558 | ojs.users[r.u.u] = r.u.d; | 560 | ojs.users[r.u.u] = r.u.d; |
| 559 | res.send(r.html.replace('/*offline_data_placeholder*/', | 561 | res.send(r.html.replace('/*offline_data_placeholder*/', |
| 560 | "_clipperz_dump_data_="+JSON.stringify(ojs) | 562 | "_clipperz_dump_data_="+JSON.stringify(ojs) |
| 561 | +";" | 563 | +";" |
| 562 | +"Clipperz.PM.Proxy.defaultProxy = new Clipperz.PM.Proxy.Offline();" | 564 | +"Clipperz.PM.Proxy.defaultProxy = new Clipperz.PM.Proxy.Offline();" |
| 563 | +"Clipperz.Crypto.PRNG.defaultRandomGenerator().fastEntropyAccumulationForTestingPurpose();")); | 565 | +"Clipperz.Crypto.PRNG.defaultRandomGenerator().fastEntropyAccumulationForTestingPurpose();")); |
| 564 | }); | 566 | }); |
| 565 | } | 567 | } |
| 566 | 568 | ||
| 567 | }; | 569 | }; |
| 568 | rv.__defineGetter__('session_store',function(){ return function(o) { return new (clipperz_store(PG))(o) } }); | 570 | rv.__defineGetter__('session_store',function(){ return function(o) { return new (clipperz_store(PG))(o) } }); |
| 569 | 571 | ||
| 570 | return rv; | 572 | return rv; |
| 571 | 573 | ||
| 572 | }; | 574 | }; |
diff --git a/backend/node/src/clipperz.schema.sql b/backend/node/src/clipperz.schema.sql index 1c2305c..591828a 100644 --- a/backend/node/src/clipperz.schema.sql +++ b/backend/node/src/clipperz.schema.sql | |||
| @@ -1,67 +1,67 @@ | |||
| 1 | CREATE SCHEMA clipperz; | 1 | CREATE SCHEMA clipperz; |
| 2 | 2 | ||
| 3 | CREATE TABLE clipperz.theuser ( | 3 | CREATE TABLE clipperz.theuser ( |
| 4 | u_id serial PRIMARY KEY, | 4 | u_id serial PRIMARY KEY, |
| 5 | u_name varchar NOT NULL UNIQUE, | 5 | u_name varchar NOT NULL UNIQUE, |
| 6 | u_srp_s varchar NOT NULL, | 6 | u_srp_s varchar NOT NULL, |
| 7 | u_srp_v varchar NOT NULL, | 7 | u_srp_v varchar NOT NULL, |
| 8 | u_header json NOT NULL, | 8 | u_header varchar NOT NULL, |
| 9 | u_statistics varchar NOT NULL, | 9 | u_statistics varchar NOT NULL, |
| 10 | u_authversion varchar NOT NULL, | 10 | u_authversion varchar NOT NULL, |
| 11 | u_version varchar NOT NULL, | 11 | u_version varchar NOT NULL, |
| 12 | u_lock varchar NOT NULL | 12 | u_lock varchar NOT NULL |
| 13 | ); | 13 | ); |
| 14 | 14 | ||
| 15 | CREATE TABLE clipperz.therecord ( | 15 | CREATE TABLE clipperz.therecord ( |
| 16 | r_id serial PRIMARY KEY, | 16 | r_id serial PRIMARY KEY, |
| 17 | u_id integer NOT NULL REFERENCES clipperz.theuser(u_id) ON UPDATE CASCADE ON DELETE CASCADE, | 17 | u_id integer NOT NULL REFERENCES clipperz.theuser(u_id) ON UPDATE CASCADE ON DELETE CASCADE, |
| 18 | r_ref varchar NOT NULL UNIQUE, | 18 | r_ref varchar NOT NULL UNIQUE, |
| 19 | r_data varchar NOT NULL, | 19 | r_data varchar NOT NULL, |
| 20 | r_version varchar NOT NULL, | 20 | r_version varchar NOT NULL, |
| 21 | r_ctime timestamp NOT NULL DEFAULT current_timestamp, | 21 | r_ctime timestamp NOT NULL DEFAULT current_timestamp, |
| 22 | r_mtime timestamp NOT NULL DEFAULT current_timestamp, | 22 | r_mtime timestamp NOT NULL DEFAULT current_timestamp, |
| 23 | r_atime timestamp NOT NULL DEFAULT current_timestamp | 23 | r_atime timestamp NOT NULL DEFAULT current_timestamp |
| 24 | ); | 24 | ); |
| 25 | CREATE INDEX therecord_u_id_key ON clipperz.therecord (u_id); | 25 | CREATE INDEX therecord_u_id_key ON clipperz.therecord (u_id); |
| 26 | 26 | ||
| 27 | CREATE TABLE clipperz.therecordversion ( | 27 | CREATE TABLE clipperz.therecordversion ( |
| 28 | rv_id serial PRIMARY KEY, | 28 | rv_id serial PRIMARY KEY, |
| 29 | r_id integer NOT NULL REFERENCES clipperz.therecord (r_id) ON UPDATE CASCADE ON DELETE CASCADE, | 29 | r_id integer NOT NULL REFERENCES clipperz.therecord (r_id) ON UPDATE CASCADE ON DELETE CASCADE, |
| 30 | rv_ref varchar NOT NULL UNIQUE, | 30 | rv_ref varchar NOT NULL UNIQUE, |
| 31 | rv_header varchar, | 31 | rv_header varchar, |
| 32 | rv_data varchar NOT NULL, | 32 | rv_data varchar NOT NULL, |
| 33 | rv_version varchar NOT NULL, | 33 | rv_version varchar NOT NULL, |
| 34 | rv_previous_key varchar NOT NULL, | 34 | rv_previous_key varchar NOT NULL, |
| 35 | rv_previous_id varchar, | 35 | rv_previous_id varchar, |
| 36 | rv_ctime timestamp NOT NULL DEFAULT current_timestamp, | 36 | rv_ctime timestamp NOT NULL DEFAULT current_timestamp, |
| 37 | rv_mtime timestamp NOT NULL DEFAULT current_timestamp, | 37 | rv_mtime timestamp NOT NULL DEFAULT current_timestamp, |
| 38 | rv_atime timestamp NOT NULL DEFAULT current_timestamp | 38 | rv_atime timestamp NOT NULL DEFAULT current_timestamp |
| 39 | ); | 39 | ); |
| 40 | 40 | ||
| 41 | CREATE TABLE clipperz.otpstatus ( | 41 | CREATE TABLE clipperz.otpstatus ( |
| 42 | otps_id serial PRIMARY KEY, | 42 | otps_id serial PRIMARY KEY, |
| 43 | otps_code varchar NOT NULL, | 43 | otps_code varchar NOT NULL, |
| 44 | otps_name varchar NOT NULL, | 44 | otps_name varchar NOT NULL, |
| 45 | otps_desc varchar NOT NULL | 45 | otps_desc varchar NOT NULL |
| 46 | ); | 46 | ); |
| 47 | 47 | ||
| 48 | CREATE TABLE clipperz.theotp ( | 48 | CREATE TABLE clipperz.theotp ( |
| 49 | otp_id serial PRIMARY KEY, | 49 | otp_id serial PRIMARY KEY, |
| 50 | u_id integer REFERENCES clipperz.theuser (u_id) ON UPDATE CASCADE ON DELETE CASCADE, | 50 | u_id integer REFERENCES clipperz.theuser (u_id) ON UPDATE CASCADE ON DELETE CASCADE, |
| 51 | otps_id integer REFERENCES clipperz.otpstatus (otps_id) ON UPDATE CASCADE ON DELETE CASCADE, | 51 | otps_id integer REFERENCES clipperz.otpstatus (otps_id) ON UPDATE CASCADE ON DELETE CASCADE, |
| 52 | otp_ref varchar NOT NULL UNIQUE, | 52 | otp_ref varchar NOT NULL UNIQUE, |
| 53 | otp_key varchar NOT NULL UNIQUE, | 53 | otp_key varchar NOT NULL UNIQUE, |
| 54 | otp_key_checksum varchar NOT NULL, | 54 | otp_key_checksum varchar NOT NULL, |
| 55 | otp_data varchar NOT NULL, | 55 | otp_data varchar NOT NULL, |
| 56 | otp_version varchar NOT NULL, | 56 | otp_version varchar NOT NULL, |
| 57 | otp_ctime timestamp NOT NULL DEFAULT current_timestamp, | 57 | otp_ctime timestamp NOT NULL DEFAULT current_timestamp, |
| 58 | otp_rtime timestamp NOT NULL DEFAULT current_timestamp, | 58 | otp_rtime timestamp NOT NULL DEFAULT current_timestamp, |
| 59 | otp_utime timestamp NOT NULL DEFAULT current_timestamp | 59 | otp_utime timestamp NOT NULL DEFAULT current_timestamp |
| 60 | ); | 60 | ); |
| 61 | 61 | ||
| 62 | CREATE TABLE clipperz.thesession ( | 62 | CREATE TABLE clipperz.thesession ( |
| 63 | s_id varchar PRIMARY KEY, | 63 | s_id varchar PRIMARY KEY, |
| 64 | s_data json, | 64 | s_data varchar, |
| 65 | s_ctime timestamp DEFAULT current_timestamp, | 65 | s_ctime timestamp DEFAULT current_timestamp, |
| 66 | s_mtime timestamp DEFAULT current_timestamp | 66 | s_mtime timestamp DEFAULT current_timestamp |
| 67 | ); | 67 | ); |