summaryrefslogtreecommitdiff
path: root/backend
authorMichael Krelin <hacker@klever.net>2013-11-25 19:04:15 (UTC)
committer Michael Krelin <hacker@klever.net>2013-11-25 19:04:15 (UTC)
commit8718e9094c37bde8205fd1fe3c42b4bf590486ab (patch) (unidiff)
tree7e32d19a483964dc153d767cc9bbefab521deeea /backend
parent706ed5b980c48ad807923d36741f19b21f2911a6 (diff)
downloadclipperz-8718e9094c37bde8205fd1fe3c42b4bf590486ab.zip
clipperz-8718e9094c37bde8205fd1fe3c42b4bf590486ab.tar.gz
clipperz-8718e9094c37bde8205fd1fe3c42b4bf590486ab.tar.bz2
retrieve header as a string to avoid restringification
Diffstat (limited to 'backend') (more/less context) (ignore whitespace changes)
-rw-r--r--backend/node/src/clipperz.js8
1 files changed, 4 insertions, 4 deletions
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js
index c6d776a..eebd5bf 100644
--- a/backend/node/src/clipperz.js
+++ b/backend/node/src/clipperz.js
@@ -150,113 +150,113 @@ var CLIPPERZ = module.exports = function(CONFIG) {
150 case 'credentialCheck': 150 case 'credentialCheck':
151 var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10)); 151 var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10));
152 var A = BIGNUM(req.session.A,16); 152 var A = BIGNUM(req.session.A,16);
153 var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm( 153 var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(
154 BIGNUM(req.session.b,16), srp_n); 154 BIGNUM(req.session.b,16), srp_n);
155 var K = clipperz_hash(S.toString(10)); 155 var K = clipperz_hash(S.toString(10));
156 var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16)); 156 var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16));
157 if(M1!=ppp.M1) return res.res({error:'?'}); 157 if(M1!=ppp.M1) return res.res({error:'?'});
158 req.session.K = K; 158 req.session.K = K;
159 var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16)); 159 var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16));
160 return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'}); 160 return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'});
161 161
162 case 'oneTimePassword': return PG.Q( 162 case 'oneTimePassword': return PG.Q(
163 "UPDATE clipperz.theotp AS otp" 163 "UPDATE clipperz.theotp AS otp"
164 +" SET" 164 +" SET"
165 +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE (" 165 +" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE ("
166 +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE" 166 +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE"
167 +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'" 167 +" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'"
168 +" ELSE 'DISABLED' END" 168 +" ELSE 'DISABLED' END"
169 +" ) END," 169 +" ) END,"
170 +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END," 170 +" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END,"
171 +" otp_utime = current_timestamp," 171 +" otp_utime = current_timestamp,"
172 +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END" 172 +" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END"
173 +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" 173 +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
174 +" WHERE" 174 +" WHERE"
175 +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1" 175 +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1"
176 +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version", 176 +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version",
177 [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ], 177 [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ],
178 function(e,r) { 178 function(e,r) {
179 if(e) return cb(e); 179 if(e) return cb(e);
180 if(!r.rowCount) return cb(new Error('OTP not found')); 180 if(!r.rowCount) return cb(new Error('OTP not found'));
181 r=r.rows[0]; 181 r=r.rows[0];
182 if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum) 182 if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum)
183 return cb(new Error('OTP was disabled because of checksum mismatch')); 183 return cb(new Error('OTP was disabled because of checksum mismatch'));
184 if(r.otps_code!='ACTIVE') 184 if(r.otps_code!='ACTIVE')
185 return cb(new Error("OTP wasn't active, sorry")); 185 return cb(new Error("OTP wasn't active, sorry"));
186 req.session.u=r.u_id; req.session.otp=r.otp_id; 186 req.session.u=r.u_id; req.session.otp=r.otp_id;
187 res.res({data:r.otp_data,version:r.otp_version}); 187 res.res({data:r.otp_data,version:r.otp_version});
188 }); 188 });
189 } 189 }
190 break; 190 break;
191 191
192 case 'message': 192 case 'message':
193 if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"}); 193 if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"});
194 if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'}); 194 if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'});
195 switch(message) { 195 switch(message) {
196 case 'getUserDetails': return ASYNC.parallel({ 196 case 'getUserDetails': return ASYNC.parallel({
197 u: function(cb) { 197 u: function(cb) {
198 PG.Q("SELECT u_header,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1", 198 PG.Q("SELECT u_header::varchar,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1",
199 [req.session.u],function(e,r) { 199 [req.session.u],function(e,r) {
200 if(e) return cb(e); 200 if(e) return cb(e);
201 if(!r.rowCount) return cb(new Error("user's gone AWOL")); 201 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
202 cb(null,r.rows[0]); 202 cb(null,r.rows[0]);
203 }); 203 });
204 }, 204 },
205 stats: function(cb) { 205 stats: function(cb) {
206 PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1", 206 PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1",
207 [req.session.u],function(e,r) { 207 [req.session.u],function(e,r) {
208 if(e) return cb(e); 208 if(e) return cb(e);
209 cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{})); 209 cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{}));
210 }); 210 });
211 } 211 }
212 },function(e,r) { 212 },function(e,r) {
213 if(e) return cb(e); 213 if(e) return cb(e);
214 res.res({header:JSON.stringify(r.u.u_header),statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats}); 214 res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats});
215 }); 215 });
216 216
217 case 'saveChanges': return PG.T(function(e,T) { 217 case 'saveChanges': return PG.T(function(e,T) {
218 if(e) return cb(e); 218 if(e) return cb(e);
219 ASYNC.auto({ 219 ASYNC.auto({
220 user: function(cb) { 220 user: function(cb) {
221 T.Q( 221 T.Q(
222 "UPDATE clipperz.theuser" 222 "UPDATE clipperz.theuser"
223 +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)" 223 +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)"
224 +" WHERE u_id=$5" 224 +" WHERE u_id=$5"
225 +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u], 225 +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u],
226 function(e,r) { 226 function(e,r) {
227 if(e) return cb(e); 227 if(e) return cb(e);
228 if(!r.rowCount) return cb(new Error("user's gone AWOL")); 228 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
229 cb(null,r.rows[0]); 229 cb(null,r.rows[0]);
230 }); 230 });
231 }, 231 },
232 updaterecords: function(cb) { 232 updaterecords: function(cb) {
233 if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb(); 233 if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb();
234 ASYNC.each(ppp.records.updated,function(r,cb) { 234 ASYNC.each(ppp.records.updated,function(r,cb) {
235 ASYNC.auto({ 235 ASYNC.auto({
236 updater: function(cb) { 236 updater: function(cb) {
237 T.Q( 237 T.Q(
238 "UPDATE clipperz.therecord" 238 "UPDATE clipperz.therecord"
239 +" SET r_data=$2, r_version=$3, r_mtime=current_timestamp" 239 +" SET r_data=$2, r_version=$3, r_mtime=current_timestamp"
240 +" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id", 240 +" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id",
241 [r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) { 241 [r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) {
242 if(e) return cb(e); 242 if(e) return cb(e);
243 return cb(null,r.rows.length?r.rows[0]:null); 243 return cb(null,r.rows.length?r.rows[0]:null);
244 }); 244 });
245 }, 245 },
246 insertr: ['updater',function(cb,rr) { 246 insertr: ['updater',function(cb,rr) {
247 if(rr.updater) return cb(); 247 if(rr.updater) return cb();
248 T.Q( 248 T.Q(
249 "INSERT INTO clipperz.therecord" 249 "INSERT INTO clipperz.therecord"
250 +" (u_id,r_ref,r_data,r_version)" 250 +" (u_id,r_ref,r_data,r_version)"
251 +" VALUES ($1,$2,$3,$4) RETURNING r_id",[req.session.u,r.record.reference,r.record.data,r.record.version], 251 +" VALUES ($1,$2,$3,$4) RETURNING r_id",[req.session.u,r.record.reference,r.record.data,r.record.version],
252 function(e,r) { 252 function(e,r) {
253 if(e) return cb(e); 253 if(e) return cb(e);
254 return cb(null,r.rows[0]); 254 return cb(null,r.rows[0]);
255 }); 255 });
256 }], 256 }],
257 updatev: ['updater','insertr',function(cb,rr) { 257 updatev: ['updater','insertr',function(cb,rr) {
258 var crv=r.currentRecordVersion; 258 var crv=r.currentRecordVersion;
259 T.Q( 259 T.Q(
260 "UPDATE clipperz.therecordversion" 260 "UPDATE clipperz.therecordversion"
261 +" SET rv_ref=$1, rv_data=$2, rv_version=$3," 261 +" SET rv_ref=$1, rv_data=$2, rv_version=$3,"
262 +" rv_previous_id=COALESCE($4,rv_previous_id)," 262 +" rv_previous_id=COALESCE($4,rv_previous_id),"
@@ -426,103 +426,103 @@ var CLIPPERZ = module.exports = function(CONFIG) {
426 cb(e,r.rows[0]); 426 cb(e,r.rows[0]);
427 }); 427 });
428 }, 428 },
429 otp: function(cb) { 429 otp: function(cb) {
430 var otps=ppp.oneTimePasswords; 430 var otps=ppp.oneTimePasswords;
431 if(!otps) return cb(); 431 if(!otps) return cb();
432 ASYNC.each(Object.keys(otps),function(r,cb) { 432 ASYNC.each(Object.keys(otps),function(r,cb) {
433 T.Q( 433 T.Q(
434 "UPDATE clipperz.theotp" 434 "UPDATE clipperz.theotp"
435 +" SET otp_data=$1, otp_utime=current_timestamp WHERE otp_ref=$2 AND u_id=$3", 435 +" SET otp_data=$1, otp_utime=current_timestamp WHERE otp_ref=$2 AND u_id=$3",
436 [ otps[r], r, req.session.u ], function(e,r) { 436 [ otps[r], r, req.session.u ], function(e,r) {
437 if(e) return cb(e); 437 if(e) return cb(e);
438 if(!r.rowCount) return cb(new Error("OTP's gone AWOL")); 438 if(!r.rowCount) return cb(new Error("OTP's gone AWOL"));
439 cb(); 439 cb();
440 }); 440 });
441 },cb); 441 },cb);
442 } 442 }
443 },function(e,r) { 443 },function(e,r) {
444 T.end(e, function(e) { 444 T.end(e, function(e) {
445 if(e) return cb(e); 445 if(e) return cb(e);
446 res.res({result:'done',lock:r.user.u_lock}); 446 res.res({result:'done',lock:r.user.u_lock});
447 }); 447 });
448 }); 448 });
449 }); 449 });
450 450
451 case 'deleteUser': return PG.Q( 451 case 'deleteUser': return PG.Q(
452 "DELETE FROM clipperz.theuser WHERE u_id=$1", 452 "DELETE FROM clipperz.theuser WHERE u_id=$1",
453 [req.session.u],function(e,r) { 453 [req.session.u],function(e,r) {
454 if(e) return cb(e); 454 if(e) return cb(e);
455 res.res({result:'ok'}); 455 res.res({result:'ok'});
456 }); 456 });
457 457
458 case 'echo': return res.res({result:ppp}); 458 case 'echo': return res.res({result:ppp});
459 case 'getOneTimePasswordsDetails': return res.res({}); 459 case 'getOneTimePasswordsDetails': return res.res({});
460 case 'getLoginHistory': return res.res({result:[]}); 460 case 'getLoginHistory': return res.res({result:[]});
461 } 461 }
462 break; 462 break;
463 case 'logout': return req.session.destroy(function(e){res.res({})}); 463 case 'logout': return req.session.destroy(function(e){res.res({})});
464 } 464 }
465 cb(); 465 cb();
466 }, 466 },
467 467
468 dump: function(req,res,cb) { 468 dump: function(req,res,cb) {
469 if(!req.session.u) return cb(new Error('logging in helps')); 469 if(!req.session.u) return cb(new Error('logging in helps'));
470 return ASYNC.parallel({ 470 return ASYNC.parallel({
471 u: function(cb) { 471 u: function(cb) {
472 PG.Q( 472 PG.Q(
473 "SELECT" 473 "SELECT"
474 +" u_name, u_srp_s, u_srp_v, u_authversion, u_header, u_statistics, u_version" 474 +" u_name, u_srp_s, u_srp_v, u_authversion, u_header::varchar, u_statistics, u_version"
475 +" FROM clipperz.theuser WHERE u_id=$1",[req.session.u],function(e,r) { 475 +" FROM clipperz.theuser WHERE u_id=$1",[req.session.u],function(e,r) {
476 if(e) return cb(e); 476 if(e) return cb(e);
477 if(!r.rowCount) return cb(new Error("user's gone AWOL")); 477 if(!r.rowCount) return cb(new Error("user's gone AWOL"));
478 r = r.rows[0]; 478 r = r.rows[0];
479 return cb(null,{u:r.u_name,d:{s:r.u_srp_s,v:r.u_srp_v, version:r.u_authversion, 479 return cb(null,{u:r.u_name,d:{s:r.u_srp_s,v:r.u_srp_v, version:r.u_authversion,
480 maxNumberOfRecords: '100', userDetails: JSON.stringify(r.u_header), 480 maxNumberOfRecords: '100', userDetails: r.u_header,
481 statistics: r.u_statistics, userDetailsVersion: r.u_version 481 statistics: r.u_statistics, userDetailsVersion: r.u_version
482 }}); 482 }});
483 }); 483 });
484 }, 484 },
485 records: function(cb) { 485 records: function(cb) {
486 PG.Q( 486 PG.Q(
487 "SELECT" 487 "SELECT"
488 +" r.r_id, r.r_ref, r_data, r_version, r_ctime, r_mtime, r_atime," 488 +" r.r_id, r.r_ref, r_data, r_version, r_ctime, r_mtime, r_atime,"
489 +" rv.rv_id, rv.rv_ref AS rv_ref, rv_header, rv_data, rv_version, rv_ctime, rv_mtime, rv_atime" 489 +" rv.rv_id, rv.rv_ref AS rv_ref, rv_header, rv_data, rv_version, rv_ctime, rv_mtime, rv_atime"
490 +" FROM" 490 +" FROM"
491 +" clipperz.therecord AS r" 491 +" clipperz.therecord AS r"
492 +" LEFT JOIN clipperz.therecordversion AS rv USING (r_id)" 492 +" LEFT JOIN clipperz.therecordversion AS rv USING (r_id)"
493 +" WHERE r.u_id=$1" 493 +" WHERE r.u_id=$1"
494 +" ORDER BY r.r_id ASC, rv.rv_id ASC", [req.session.u],function(e,r) { 494 +" ORDER BY r.r_id ASC, rv.rv_id ASC", [req.session.u],function(e,r) {
495 if(e) return cb(e); 495 if(e) return cb(e);
496 var rv = {}; 496 var rv = {};
497 r.rows.forEach(function(r) { 497 r.rows.forEach(function(r) {
498 if(!rv[r.r_ref]) rv[r.r_ref] = { 498 if(!rv[r.r_ref]) rv[r.r_ref] = {
499 data: r.r_data, version: r.r_version, 499 data: r.r_data, version: r.r_version,
500 creationDate: r.r_ctime.toString(), 500 creationDate: r.r_ctime.toString(),
501 updateDate: r.r_mtime.toString(), 501 updateDate: r.r_mtime.toString(),
502 accessDate: r.r_atime.toString(), 502 accessDate: r.r_atime.toString(),
503 versions: {} 503 versions: {}
504 }; 504 };
505 if(!r.rv_id) return; 505 if(!r.rv_id) return;
506 rv[r.r_ref].versions[rv[r.r_ref].currentVersion=r.rv_ref] = { 506 rv[r.r_ref].versions[rv[r.r_ref].currentVersion=r.rv_ref] = {
507 header: r.rv_header, data: r.rv_data, version: r.rv_version, 507 header: r.rv_header, data: r.rv_data, version: r.rv_version,
508 creationDate: r.rv_ctime.toString(), 508 creationDate: r.rv_ctime.toString(),
509 updateDate: r.rv_mtime.toString(), 509 updateDate: r.rv_mtime.toString(),
510 accessDate: r.rv_atime.toString() 510 accessDate: r.rv_atime.toString()
511 }; 511 };
512 }); 512 });
513 cb(null,rv); 513 cb(null,rv);
514 }); 514 });
515 }, 515 },
516 html: function(cb) { 516 html: function(cb) {
517 FS.readFile(CONFIG.dump_template,{encoding:'utf-8'},cb); 517 FS.readFile(CONFIG.dump_template,{encoding:'utf-8'},cb);
518 } 518 }
519 },function(e,r) { 519 },function(e,r) {
520 if(e) return cb(e); 520 if(e) return cb(e);
521 var d = new Date(); 521 var d = new Date();
522 res.attachment('Clipperz_'+d.getFullYear()+'_'+(d.getMonth()+1)+'_'+d.getDate()+'.html'); 522 res.attachment('Clipperz_'+d.getFullYear()+'_'+(d.getMonth()+1)+'_'+d.getDate()+'.html');
523 var ojs = { users: { 523 var ojs = { users: {
524 catchAllUser: { __masterkey_test_value__: 'masterkey', s: n123, v: n123 } 524 catchAllUser: { __masterkey_test_value__: 'masterkey', s: n123, v: n123 }
525 } }; 525 } };
526 r.u.d.records = r.records; 526 r.u.d.records = r.records;
527 ojs.users[r.u.u] = r.u.d; 527 ojs.users[r.u.u] = r.u.d;
528 res.send(r.html.replace('/*offline_data_placeholder*/', 528 res.send(r.html.replace('/*offline_data_placeholder*/',