-rw-r--r-- | backend/node/src/clipperz.js | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js index b8b4d3e..04b054a 100644 --- a/backend/node/src/clipperz.js +++ b/backend/node/src/clipperz.js | |||
@@ -1,174 +1,175 @@ | |||
1 | var FS = require('fs'); | 1 | var FS = require('fs'); |
2 | var CRYPTO = require('crypto'); | 2 | var CRYPTO = require('crypto'); |
3 | var BIGNUM = require('bignum'); | 3 | var BIGNUM = require('bignum'); |
4 | var ASYNC = require('async'); | 4 | var ASYNC = require('async'); |
5 | 5 | ||
6 | var express_store = require('express').session.Store; | 6 | var express_store = require('express').session.Store; |
7 | 7 | ||
8 | function clipperz_hash(v) { | 8 | function clipperz_hash(v) { |
9 | return CRYPTO.createHash('sha256').update( | 9 | return CRYPTO.createHash('sha256').update( |
10 | CRYPTO.createHash('sha256').update(v).digest('binary') | 10 | CRYPTO.createHash('sha256').update(v).digest('binary') |
11 | ).digest('hex'); | 11 | ).digest('hex'); |
12 | }; | 12 | }; |
13 | function clipperz_random() { | 13 | function clipperz_random() { |
14 | for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16)); | 14 | for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16)); |
15 | return r.substr(0,64); | 15 | return r.substr(0,64); |
16 | }; | 16 | }; |
17 | function clipperz_store(PG) { | 17 | function clipperz_store(PG) { |
18 | var rv = function(o) { express_store.call(this,o); } | 18 | var rv = function(o) { express_store.call(this,o); } |
19 | rv.prototype.get = function(sid,cb) { PG.Q( | 19 | rv.prototype.get = function(sid,cb) { PG.Q( |
20 | "SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid], | 20 | "SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid], |
21 | function(e,r) { cb(e,(e||!r.rowCount)?null:JSON.parse(r.rows[0].s_data)); } | 21 | function(e,r) { cb(e,(e||!r.rowCount)?null:JSON.parse(r.rows[0].s_data)); } |
22 | ) }; | 22 | ) }; |
23 | rv.prototype.set = function(sid,data,cb) { | 23 | rv.prototype.set = function(sid,data,cb) { |
24 | var d = JSON.stringify(data); | 24 | var d = JSON.stringify(data); |
25 | PG.Q( | 25 | PG.Q( |
26 | "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp" | 26 | "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp" |
27 | +" WHERE s_id=$2",[d,sid], function(e,r) { | 27 | +" WHERE s_id=$2",[d,sid], function(e,r) { |
28 | if(e) return cb(e); | 28 | if(e) return cb(e); |
29 | if(r.rowCount) return cb(); | 29 | if(r.rowCount) return cb(); |
30 | PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,d],cb); | 30 | PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,d],cb); |
31 | }); | 31 | }); |
32 | }; | 32 | }; |
33 | rv.prototype.destroy = function(sid,cb) { PG.Q( | 33 | rv.prototype.destroy = function(sid,cb) { PG.Q( |
34 | "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb | 34 | "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb |
35 | ) }; | 35 | ) }; |
36 | rv.prototype.length = function(cb) { PG.Q( | 36 | rv.prototype.length = function(cb) { PG.Q( |
37 | "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) { | 37 | "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) { |
38 | cb(e,e?null:r.rows[0].c); | 38 | cb(e,e?null:r.rows[0].c); |
39 | } | 39 | } |
40 | ) }; | 40 | ) }; |
41 | rv.prototype.length = function(cb) { PQ.Q( | 41 | rv.prototype.length = function(cb) { PQ.Q( |
42 | "DELETE FROM clipperz.thesession", cb | 42 | "DELETE FROM clipperz.thesession", cb |
43 | ) }; | 43 | ) }; |
44 | rv.prototype.__proto__ = express_store.prototype; | 44 | rv.prototype.__proto__ = express_store.prototype; |
45 | return rv; | 45 | return rv; |
46 | } | 46 | } |
47 | 47 | ||
48 | var srp_g = BIGNUM(2); | 48 | var srp_g = BIGNUM(2); |
49 | var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16); | 49 | var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16); |
50 | var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'; | 50 | var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00'; |
51 | 51 | ||
52 | 52 | ||
53 | var CLIPPERZ = module.exports = function(CONFIG) { | 53 | var CLIPPERZ = module.exports = function(CONFIG) { |
54 | 54 | ||
55 | var LOGGER = CONFIG.logger||{trace:function(){}}; | 55 | var LOGGER = CONFIG.logger||{trace:function(){}}; |
56 | 56 | ||
57 | var PG = { | 57 | var PG = { |
58 | url: CONFIG.psql, | 58 | url: CONFIG.psql, |
59 | PG: require('pg').native, | 59 | PG: require('pg').native, |
60 | Q: function(q,a,cb) { | 60 | Q: function(q,a,cb) { |
61 | if('function'===typeof a) cb=a,a=[]; | 61 | if('function'===typeof a) cb=a,a=[]; |
62 | LOGGER.trace({query:q,args:a},'SQL: %s',q); | 62 | LOGGER.trace({query:q,args:a},'SQL: %s',q); |
63 | PG.PG.connect(PG.url,function(e,C,D) { | 63 | PG.PG.connect(PG.url,function(e,C,D) { |
64 | if(e) return cb(e); | 64 | if(e) return cb(e); |
65 | var t0=new Date(); | 65 | var t0=new Date(); |
66 | C.query(q,a,function(e,r) { | 66 | C.query(q,a,function(e,r) { |
67 | var t1=new Date(), dt=t1-t0; | 67 | var t1=new Date(), dt=t1-t0; |
68 | D(); | 68 | D(); |
69 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); | 69 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); |
70 | cb(e,r); | 70 | cb(e,r); |
71 | }); | 71 | }); |
72 | }); | 72 | }); |
73 | }, | 73 | }, |
74 | T: function(cb) { | 74 | T: function(cb) { |
75 | PG.PG.connect(PG.url,function(e,C,D) { | 75 | PG.PG.connect(PG.url,function(e,C,D) { |
76 | if(e) return cb(e); | 76 | if(e) return cb(e); |
77 | C.query('BEGIN',function(e){ | 77 | C.query('BEGIN',function(e){ |
78 | if(e) return D(),cb(e); | 78 | if(e) return D(),cb(e); |
79 | LOGGER.trace('SQL: transaction begun'); | ||
79 | cb(null,{ | 80 | cb(null,{ |
80 | Q: function(q,a,cb) { | 81 | Q: function(q,a,cb) { |
81 | LOGGER.trace({query:q,args:a},'SQL: %s',q); | 82 | LOGGER.trace({query:q,args:a},'SQL: %s',q); |
82 | if(this.over) return cb(new Error('game over')); | 83 | if(this.over) return cb(new Error('game over')); |
83 | if('function'===typeof a) cb=a,a=[]; | 84 | if('function'===typeof a) cb=a,a=[]; |
84 | var t0=new Date(); | 85 | var t0=new Date(); |
85 | C.query(q,a,function(e,r) { | 86 | C.query(q,a,function(e,r) { |
86 | var t1=new Date(), dt=t1-t0; | 87 | var t1=new Date(), dt=t1-t0; |
87 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); | 88 | LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt); |
88 | cb(e,r); | 89 | cb(e,r); |
89 | }); | 90 | }); |
90 | }, | 91 | }, |
91 | commit: function(cb) { | 92 | commit: function(cb) { |
92 | LOGGER.trace('SQL: commit'); | 93 | LOGGER.trace('SQL: commit'); |
93 | if(this.over) return cb(new Error('game over')); | 94 | if(this.over) return cb(new Error('game over')); |
94 | return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)}); | 95 | return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)}); |
95 | }, | 96 | }, |
96 | rollback: function(cb) { | 97 | rollback: function(cb) { |
97 | LOGGER.trace('SQL: rollback'); | 98 | LOGGER.trace('SQL: rollback'); |
98 | if(this.over) return cb(new Error('game over')); | 99 | if(this.over) return cb(new Error('game over')); |
99 | return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)}); | 100 | return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)}); |
100 | }, | 101 | }, |
101 | end: function(e,cb) { | 102 | end: function(e,cb) { |
102 | if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb); | 103 | if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb); |
103 | this.commit(cb); | 104 | this.commit(cb); |
104 | } | 105 | } |
105 | }); | 106 | }); |
106 | }); | 107 | }); |
107 | }); | 108 | }); |
108 | } | 109 | } |
109 | }; | 110 | }; |
110 | 111 | ||
111 | 112 | ||
112 | var rv = { | 113 | var rv = { |
113 | 114 | ||
114 | json: function clipperz_json(req,res,cb) { | 115 | json: function clipperz_json(req,res,cb) { |
115 | var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters; | 116 | var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters; |
116 | var message = pp.message; | 117 | var message = pp.message; |
117 | var ppp = pp.parameters; | 118 | var ppp = pp.parameters; |
118 | res.res = function(o) { return res.json({result:o}) }; | 119 | res.res = function(o) { return res.json({result:o}) }; |
119 | LOGGER.trace({method:method,parameters:pp},"JSON request"); | 120 | LOGGER.trace({method:method,parameters:pp},"JSON request"); |
120 | 121 | ||
121 | switch(method) { | 122 | switch(method) { |
122 | case 'registration': | 123 | case 'registration': |
123 | switch(message) { | 124 | switch(message) { |
124 | case 'completeRegistration': return PG.Q( | 125 | case 'completeRegistration': return PG.Q( |
125 | "INSERT INTO clipperz.theuser" | 126 | "INSERT INTO clipperz.theuser" |
126 | +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)" | 127 | +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)" |
127 | +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)", | 128 | +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)", |
128 | [pp.credentials.C, pp.credentials.s, pp.credentials.v, | 129 | [pp.credentials.C, pp.credentials.s, pp.credentials.v, |
129 | pp.credentials.version,pp.user.header, pp.user.statistics, | 130 | pp.credentials.version,pp.user.header, pp.user.statistics, |
130 | pp.user.version, pp.user.lock], function(e,r) { | 131 | pp.user.version, pp.user.lock], function(e,r) { |
131 | if(e) return cb(e); | 132 | if(e) return cb(e); |
132 | res.res({lock:pp.user.lock,result:'done'}); | 133 | res.res({lock:pp.user.lock,result:'done'}); |
133 | }); | 134 | }); |
134 | } | 135 | } |
135 | break; | 136 | break; |
136 | 137 | ||
137 | case 'handshake': | 138 | case 'handshake': |
138 | switch(message) { | 139 | switch(message) { |
139 | case 'connect': return ASYNC.auto({ | 140 | case 'connect': return ASYNC.auto({ |
140 | u: function(cb) { PG.Q( | 141 | u: function(cb) { PG.Q( |
141 | "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1", | 142 | "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1", |
142 | [ppp.C], function(e,r) { | 143 | [ppp.C], function(e,r) { |
143 | if(e) return cb(e); | 144 | if(e) return cb(e); |
144 | if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123}); | 145 | if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123}); |
145 | cb(null,r.rows[0]); | 146 | cb(null,r.rows[0]); |
146 | }) }, | 147 | }) }, |
147 | otp: ['u',function(cb,r) { | 148 | otp: ['u',function(cb,r) { |
148 | if(!req.session.otp) return cb(); | 149 | if(!req.session.otp) return cb(); |
149 | if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch')); | 150 | if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch')); |
150 | PG.Q( | 151 | PG.Q( |
151 | "UPDATE clipperz.theotp AS otp" | 152 | "UPDATE clipperz.theotp AS otp" |
152 | +" SET" | 153 | +" SET" |
153 | +" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN (" | 154 | +" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN (" |
154 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'" | 155 | +" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'" |
155 | +" ) ELSE otp.otps_id END," | 156 | +" ) ELSE otp.otps_id END," |
156 | +" otp_utime=current_timestamp" | 157 | +" otp_utime=current_timestamp" |
157 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" | 158 | +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o" |
158 | +" WHERE" | 159 | +" WHERE" |
159 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id" | 160 | +" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id" |
160 | +" AND otp.otp_id=$1 AND otp.u_id=$2" | 161 | +" AND otp.otp_id=$1 AND otp.u_id=$2" |
161 | +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref", | 162 | +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref", |
162 | [ req.session.otp, req.session.u ], | 163 | [ req.session.otp, req.session.u ], |
163 | function(e,r) { | 164 | function(e,r) { |
164 | if(e) return cb(e); | 165 | if(e) return cb(e); |
165 | if(!r.rowCount) return cb(new Error('no OTP found')); | 166 | if(!r.rowCount) return cb(new Error('no OTP found')); |
166 | r=r.rows[0]; | 167 | r=r.rows[0]; |
167 | if(!r.yes) return cb(new Error('OTP is in a sorry state')); | 168 | if(!r.yes) return cb(new Error('OTP is in a sorry state')); |
168 | cb(null,{ref:r.otp_ref}); | 169 | cb(null,{ref:r.otp_ref}); |
169 | }); | 170 | }); |
170 | }] | 171 | }] |
171 | },function(e,r) { | 172 | },function(e,r) { |
172 | if(e) return cb(e); | 173 | if(e) return cb(e); |
173 | req.session.C = ppp.C; req.session.A = ppp.A; | 174 | req.session.C = ppp.C; req.session.A = ppp.A; |
174 | req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v; | 175 | req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v; |