Merge branch 'master' of github.com:syuilo/misskey into swagger
This commit is contained in:
Tosuke
@ -1,7 +1,8 @@
|
||||
import * as express from 'express';
|
||||
import App from './models/app';
|
||||
import User from './models/user';
|
||||
import Userkey from './models/userkey';
|
||||
import AccessToken from './models/access-token';
|
||||
import isNativeToken from './common/is-native-token';
|
||||
|
||||
export interface IAuthContext {
|
||||
/**
|
||||
@ -20,10 +21,14 @@ export interface IAuthContext {
|
||||
isSecure: boolean;
|
||||
}
|
||||
|
||||
export default (req: express.Request) =>
|
||||
new Promise<IAuthContext>(async (resolve, reject) => {
|
||||
export default (req: express.Request) => new Promise<IAuthContext>(async (resolve, reject) => {
|
||||
const token = req.body['i'];
|
||||
if (token) {
|
||||
|
||||
if (token == null) {
|
||||
return resolve({ app: null, user: null, isSecure: false });
|
||||
}
|
||||
|
||||
if (isNativeToken(token)) {
|
||||
const user = await User
|
||||
.findOne({ token: token });
|
||||
|
||||
@ -36,26 +41,21 @@ export default (req: express.Request) =>
|
||||
user: user,
|
||||
isSecure: true
|
||||
});
|
||||
}
|
||||
|
||||
const userkey = req.headers['userkey'] || req.body['_userkey'];
|
||||
if (userkey) {
|
||||
const userkeyDoc = await Userkey.findOne({
|
||||
key: userkey
|
||||
} else {
|
||||
const accessToken = await AccessToken.findOne({
|
||||
hash: token
|
||||
});
|
||||
|
||||
if (userkeyDoc === null) {
|
||||
return reject('invalid userkey');
|
||||
if (accessToken === null) {
|
||||
return reject('invalid signature');
|
||||
}
|
||||
|
||||
const app = await App
|
||||
.findOne({ _id: userkeyDoc.app_id });
|
||||
.findOne({ _id: accessToken.app_id });
|
||||
|
||||
const user = await User
|
||||
.findOne({ _id: userkeyDoc.user_id });
|
||||
.findOne({ _id: accessToken.user_id });
|
||||
|
||||
return resolve({ app: app, user: user, isSecure: false });
|
||||
}
|
||||
|
||||
return resolve({ app: null, user: null, isSecure: false });
|
||||
});
|
||||
|
||||
1
src/api/common/is-native-token.ts
Normal file
1
src/api/common/is-native-token.ts
Normal file
@ -0,0 +1 @@
|
||||
export default (token: string) => token[0] == '!';
|
||||
@ -4,8 +4,10 @@
|
||||
* Module dependencies
|
||||
*/
|
||||
import rndstr from 'rndstr';
|
||||
const crypto = require('crypto');
|
||||
import App from '../../models/app';
|
||||
import AuthSess from '../../models/auth-session';
|
||||
import Userkey from '../../models/userkey';
|
||||
import AccessToken from '../../models/access-token';
|
||||
|
||||
/**
|
||||
* @swagger
|
||||
@ -41,35 +43,46 @@ module.exports = (params, user) =>
|
||||
new Promise(async (res, rej) =>
|
||||
{
|
||||
// Get 'token' parameter
|
||||
const token = params.token;
|
||||
if (token == null) {
|
||||
const sesstoken = params.token;
|
||||
if (sesstoken == null) {
|
||||
return rej('token is required');
|
||||
}
|
||||
|
||||
// Fetch token
|
||||
const session = await AuthSess
|
||||
.findOne({ token: token });
|
||||
.findOne({ token: sesstoken });
|
||||
|
||||
if (session === null) {
|
||||
return rej('session not found');
|
||||
}
|
||||
|
||||
// Generate userkey
|
||||
const key = rndstr('a-zA-Z0-9', 32);
|
||||
// Generate access token
|
||||
const token = rndstr('a-zA-Z0-9', 32);
|
||||
|
||||
// Fetch exist userkey
|
||||
const exist = await Userkey.findOne({
|
||||
// Fetch exist access token
|
||||
const exist = await AccessToken.findOne({
|
||||
app_id: session.app_id,
|
||||
user_id: user._id,
|
||||
});
|
||||
|
||||
if (exist === null) {
|
||||
// Insert userkey doc
|
||||
await Userkey.insert({
|
||||
// Lookup app
|
||||
const app = await App.findOne({
|
||||
app_id: session.app_id
|
||||
});
|
||||
|
||||
// Generate Hash
|
||||
const sha512 = crypto.createHash('sha512');
|
||||
sha512.update(token + app.secret);
|
||||
const hash = sha512.digest('hex');
|
||||
|
||||
// Insert access token doc
|
||||
await AccessToken.insert({
|
||||
created_at: new Date(),
|
||||
app_id: session.app_id,
|
||||
user_id: user._id,
|
||||
key: key
|
||||
token: token,
|
||||
hash: hash
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
*/
|
||||
import App from '../../../models/app';
|
||||
import AuthSess from '../../../models/auth-session';
|
||||
import Userkey from '../../../models/userkey';
|
||||
import AccessToken from '../../../models/access-token';
|
||||
import serialize from '../../../serializers/user';
|
||||
|
||||
/**
|
||||
@ -89,8 +89,8 @@ module.exports = (params) =>
|
||||
return rej('this session is not allowed yet');
|
||||
}
|
||||
|
||||
// Lookup userkey
|
||||
const userkey = await Userkey.findOne({
|
||||
// Lookup access token
|
||||
const accessToken = await AccessToken.findOne({
|
||||
app_id: app._id,
|
||||
user_id: session.user_id
|
||||
});
|
||||
@ -102,7 +102,7 @@ module.exports = (params) =>
|
||||
|
||||
// Response
|
||||
res({
|
||||
userkey: userkey.key,
|
||||
access_token: accessToken.token,
|
||||
user: await serialize(session.user_id, null, {
|
||||
detail: true
|
||||
})
|
||||
|
||||
@ -19,9 +19,19 @@ module.exports = (params, me) =>
|
||||
new Promise(async (res, rej) =>
|
||||
{
|
||||
// Get 'user_id' parameter
|
||||
const userId = params.user_id;
|
||||
if (userId === undefined || userId === null) {
|
||||
return rej('user_id is required');
|
||||
let userId = params.user_id;
|
||||
if (userId === undefined || userId === null || userId === '') {
|
||||
userId = null;
|
||||
}
|
||||
|
||||
// Get 'username' parameter
|
||||
let username = params.username;
|
||||
if (username === undefined || username === null || username === '') {
|
||||
username = null;
|
||||
}
|
||||
|
||||
if (userId === null && username === null) {
|
||||
return rej('user_id or username is required');
|
||||
}
|
||||
|
||||
// Get 'with_replies' parameter
|
||||
@ -62,9 +72,9 @@ module.exports = (params, me) =>
|
||||
}
|
||||
|
||||
// Lookup user
|
||||
const user = await User.findOne({
|
||||
_id: new mongo.ObjectID(userId)
|
||||
});
|
||||
const user = userId !== null
|
||||
? await User.findOne({ _id: new mongo.ObjectID(userId) })
|
||||
: await User.findOne({ username_lower: username.toLowerCase() });
|
||||
|
||||
if (user === null) {
|
||||
return rej('user not found');
|
||||
|
||||
6
src/api/models/access-token.ts
Normal file
6
src/api/models/access-token.ts
Normal file
@ -0,0 +1,6 @@
|
||||
const collection = global.db.collection('access_tokens');
|
||||
|
||||
collection.createIndex('token');
|
||||
collection.createIndex('hash');
|
||||
|
||||
export default collection;
|
||||
@ -1,5 +0,0 @@
|
||||
const collection = global.db.collection('userkeys');
|
||||
|
||||
collection.createIndex('key');
|
||||
|
||||
export default collection;
|
||||
@ -48,7 +48,7 @@ export default async (req: express.Request, res: express.Response) => {
|
||||
const hash = bcrypt.hashSync(password, salt);
|
||||
|
||||
// Generate secret
|
||||
const secret = rndstr('a-zA-Z0-9', 32);
|
||||
const secret = '!' + rndstr('a-zA-Z0-9', 32);
|
||||
|
||||
// Create account
|
||||
const inserted = await User.insert({
|
||||
|
||||
@ -7,7 +7,7 @@ import * as mongo from 'mongodb';
|
||||
import deepcopy = require('deepcopy');
|
||||
import App from '../models/app';
|
||||
import User from '../models/user';
|
||||
import Userkey from '../models/userkey';
|
||||
import AccessToken from '../models/access-token';
|
||||
|
||||
/**
|
||||
* Serialize an app
|
||||
@ -71,7 +71,7 @@ export default (
|
||||
|
||||
if (me) {
|
||||
// 既に連携しているか
|
||||
const exist = await Userkey.count({
|
||||
const exist = await AccessToken.count({
|
||||
app_id: _app.id,
|
||||
user_id: me,
|
||||
}, {
|
||||
|
||||
@ -2,6 +2,8 @@ import * as http from 'http';
|
||||
import * as websocket from 'websocket';
|
||||
import * as redis from 'redis';
|
||||
import User from './models/user';
|
||||
import AccessToken from './models/access-token';
|
||||
import isNativeToken from './common/is-native-token';
|
||||
|
||||
import homeStream from './stream/home';
|
||||
import messagingStream from './stream/messaging';
|
||||
@ -17,7 +19,13 @@ module.exports = (server: http.Server) => {
|
||||
ws.on('request', async (request) => {
|
||||
const connection = request.accept();
|
||||
|
||||
const user = await authenticate(connection);
|
||||
const user = await authenticate(connection, request.resourceURL.query.i);
|
||||
|
||||
if (user == null) {
|
||||
connection.send('authentication-failed');
|
||||
connection.close();
|
||||
return;
|
||||
}
|
||||
|
||||
// Connect to Redis
|
||||
const subscriber = redis.createClient(
|
||||
@ -41,29 +49,36 @@ module.exports = (server: http.Server) => {
|
||||
});
|
||||
};
|
||||
|
||||
function authenticate(connection: websocket.connection): Promise<any> {
|
||||
return new Promise((resolve, reject) => {
|
||||
// Listen first message
|
||||
connection.once('message', async (data) => {
|
||||
const msg = JSON.parse(data.utf8Data);
|
||||
|
||||
function authenticate(connection: websocket.connection, token: string): Promise<any> {
|
||||
return new Promise(async (resolve, reject) => {
|
||||
if (isNativeToken(token)) {
|
||||
// Fetch user
|
||||
// SELECT _id
|
||||
const user = await User
|
||||
.findOne({
|
||||
token: msg.i
|
||||
token: token
|
||||
}, {
|
||||
_id: true
|
||||
});
|
||||
|
||||
if (user === null) {
|
||||
connection.close();
|
||||
return;
|
||||
resolve(user);
|
||||
} else {
|
||||
const accessToken = await AccessToken.findOne({
|
||||
hash: token
|
||||
});
|
||||
|
||||
if (accessToken == null) {
|
||||
return reject('invalid signature');
|
||||
}
|
||||
|
||||
connection.send('authenticated');
|
||||
// Fetch user
|
||||
// SELECT _id
|
||||
const user = await User
|
||||
.findOne({ _id: accessToken.user_id }, {
|
||||
_id: true
|
||||
});
|
||||
|
||||
resolve(user);
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user