Socket connection now works
- Pairing a new device works (I did a lot since the last commit)
This commit is contained in:
@@ -111,7 +111,7 @@ export async function LoginUser(req: Request, res: Response) {
|
||||
}
|
||||
|
||||
// We're good. Create JWT token.
|
||||
const token = sign({ user: user._id }, JWT_SECRET, { expiresIn: '30d' });
|
||||
const token = sign({ user: user._id, type: 'frontend' }, JWT_SECRET, { expiresIn: '30d' });
|
||||
|
||||
user.lastLogin = new Date(Date.now());
|
||||
await user.save();
|
||||
@@ -120,159 +120,6 @@ export async function LoginUser(req: Request, res: Response) {
|
||||
res.status(200).send({ token });
|
||||
}
|
||||
|
||||
/**
|
||||
* This function handles all logins to RabbitMQ since they need a differnt type of response
|
||||
* then requests from frontends (web and phone).
|
||||
*/
|
||||
export async function LoginRabbitUser(req: Request, res: Response) {
|
||||
const username = req.query.username;
|
||||
const password = req.query.password;
|
||||
res.status(200);
|
||||
|
||||
if (username === undefined || password === undefined) {
|
||||
res.send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if request comes from backend. Basicly, we permitting ourself to connect with RabbitMQ.
|
||||
if (username === "backend" && password === RABBITMQ_URI.split(':')[2].split('@')[0]) {
|
||||
res.send('allow administrator');
|
||||
return;
|
||||
}
|
||||
|
||||
// Get user from database
|
||||
const user = await User.findOne({ name: username.toString() });
|
||||
|
||||
// If we are here, it means we have a non-admin user.
|
||||
if (user === null) {
|
||||
res.send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
// Auth token for message broker is stored in plain text since it's randomly generated and only grants access to the broker.
|
||||
if (user.brokerToken === password.toString()) {
|
||||
if (user.type === UserType.ADMIN) {
|
||||
res.send('allow administrator');
|
||||
} else {
|
||||
// Not an admin, grant user privilieges
|
||||
res.send('allow user')
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
res.send('deny');
|
||||
}
|
||||
|
||||
/**
|
||||
* This function basicly allows access to the root vhost if the user is known.
|
||||
*/
|
||||
export async function VHost(req: Request, res: Response) {
|
||||
const vhost = req.query.vhost;
|
||||
const username = req.query.username;
|
||||
|
||||
if (vhost === undefined || username === undefined) {
|
||||
res.status(200).send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
if (vhost != '/') {
|
||||
res.status(200).send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if user is us
|
||||
if (username === 'backend') {
|
||||
res.status(200).send('allow');
|
||||
return;
|
||||
}
|
||||
|
||||
const user = await User.findOne({ name: username.toString() });
|
||||
if (user === null) {
|
||||
// Deny if user doesn't exist.
|
||||
res.status(200).send('deny');
|
||||
} else {
|
||||
res.status(200).send('allow');
|
||||
}
|
||||
}
|
||||
|
||||
export async function Resource(req: Request, res: Response) {
|
||||
const username = req.query.username;
|
||||
const vhost = req.query.vhost;
|
||||
const resource = req.query.resource;
|
||||
const name = req.query.name;
|
||||
const permission = req.query.permission;
|
||||
const tags = req.query.tags;
|
||||
|
||||
if (username === undefined || vhost === undefined || resource === undefined || name === undefined || permission === undefined || tags === undefined) {
|
||||
res.status(200).send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if it's us
|
||||
if (username.toString() == 'backend') {
|
||||
res.status(200).send('allow');
|
||||
return;
|
||||
}
|
||||
|
||||
// Deny if not root vhost
|
||||
if (vhost.toString() != '/') {
|
||||
res.status(200).send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if user exists
|
||||
const user = await User.findOne({ name: username.toString() });
|
||||
if (user == null) {
|
||||
res.status(200).send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
if (tags.toString() == "administrator" && user.type != UserType.ADMIN) {
|
||||
res.status(200).send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
// TODO: This has to change if we want to allow users to see the realtime movement of others.
|
||||
if (resource.toString().startsWith('tracker-') && resource != 'tracker-' + username) {
|
||||
res.status(200).send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
res.status(200).send('allow');
|
||||
}
|
||||
|
||||
export async function Topic(req: Request, res: Response) {
|
||||
res.status(200);
|
||||
|
||||
const username = req.query.username;
|
||||
const routingKey = req.query.routing_key;
|
||||
|
||||
if (routingKey === undefined || username === undefined) {
|
||||
res.send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if it's us
|
||||
if (username.toString() == 'backend') {
|
||||
res.status(200).send('allow');
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if user exists
|
||||
const user = await User.findOne({ name: username.toString() });
|
||||
if (user === null) {
|
||||
res.send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
if (routingKey !== user.id) {
|
||||
res.send('deny');
|
||||
return;
|
||||
}
|
||||
|
||||
res.status(200).send('allow');
|
||||
}
|
||||
|
||||
/**
|
||||
* This middleware validates any tokens that are required to access most of the endpoints.
|
||||
* Note: This validation doesn't contain any permission checking.
|
||||
|
||||
Reference in New Issue
Block a user