Real-time communication with frontend

- Frontend shows heatmap of most visit places - Maximum accuracy can now be set - Fix bug where battery chart filtered values wrongly
2020-10-26 23:38:34 +01:00
parent fa60f58d3c
commit e12ed7775b
20 changed files with 770 additions and 161 deletions
--- a/backend/endpoints/beat.ts
+++ b/backend/endpoints/beat.ts
@@ -35,7 +35,7 @@ export async function GetBeat(req: LivebeatRequest, res: Response) {
                    $gte: new Date((from | 0) * 1000),
                    $lte: new Date((to | Date.now() /1000) * 1000)
                }
-            }).sort({ _id: -1 });
+            }).sort({ _id: 1 });
        res.status(200).send(beats);
    } else {
        res.status(404).send({ message: 'Phone not found' });
--- a/backend/endpoints/user.ts
+++ b/backend/endpoints/user.ts
@@ -2,10 +2,11 @@ import { Request, Response } from "express";
 import { verifyPassword } from "../lib/crypto";
 import { User } from "../models/user/user.model";
 import { sign, decode, verify } from 'jsonwebtoken';
-import { JWT_SECRET, logger } from "../app";
+import { JWT_SECRET, logger, RABBITMQ_URI } from "../app";
 import { LivebeatRequest } from '../lib/request';
 import { SchemaTypes } from "mongoose";
 import { Phone } from "../models/phone/phone.model";
+import { UserType } from "../models/user/user.interface";

 export async function GetUser(req: LivebeatRequest, res: Response) {
    let user: any = req.user;
@@ -64,6 +65,130 @@ export async function LoginUser(req: Request, res: Response) {
    res.status(200).send({ token });
 }

+/**
+ * This function handles all logins to RabbitMQ since they need a differnt type of response
+ * then requests from frontends (web and phone).
+ */
+export async function LoginRabbitUser(req: Request, res: Response) {
+    const username = req.query.username;
+    const password = req.query.password;
+
+    if (username === undefined || password === undefined) {
+        res.status(200).send('deny');
+        return;
+    }
+
+    // Check if request comes from backend. Basicly, we permitting ourself to connect with RabbitMQ.
+    if (username === "backend" && password === RABBITMQ_URI.split(':')[2].split('@')[0]) {
+        res.status(200).send('allow administrator');
+        return;
+    }
+
+    // Get user from database
+    const user = await User.findOne({ name: username.toString() });
+
+    // If we are here, it means we have a non-admin user.
+    if (user === null) {
+        res.status(200).send('deny');
+        return;
+    }
+
+    // Auth token for message broker is stored in plain text since it's randomly generated and only grants access to the broker.
+    if (user.brokerToken === password.toString()) {
+        if (user.type === UserType.ADMIN) {
+            res.status(200).send('allow administrator');
+        } else {
+            // Not an admin, grant user privilieges
+            res.status(200).send('allow user')
+        }
+        return;
+    }
+
+    res.status(200).send('deny');
+}
+
+/**
+ * This function basicly allows access to the root vhost if the user is known.
+ */
+export async function VHost(req: Request, res: Response) {
+    const vhost = req.query.vhost;
+    const username = req.query.username;
+
+    if (vhost === undefined || username === undefined) {
+        res.status(200).send('deny');
+        return;
+    }
+
+    if (vhost != '/') {
+        res.status(200).send('deny');
+        return;
+    }
+
+    // Check if user is us
+    if (username === 'backend') {
+        res.status(200).send('allow');
+        return;
+    }
+
+    const user = await User.findOne({ name: username.toString() });
+    if (user === null) {
+        // Deny if user doesn't exist.
+        res.status(200).send('deny');
+    } else {
+        res.status(200).send('allow');
+    }
+}
+
+export async function Resource(req: Request, res: Response) {
+    const username = req.query.username;
+    const vhost = req.query.vhost;
+    const resource = req.query.resource;
+    const name = req.query.name;
+    const permission = req.query.permission;
+    const tags = req.query.tags;
+
+    if (username === undefined || vhost === undefined || resource === undefined || name === undefined || permission === undefined || tags === undefined) {
+        res.status(200).send('deny');
+        return;
+    }
+
+    // Check if it's us
+    if (username.toString() == 'backend') {
+        res.status(200).send('allow');
+        return;
+    }
+
+    // Deny if not root vhost
+    if (vhost.toString() != '/') {
+        res.status(200).send('deny');
+        return;
+    }
+
+    // Check if user exists
+    const user = await User.findOne({ name: username.toString() });
+    if (user == null) {
+        res.status(200).send('deny');
+        return;
+    }
+
+    if (tags.toString() == "administrator" && user.type != UserType.ADMIN) {
+        res.status(200).send('deny');
+        return;
+    }
+
+    // TODO: This has to change if we want to allow users to see the realtime movement of others.
+    if (resource.toString().startsWith('tracker-') && resource != 'tracker-' + username) {
+        res.status(200).send('deny');
+        return;
+    }
+
+    res.status(200).send('allow');
+}
+
+export async function Topic(req: Request, res: Response) {
+    res.status(200).send('allow');
+}
+
 /**
 * This middleware validates any tokens that are required to access most of the endpoints.
 * Note: This validation doesn't contain any permission checking.