mkrieger/Wachalarm-IP-Web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update auth.js

Browse Source
This commit is contained in:
Richter 2019-03-06 15:05:07 +01:00
parent b8efd5307f
commit bce2ac30a0
1 changed files with 154 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

157
server/auth.js
View File

@ -1,26 +1,48 @@
module.exports = function (app, app_cfg, db, bcrypt, passport, LocalStrategy) {
module.exports = function(app, app_cfg, db, async, bcrypt, passport, io) {
var session = require('express-session');
var cookieParser = require('cookie-parser');
var flash = require('req-flash');
var SQLiteStore = require('connect-sqlite3')(session);
var LocalStrategy = require('passport-local').Strategy;
var IpStrategy = require('passport-ip').Strategy;
var passportSocketIo = require('passport.socketio');
var sessionStore = new SQLiteStore({
//db: app_cfg.global.database,
//concurrentDB: true
});
app.use(session({
store: new SQLiteStore({
db: app_cfg.global.database,
concurrentDB: true
}),
store: sessionStore,
key: "connect.sid",
secret: app_cfg.global.sessionsecret,
resave: false,
saveUninitialized: true,
cookie: {
maxAge: 60 * 60 * 1000
} // 1 Stunde
maxAge: 24 * 60 * 60 * 1000
} // 1 Tag
}));
app.use(cookieParser());
app.use(flash());
app.use(passport.initialize());
app.use(passport.session());
// Benutzerauthentifizierung
io.use(passportSocketIo.authorize({
cookieParser: cookieParser, // the same middleware you registrer in express
key: "connect.sid", // the name of the cookie where express/connect stores its session_id
secret: app_cfg.global.sessionsecret, // the session_secret to parse the cookie
store: sessionStore, // we NEED to use a sessionstore. no memorystore please
success: function(data, accept) {
//console.log('successful connection to socket.io');
accept(null, true);
},
fail: function(data, message, error, accept) {
//console.log('failed connection to socket.io:', data, message);
accept(null, true);
}
}));
// Benutzerauthentifizierung per Login
passport.use(new LocalStrategy({
usernameField: 'user'
}, function(user, password, done) {
@ -35,6 +57,21 @@ module.exports = function (app, app_cfg, db, bcrypt, passport, LocalStrategy) {
});
}));
// Benutzerauthentifizierung per IP
passport.use(new IpStrategy({
range: app_cfg.global.ip_auth_range
}, function(profile, done) {
var profile_ip = profile.id
profile_ip = profile_ip.replace(/^(::ffff:)/, "");
db.get('SELECT user, id FROM waip_users WHERE ip_address = ?', profile_ip, function(err, row) {
if (!row) {
return done(null, false);
} else {
return done(null, row);
};
});
}));
passport.serializeUser(function(user, done) {
return done(null, user.id);
});
@ -52,13 +89,109 @@ module.exports = function (app, app_cfg, db, bcrypt, passport, LocalStrategy) {
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) {
// req.user is available for use here
return next(); }
return next();
}
// denied. redirect to login
res.redirect('/login')
}
//TODO: ensureAuthenticated für admin-user erstellen
//-> req.user && req.user.permissions == "admin"
function createUser(req, res) {
db.get('SELECT user FROM waip_users WHERE user = ?', req.body.username, function(err, row) {
// if(err)
if (row) {
req.flash('errorMessage', "Es existiert bereits ein Benutzer mit diesem Namen!");
res.redirect('/edit_users');
} else {
bcrypt.hash(req.body.password, app_cfg.global.saltRounds, function(err, hash) {
db.run('INSERT INTO waip_users ( user, password, permissions, ip_address ) VALUES( ?, ?, ?, ? )', req.body.username, hash, req.body.permissions, req.body.ip, function(err) {
// if(err)
if (this.lastID) {
req.flash('successMessage', "Neuer Benutzer wurde angelegt.");
res.redirect('/edit_users');
} else {
req.flash('errorMessage', "Da ist etwas schief gegangen...");
res.redirect('/edit_users');
}
});
});
}
});
};
function deleteUser(req, res) {
if (req.user.id == req.body.id) {
req.flash('errorMessage', "Sie können sich nicht selbst löschen!");
res.redirect('/edit_users');
} else {
db.run('DELETE FROM waip_users WHERE id = ?', req.body.id, function(err) {
if (err) {
//...
} else {
req.flash('successMessage', "Benutzer \'" + req.body.username + "\' wurde gelöscht!");
res.redirect('/edit_users');
}
});
}
};
function editUser(req, res) {
async.series([
function(callback) {
req.runquery = false;
req.query = "UPDATE waip_users SET ";
if (req.body.password.length == 0) {
req.flash('successMessage', "Passwort wurde nicht geändert.");
callback(null, 'password_checked');
} else {
bcrypt.hash(req.body.password, app_cfg.global.saltRounds, function(err, hash) {
if (err) console.log(err)
req.flash('successMessage', "Passwort geändert.");
req.query += "password = '" + hash + "', ";
req.runquery = true;
callback(null, 'password_checked');
});
};
},
function(callback) {
if (req.user.id == req.body.modal_id && req.body.permissions != "admin") {
req.flash('errorMessage', "Sie können Ihr Recht als Administrator nicht selbst ändern!");
callback(null, 'permissions_checked');
} else {
req.query += "permissions = '" + req.body.permissions + "', ip_address ='" + req.body.ip + "'";
req.runquery = true;
callback(null, 'permissions_checked');
};
}
],
function(err, results) {
if (req.runquery == true) {
req.query += " WHERE id = " + req.body.modal_id;
console.log(req.query);
db.run(req.query, function(err) {
if (err) {
//...
console.log(err);
req.flash('errorMessage', "Da ist etwas schief gegangen...");
res.redirect('/edit_users');
} else {
req.flash('successMessage', "Benutzer aktualisiert.");
res.redirect('/edit_users');
}
});
} else {
req.flash('errorMessage', "Da ist etwas schief gegangen...");
res.redirect('/edit_users');
}
});
};
return {
ensureAuthenticated: ensureAuthenticated
ensureAuthenticated: ensureAuthenticated,
createUser: createUser,
deleteUser: deleteUser,
editUser: editUser
};
};