coolaj86/telebit-relay.js
1
1
Fork 0
Code Issues 4 Pull Requests Releases Activity

passthru authn and await authz, better logging

Browse Source
This commit is contained in:
AJ ONeal 2018-06-29 11:02:13 +00:00
parent 7fd28d55a1
commit dc67bee735
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lib/extensions/index.js
View File

@ -226,8 +226,6 @@ module.exports.pairPin = function (opts) {
// From a WS connection
module.exports.authenticate = function (opts) {
var jwt = require('jsonwebtoken');
var jwtoken = opts.auth;
var authReq = opts.auth;
var state = opts.state;
var auth;
var decoded;
@ -267,41 +265,44 @@ module.exports.authenticate = function (opts) {
return auth.promise;
}
if ('object' === typeof authReq && /^.+@.+\..+$/.test(authReq.subject)) {
console.log("[ext token] Looks Like Auth Object");
// Promise Authz on Auth Creds
// TODO: remove
if ('object' === typeof opts.auth && /^.+@.+\..+$/.test(opts.auth.subject)) {
console.log("[wss.ext.authenticate] [1] Request Pair for Credentials");
return module.exports.pairRequest(opts).then(function (authnData) {
console.log("[ext token] Promises Like Auth Object");
console.log("[wss.ext.authenticate] [2] Promise Authz on Pair Complete");
var auth = Auths.get(authnData.id);
return getPromise(auth);
//getPromise(auth);
//return state.defaults.authenticate(authnData.jwt);
});
}
console.log("[ext token] Trying Token Parse");
try {
decoded = jwt.decode(jwtoken, { complete: true });
decoded = jwt.decode(opts.auth, { complete: true });
auth = Auths.get(decoded.payload.id);
} catch(e) {
console.log("[ext token] Token Did Not Parse");
console.log("[wss.ext.authenticate] [Error] could not parse token");
decoded = null;
}
console.log("[ext token] decoded auth token:");
console.log("[wss.ext.authenticate] incoming token decoded:");
console.log(decoded);
if (!auth) {
console.log("[ext token] did not find auth object");
console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)");
}
// TODO technically this could leak the token through a timing attack
// but it would require already knowing the semi-secret id and having
// completed the pair code
if (auth && (auth.authn === jwtoken || auth.authz === jwtoken)) {
if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) {
if (!auth.authz) {
console.log("[ext token] Promise Authz");
return getPromise(auth);
console.log("[wss.ext.authenticate] Create authz promise and passthru");
getPromise(auth);
return state.defaults.authenticate(opts.auth);
}
console.log("[ext token] Use Available Authz");
// If they used authn but now authz is available, use authz
// (i.e. connects, but no domains or ports)
opts.auth = auth.authz;
@ -310,7 +311,7 @@ module.exports.authenticate = function (opts) {
auth._claimed = true;
}
console.log("[ext token] Continue With Auth Token");
console.log("[wss.ext.authenticate] Using authz");
return state.defaults.authenticate(opts.auth);
};