1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/*
* user.js
*
* routing handlers for a user
*
*/
var util = require('util');
var crypto = require('crypto')
var db = require('../mydb.js');
var driver = require('./driver.js');
var auth = require('../auth.js');
var connected_clients = {};
function create_get(req, res, next) {
driver.create_get(req, res, next);
}
/* how much input sanitazion do we want? */
function create_post(req, res, next) {
/* would need to be in the if statement */
//crypto.createHash('md5').update(req.param('secret') + req.param('id') + '0xdeadbeef').digest('hex')
var secret_hash = '0xdeadbeef'; /* grant creation */
if (req.param('secret') == undefined || req.param('secret').length < 1 || !(req.param('secret') === secret_hash)) {
util.log('[create] unauthorized creation attempt');
return res.send(403, 'creation aborted, invalid secret\n'); /* return could be after this statement for clarity */
} else if (req.param('tag') == undefined || req.param('tag').length < 2 || req.param('tag').length > 16 || /* tag */
req.param('id') == undefined || req.param('id').length < 8 || req.param('id').length > 30) /* pass */ {
util.log('[create] client input sanitazation failed');
return res.send(400, 'invalid registration attributes\n');
}
var user_record = {
tag: req.param('tag'), /* really an id */
//id: req.param('id'), /* this is evil */
salt: '',
hash: '',
status: "offline",
vehicle: {make: req.param('make'), model: req.param('model'), year: req.param('year'), desc: req.param('desc')},
userinfo: {sig: req.param('sig')},
location: {loc: req.param('loc')},
stats: {matches: 0, won: 0, lost: 0}
};
/* not sure how this fits the async routine */
/* yep, had to move code into the callback */
auth.hash(req.param('id'), function(err, salt, hash) {
if (err) {
next(new Error('failed to compute hash'));
} else {
user_record.salt = salt;
user_record.hash = hash;
db.users.save(user_record, function(err, thing) {
if (err || !thing)
util.log('[create] error saving');
else
util.log('[create] successfully saved');
});
res.redirect('/');
}
});
}
function login_get(req, res, next) {
/* todo: jade page for this? */
/* res.send('just use curl to login'); */
res.render('login', {
title: 'Challenger 2.0', /* might use app.locals */
});
}
/*
* test drive: curl -d 'tag=unclescotty&id=brotato' localhost:8081/login
*
*/
function login_post(req, res, next) {
auth.auth_user(req.param('tag'), req.param('id'), function(err, user, code) {
if (err)
return next(err);
switch (code) {
case 200:
{
/* util.log('[login] retrived user: ' + util.inspect(user)); */
util.log('[login] ' + user.tag + ' authenticated');
db.users.update({tag: user.tag}, {$set: {status: 'online'}}, function(err, updated) {
if (err || !updated)
{
util.log('[login] failed to set status to online');
return next(new Error('failed to set status to online'));
}
/* real deal? */
connected_clients[user.tag] = {ip: res.connection.myip, port: res.connection.myport, res: res};
/* req.session.regenerate(function() { */
req.session.user = user.tag; /* keep track of auth'ed user */
res.send(200, 'successfully logged in, expect socket.io connection\n');
});
break;
}
case 401:
util.log('[login] could not authenticate');
res.send(401, 'could not authenticate\n');
break;
case 403:
util.log('[login] user does not exist');
res.send(403, 'user does not exist\n');
break;
}
});
}
function get_connected_client(tag) {
return connected_clients.tag;
}
module.exports = {
create_get: create_get,
create_post: create_post,
login_get: login_get,
login_post: login_post,
get_connected_client: get_connected_client
};
|
