Skip to content

V
vernemq
Commit 4e9efab1 by zCaesar
Options

Merge branch 'alpha-v2' into 'master' 

change device registry path to token registry path

See merge request !3
parents cd0e0490 a0cc5f18
Showing with 83 additions and 104 deletions
authhook/Dockerfile
......@@ -9,11 +9,15 @@ RUN apk add --update --no-cache python \
py-pip \
yarn \
openssh-client \
&& rm -rf /var/cache/apk/*
git \
&& rm -rf /var/cache/apk/*
COPY . .
RUN npm install
RUN apk del git \
&& rm -rf /var/cache/apk/*
EXPOSE 40000
CMD npm start
authhook/auth_on_publish.js
......@@ -26,7 +26,8 @@ module.exports = function (options = {}) {
var response
var decoded = require('./checkClientRole').checkRealDB(req.body.username)
var decoded = require('jwt-verify').verify(req.body.username).res
if (decoded) {
if (decoded.role === 'realtimedb') response = { 'result': 'ok' }
else response = { 'result': 'no' }
......@@ -37,7 +38,7 @@ module.exports = function (options = {}) {
var GGID = require('./utils/getGroupID');
var output = {};
GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
GGID.getGroupID(req.body.username, req.body.client_id, function (group) {
var _ftopic = require('./utils/router').rewriteTopic(topic, 'pub', group, req.body.client_id, output); // get topic where concat with groupID
response = {
'result': 'ok',
......
authhook/auth_on_register.js
var validator = require('./validator');
var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
// var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('token_registry_port'), host: config.get('token_registry_host') });
// https://github.com/isaacs/node-lru-cache
var LRU = require("lru-cache"),
......@@ -17,13 +18,14 @@ var debug = false;
function authCheck(client_id, token, password, callback) {
if (require('./checkClientRole').checkRealDB(token)) { // auth realtimedb by token
if (require('jwt-verify').verify(token)) { // auth realtimedb by token
callback(true);
}
else {
if (require('./checkClientRole').getRole(token)) callback(true) // auth client device by token
if (require('jwt-verify').verify(token)) callback(true) // auth client device by token
else {
seneca.act('cmd:getAccessTokenInfo, tokencode:'+token, function(err,res) {
seneca.act('ms:tokenregistry, cmd:getAttributes, type:device, tokencode:'+token, function(err,res) {
if (!err && res) {
var token_profile = (res&&res.result&&res.result[0])?res.result[0]:{};
var mqttauth = {
......@@ -37,6 +39,20 @@ function authCheck(client_id, token, password, callback) {
callback(false);
}
});
// seneca.act('cmd:getAccessTokenInfo, tokencode:'+token, function(err,res) {
// if (!err && res) {
// var token_profile = (res&&res.result&&res.result[0])?res.result[0]:{};
// var mqttauth = {
// clientid : client_id,
// token : token,
// password : password
// };
// callback( validator.auth_connect(mqttauth, token_profile) );
// }
// else {
// callback(false);
// }
// });
// authclient.act({ role: 'auth', cmd: 'token', action: 'info', token: token }, function (err, res) { // auth client device by query from db
......
authhook/auth_on_subscribe.js
......@@ -25,8 +25,8 @@ module.exports = function (options = {}) {
cache.set(cachekey, true); // cache missed
}
var response
var decoded = require('./checkClientRole').checkRealDB(req.body.username)
var decoded = require('jwt-verify').verify(req.body.username).res
if (decoded) {
if (decoded.role === 'realtimedb') response = { 'result': 'ok' }
else response = { 'result': 'no' }
......@@ -36,7 +36,7 @@ module.exports = function (options = {}) {
else {
var GGID = require('./utils/getGroupID');
GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
GGID.getGroupID(req.body.username, req.body.client_id, function (group) {
console.log(group);
var _ftopic = require('./utils/router').rewriteTopic(topic, 'sub', group, req.body.client_id) // get topic where concat with groupID
var _topic = [{ // setTopic for response
......
authhook/checkClientRole.js deleted 100644 → 0
var jwt = require('jsonwebtoken')
var config = require('config')
var getExp = require('./utils/getDates').getExp
module.exports.checkRealDB = checkRealDB
module.exports.getRole = getRole
module.exports.signRole = signRole
function checkRealDB(token) {
const verifyOptions = {
algorithms: ['RS256']
};
try {
return jwt.verify(token, config.get('pubca'), verifyOptions)
}
catch(e) {
return false
}
}
function getRole(token) {
var secret = 'nexpie'
try {
return jwt.verify(token, secret)
}
catch(e) {
return false
}
}
function signRole(req, res) {
var secret = 'nexpie'
if (req.body.scope && req.body.exp) {
const signOptions = {
expiresIn: getExp(req.body.exp)
}
var payload = req.body
delete payload['exp']
res.send(jwt.sign(payload, secret, signOptions))
}
else {
res.send('role not complete')
}
}
\ No newline at end of file
authhook/config/custom-environment-variables.json
......@@ -5,10 +5,13 @@
"device_registry_host" : "DEVICE_REGISTRY_HOST",
"device_registry_port" : "DEVICE_REGISTRY_PORT",
"token_registry_host" : "TOKEN_REGISTRY_HOST",
"token_registry_port" : "TOKEN_REGISTRY_PORT",
"auth_on_register_debug" : "AUTH_ON_REGISTER_DEBUG",
"auth_on_publish_debug" : "AUTH_ON_PUBLISH_DEBUG",
"auth_on_subscribe_debug" : "AUTH_ON_SUBSCRIBE_DEBUG",
"on_publish_debug" : "ON_PUBLISH_DEBUG",
"on_deliver_debug" : "ON_DELIVER_DEBUG",
"on_unsubscribe_debug" : "ON_UNSUBSCRIBE_DEBUG"
}
}
\ No newline at end of file
authhook/config/local-dev.json 0 → 100644
{
"device_registry_host" : "alpha.nexpie.io",
"device_registry_port" : 8990,
"token_registry_host" : "alpha.nexpie.io",
"token_registry_port" : 8790,
"auth_on_register_debug" : true,
"auth_on_publish_debug" : true,
"auth_on_subscribe_debug" : true,
"on_publish_debug" : true,
"on_deliver_debug" : true,
"on_unsubscribe_debug" : true
}
authhook/index.js
......@@ -15,7 +15,6 @@ var auth_on_subscribe = require('./auth_on_subscribe')({ debug: auth_on_subscrib
var on_publish = require('./on_publish')({ debug: on_publish_debug });
var on_deliver = require('./on_deliver')({ debug: on_deliver_debug });
var on_unsubscribe = require('./on_unsubscribe')({ debug: on_unsubscribe_debug });
var signRole = require('./checkClientRole').signRole
const server = restify.createServer({
name: 'authhook',
......@@ -45,7 +44,6 @@ server.post('/onsub', (req,res,next) => {
server.post('/onunsub', on_unsubscribe)
server.post('/ondeliver', on_deliver)
server.post('/onpub', on_publish)
server.post('/signRole', signRole)
server.listen(port, function () {
console.log('%s listening at %s', server.name, server.url);
......
authhook/on_unsubscribe.js
......@@ -7,7 +7,8 @@ module.exports = function(options = {}) {
var client_id = req.body.client_id
var response
var decoded = require('./checkClientRole').checkRealDB(token)
var decoded = require('jwt-verify').verify(token).res
if (decoded) {
if (decoded.role === 'realtimedb') {
response = { 'result': 'ok' }
......
authhook/package-lock.json
......@@ -437,6 +437,24 @@
"safe-buffer": "^5.0.1"
}
},
"jwt-verify": {
"version": "git+https://nexpienpm:CCqLQjg4ytvzN7QbssUV@dev.nexpie.com/npm/jwt-verify.git#2652fe32eb15f1e1f05bc31aa98f5a7c10d049e3",
"from": "git+https://nexpienpm:CCqLQjg4ytvzN7QbssUV@dev.nexpie.com/npm/jwt-verify.git#issuer",
"requires": {
"config": "^2.0.1",
"jsonwebtoken": "^8.3.0"
},
"dependencies": {
"config": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/config/-/config-2.0.1.tgz",
"integrity": "sha512-aTaviJnC8ZjQYx8kQf4u6tWqIxWolyQQ3LqXgnCLAsIb78JrUshHG0YuzIarzTaVVe1Pazms3TXImfYra8UsyQ==",
"requires": {
"json5": "^1.0.1"
}
}
}
},
"lodash": {
"version": "4.17.10",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz",
......@@ -955,6 +973,14 @@
"norma": "0.4"
}
},
"util": {
"version": "0.11.0",
"resolved": "https://registry.npmjs.org/util/-/util-0.11.0.tgz",
"integrity": "sha512-5n12uMzKCjvB2HPFHnbQSjaqAa98L5iIXmHrZCLavuZVe0qe/SJGbDGWlpaHk5lnBkWRDO+dRu1/PgmUYKPPTw==",
"requires": {
"inherits": "2.0.3"
}
},
"util-deprecate": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
......
authhook/package.json
......@@ -12,9 +12,11 @@
"dependencies": {
"config": "^1.30.0",
"jsonwebtoken": "^8.3.0",
"jwt-verify": "git+https://nexpienpm:CCqLQjg4ytvzN7QbssUV@dev.nexpie.com/npm/jwt-verify.git",
"lru-cache": "^4.1.3",
"restify": "^7.1.1",
"seneca": "^3.6.0"
"seneca": "^3.6.0",
"util": "^0.11.0"
},
"devDependencies": {
"mocha": "^5.2.0"
......
authhook/utils/getDates.js deleted 100644 → 0
module.exports.getExp = getExp
function getExp(expires) {
var exp
if (expires.endsWith('y')) {
exp = getYears(expires.split('y')[0])
}
else if (expires.endsWith('m')) {
exp = getMonths(expires.split('m')[0])
}
else if (expires.endsWith('d')) {
exp = expires.split('d')[0] + 'd'
}
else if (expires.endsWith('h')) {
exp = expires.split('h')[0] + 'h'
}
else if (expires.endsWith('mi')) {
exp = getMinutes(expires.split('mi')[0])
}
else if (expires.endsWith('s')) {
exp = getSeconds(expires.split('s')[0])
}
else exp = getYears(10)
return exp
}
function getMonths(d) {
return (d * 30) + 'd'
}
function getYears(m) {
return (m * 30 * 12) + 'd'
}
function getMinutes(mi) {
return (mi * 1000 * 60) + 'ms'
}
function getSeconds(ms) {
return (ms * 1000) + 'ms'
}
\ No newline at end of file
authhook/utils/getGroupID.js
......@@ -3,10 +3,10 @@ module.exports.getGroupID = getGroupID
var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
var getRole = require('../checkClientRole').getRole
// var getRole = require('../checkClientRole').getRole
function getGroupID(token, client_id, callback) {
var role = getRole(token);
var role = require('jwt-verify').verify(token).res
if (role && role.hasOwnProperty('groupId')) {
callback(role.groupId);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment