Skip to content

V
vernemq
Commit 8a325e19 by Chavee Issariyapat
Options

add token validator

parent ce94a13d
Showing with 150 additions and 75 deletions
authhook/auth_on_publish.js
......@@ -39,22 +39,27 @@ module.exports = function (options = {}) {
next();
}
else {
var GGID = require('./utils/getGroupID');
var output = {};
var _id = require('./utils/getGroupID').getGroupID(req.body.username, req.body.client_id)
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'pub', _id, req.body.client_id, output); // get topic where concat with groupID
response = {
'result': 'ok',
'modifiers': {
'topic': _ftopic,
'qos': 0,
'retain': false
GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'pub', group, req.body.client_id, output); // get topic where concat with groupID
response = {
'result': 'ok',
'modifiers': {
'topic': _ftopic,
'qos': 0,
'retain': false
}
}
}
if (output.verb == 'get' || output.verb == 'read') {
response.modifiers.payload = Buffer.from(req.body.client_id).toString('base64');
}
res.send(response);
next();
if (output.verb == 'get' || output.verb == 'read') {
response.modifiers.payload = Buffer.from(req.body.client_id).toString('base64');
}
res.send(response);
next();
});
}
}
else {
......
authhook/auth_on_register.js
var validator = require('./validator');
var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
// https://github.com/isaacs/node-lru-cache
var LRU = require("lru-cache"),
......@@ -8,39 +11,56 @@ var LRU = require("lru-cache"),
});
var debug = false;
var authclient = require('seneca')({ log: 'silent' })
.client({ port: config.get('authserv_port'), host: config.get('authserv_host') });
// var authclient = require('seneca')({ log: 'silent' })
// .client({ port: config.get('authserv_port'), host: config.get('authserv_host') });
function authCheck(client_id, token, password, callback) {
if (require('./checkClientRole').checkRealDB(token)) { // auth realtimedb by token
callback(true)
callback(true);
}
else {
if (require('./checkClientRole').getRole(token)) callback(true) // auth client device by token
else {
authclient.act({ role: 'auth', cmd: 'token', action: 'info', token: token }, function (err, res) { // auth client device by query from db
if (debug) {
console.log("res ------>\n");
console.log(res);
}
if (res && res.data) {
try {
var jdata = JSON.parse(res.data);
if (jdata && jdata.code == 200) {
callback(true);
}
else callback(false);
} catch (e) {
callback(false);
}
callback(true);
seneca.act('cmd:getAccessTokenInfo, tokencode:'+token, function(err,res) {
if (!err && res) {
var token_profile = (res&&res.result&&res.result[0])?res.result[0]:{};
var mqttauth = {
clientid : client_id,
token : token,
password : password
};
callback( validator.auth_connect(mqttauth, token_profile) );
}
else {
callback(false);
}
});
// authclient.act({ role: 'auth', cmd: 'token', action: 'info', token: token }, function (err, res) { // auth client device by query from db
// if (debug) {
// console.log("res ------>\n");
// console.log(res);
// }
// if (res && res.data) {
// try {
// var jdata = JSON.parse(res.data);
// if (jdata && jdata.code == 200) {
// callback(true);
// }
// else callback(false);
// } catch (e) {
// callback(false);
// }
// callback(true);
// }
// else {
// callback(false);
// }
// });
}
}
}
......
authhook/auth_on_subscribe.js
......@@ -43,18 +43,21 @@ module.exports = function (options = {}) {
next();
}
else {
var _id = require('./utils/getGroupID').getGroupID(req.body.username, req.body.client_id)
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'sub', _id, req.body.client_id) // get topic where concat with groupID
var _topic = [{ // setTopic for response
'topic': _ftopic,
'qos': 0
}]
response = {
'result': 'ok',
'topics': _topic
}
res.send(response);
next();
var GGID = require('./utils/getGroupID');
GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'sub', group, req.body.client_id) // get topic where concat with groupID
var _topic = [{ // setTopic for response
'topic': _ftopic,
'qos': 0
}]
response = {
'result': 'ok',
'topics': _topic
}
res.send(response);
next();
});
}
}
else {
......
authhook/on_unsubscribe.js
......@@ -16,17 +16,20 @@ function on_unsubscribe(req, res, next) {
next()
}
else {
var _id = require('./utils/getGroupID').getGroupID(token, client_id)
if (_id) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'unsub', _id, client_id)
response = {
"result": "ok",
"topics": [_ftopic]
var GGID = require('./utils/getGroupID');
GGID.getGroupID(token, client_id, function(group) {
if (group) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'unsub', group, client_id)
response = {
"result": "ok",
"topics": [_ftopic]
}
}
}
else response = { 'result': 'no' }
res.send(response);
next()
else response = { 'result': 'no' }
res.send(response);
next()
});
}
}
module.exports.on_unsubscribe = on_unsubscribe
\ No newline at end of file
authhook/utils/getGroupID.js
module.exports.getGroupID = getGroupID
var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
var getRole = require('../checkClientRole').getRole
async function getGroupID(token, client_id) {
function getGroupID(token, client_id, callback) {
var role = getRole(token);
if (role && role.hasOwnProperty('groupId')) {
return role.groupId;
callback(role.groupId);
}
else {
var group = await doDB(client_id);
return group;
doDB(client_id, function(group) {
callback(group);
});
}
}
module.exports.getGroupID = getGroupID
function doDB(client_id) {
return new Promise((resolve, reject) => {
seneca.act('cmd:getGroupByClientid, clientid:'+client_id, function(err, res) {
if (err) reject(err);
else resolve((res && res.result &&res.result[0])?res.result[0]:null);
});
function doDB(client_id, callback) {
seneca.act('cmd:getGroupByClientid, clientid:'+client_id, function(err, res) {
if (err) callback(null);
else callback((res && res.result &&res.result[0])?res.result[0]:null);
});
}
//Test
async function test() {
var g = await getGroupID('', 'aw9f0d2c-aliceclient');
console.log(g);
}
test();
\ No newline at end of file
authhook/validator.js 0 → 100644
module.exports.auth_connect = auth_connect
/*
{ _key: '1196651',
_id: 'access_token/1196651',
_rev: '_XdtTzQK--_',
"type": "v1",
"code": "f2a05d9a420e141d2d268b0c41f2af8e",
"device": "bd2w9fkc-bobclient",
"scope": [
"w:@shadow/read",
"w:@shadow/write"
],
"iat": 1537502874269,
"nbf": 1537502874269,
"exp": 1537609874269,
"for": [
{
"clientid": "bd2w9fkc-bobclient",
"verify": false
}
],
"user": "nexpie"
}
*/
function auth_connect(mqttauth, token_profile) {
var res = {
status : true
}
if (token_profile) {
if (token_profile.for) {
var found = false;
for (var i=0; i<token_profile.for.length; i++) {
if (token_profile.for[i].clientid == mqttauth.clientid) {
found = true;
break;
}
}
if (!found) return {status: false, reason: 'uneligible'};
}
if (Date.now() > token_profile.exp) return {status: false, reason: 'expired'};
if (token_profile.nbf && (Date.now() < token_profile.nbf)) return {status: false, reason: 'uneligible'};
return {status: true};
}
else return false;
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment