Skip to content

V
vernemq
Commit 8a325e19 by Chavee Issariyapat
Options

add token validator

parent ce94a13d
Showing with 150 additions and 75 deletions
authhook/auth_on_publish.js
...@@ -39,22 +39,27 @@ module.exports = function (options = {}) { ...@@ -39,22 +39,27 @@ module.exports = function (options = {}) {
next(); next();
} }
else { else {
var GGID = require('./utils/getGroupID');
var output = {}; var output = {};
var _id = require('./utils/getGroupID').getGroupID(req.body.username, req.body.client_id) GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'pub', _id, req.body.client_id, output); // get topic where concat with groupID
response = { var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'pub', group, req.body.client_id, output); // get topic where concat with groupID
'result': 'ok', response = {
'modifiers': { 'result': 'ok',
'topic': _ftopic, 'modifiers': {
'qos': 0, 'topic': _ftopic,
'retain': false 'qos': 0,
'retain': false
}
} }
} if (output.verb == 'get' || output.verb == 'read') {
if (output.verb == 'get' || output.verb == 'read') { response.modifiers.payload = Buffer.from(req.body.client_id).toString('base64');
response.modifiers.payload = Buffer.from(req.body.client_id).toString('base64'); }
} res.send(response);
res.send(response); next();
next();
});
} }
} }
else { else {
......
authhook/auth_on_register.js
var validator = require('./validator');
var config = require('config'); var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
// https://github.com/isaacs/node-lru-cache // https://github.com/isaacs/node-lru-cache
var LRU = require("lru-cache"), var LRU = require("lru-cache"),
...@@ -8,39 +11,56 @@ var LRU = require("lru-cache"), ...@@ -8,39 +11,56 @@ var LRU = require("lru-cache"),
}); });
var debug = false; var debug = false;
var authclient = require('seneca')({ log: 'silent' }) // var authclient = require('seneca')({ log: 'silent' })
.client({ port: config.get('authserv_port'), host: config.get('authserv_host') }); // .client({ port: config.get('authserv_port'), host: config.get('authserv_host') });
function authCheck(client_id, token, password, callback) { function authCheck(client_id, token, password, callback) {
if (require('./checkClientRole').checkRealDB(token)) { // auth realtimedb by token if (require('./checkClientRole').checkRealDB(token)) { // auth realtimedb by token
callback(true) callback(true);
} }
else { else {
if (require('./checkClientRole').getRole(token)) callback(true) // auth client device by token if (require('./checkClientRole').getRole(token)) callback(true) // auth client device by token
else { else {
authclient.act({ role: 'auth', cmd: 'token', action: 'info', token: token }, function (err, res) { // auth client device by query from db seneca.act('cmd:getAccessTokenInfo, tokencode:'+token, function(err,res) {
if (debug) { if (!err && res) {
console.log("res ------>\n"); var token_profile = (res&&res.result&&res.result[0])?res.result[0]:{};
console.log(res); var mqttauth = {
} clientid : client_id,
token : token,
if (res && res.data) { password : password
try { };
var jdata = JSON.parse(res.data); callback( validator.auth_connect(mqttauth, token_profile) );
if (jdata && jdata.code == 200) {
callback(true);
}
else callback(false);
} catch (e) {
callback(false);
}
callback(true);
} }
else { else {
callback(false); callback(false);
} }
}); });
// authclient.act({ role: 'auth', cmd: 'token', action: 'info', token: token }, function (err, res) { // auth client device by query from db
// if (debug) {
// console.log("res ------>\n");
// console.log(res);
// }
// if (res && res.data) {
// try {
// var jdata = JSON.parse(res.data);
// if (jdata && jdata.code == 200) {
// callback(true);
// }
// else callback(false);
// } catch (e) {
// callback(false);
// }
// callback(true);
// }
// else {
// callback(false);
// }
// });
} }
} }
} }
......
authhook/auth_on_subscribe.js
...@@ -43,18 +43,21 @@ module.exports = function (options = {}) { ...@@ -43,18 +43,21 @@ module.exports = function (options = {}) {
next(); next();
} }
else { else {
var _id = require('./utils/getGroupID').getGroupID(req.body.username, req.body.client_id) var GGID = require('./utils/getGroupID');
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'sub', _id, req.body.client_id) // get topic where concat with groupID
var _topic = [{ // setTopic for response GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
'topic': _ftopic, var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'sub', group, req.body.client_id) // get topic where concat with groupID
'qos': 0 var _topic = [{ // setTopic for response
}] 'topic': _ftopic,
response = { 'qos': 0
'result': 'ok', }]
'topics': _topic response = {
} 'result': 'ok',
res.send(response); 'topics': _topic
next(); }
res.send(response);
next();
});
} }
} }
else { else {
......
authhook/on_unsubscribe.js
...@@ -16,17 +16,20 @@ function on_unsubscribe(req, res, next) { ...@@ -16,17 +16,20 @@ function on_unsubscribe(req, res, next) {
next() next()
} }
else { else {
var _id = require('./utils/getGroupID').getGroupID(token, client_id) var GGID = require('./utils/getGroupID');
if (_id) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'unsub', _id, client_id) GGID.getGroupID(token, client_id, function(group) {
response = { if (group) {
"result": "ok", var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'unsub', group, client_id)
"topics": [_ftopic] response = {
"result": "ok",
"topics": [_ftopic]
}
} }
} else response = { 'result': 'no' }
else response = { 'result': 'no' } res.send(response);
res.send(response); next()
next() });
} }
} }
module.exports.on_unsubscribe = on_unsubscribe module.exports.on_unsubscribe = on_unsubscribe
\ No newline at end of file
authhook/utils/getGroupID.js
module.exports.getGroupID = getGroupID
var config = require('config'); var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') }); var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
var getRole = require('../checkClientRole').getRole var getRole = require('../checkClientRole').getRole
async function getGroupID(token, client_id) { function getGroupID(token, client_id, callback) {
var role = getRole(token); var role = getRole(token);
if (role && role.hasOwnProperty('groupId')) { if (role && role.hasOwnProperty('groupId')) {
return role.groupId; callback(role.groupId);
} }
else { else {
var group = await doDB(client_id); doDB(client_id, function(group) {
return group; callback(group);
});
} }
} }
module.exports.getGroupID = getGroupID
function doDB(client_id) { function doDB(client_id, callback) {
return new Promise((resolve, reject) => { seneca.act('cmd:getGroupByClientid, clientid:'+client_id, function(err, res) {
seneca.act('cmd:getGroupByClientid, clientid:'+client_id, function(err, res) { if (err) callback(null);
if (err) reject(err); else callback((res && res.result &&res.result[0])?res.result[0]:null);
else resolve((res && res.result &&res.result[0])?res.result[0]:null);
});
}); });
} }
//Test
async function test() {
var g = await getGroupID('', 'aw9f0d2c-aliceclient');
console.log(g);
}
test();
\ No newline at end of file
authhook/validator.js 0 → 100644
module.exports.auth_connect = auth_connect
/*
{ _key: '1196651',
_id: 'access_token/1196651',
_rev: '_XdtTzQK--_',
"type": "v1",
"code": "f2a05d9a420e141d2d268b0c41f2af8e",
"device": "bd2w9fkc-bobclient",
"scope": [
"w:@shadow/read",
"w:@shadow/write"
],
"iat": 1537502874269,
"nbf": 1537502874269,
"exp": 1537609874269,
"for": [
{
"clientid": "bd2w9fkc-bobclient",
"verify": false
}
],
"user": "nexpie"
}
*/
function auth_connect(mqttauth, token_profile) {
var res = {
status : true
}
if (token_profile) {
if (token_profile.for) {
var found = false;
for (var i=0; i<token_profile.for.length; i++) {
if (token_profile.for[i].clientid == mqttauth.clientid) {
found = true;
break;
}
}
if (!found) return {status: false, reason: 'uneligible'};
}
if (Date.now() > token_profile.exp) return {status: false, reason: 'expired'};
if (token_profile.nbf && (Date.now() < token_profile.nbf)) return {status: false, reason: 'uneligible'};
return {status: true};
}
else return false;
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment