Commit 8a325e19 by Chavee Issariyapat

add token validator

parent ce94a13d
...@@ -39,9 +39,12 @@ module.exports = function (options = {}) { ...@@ -39,9 +39,12 @@ module.exports = function (options = {}) {
next(); next();
} }
else { else {
var GGID = require('./utils/getGroupID');
var output = {}; var output = {};
var _id = require('./utils/getGroupID').getGroupID(req.body.username, req.body.client_id) GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'pub', _id, req.body.client_id, output); // get topic where concat with groupID
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'pub', group, req.body.client_id, output); // get topic where concat with groupID
response = { response = {
'result': 'ok', 'result': 'ok',
'modifiers': { 'modifiers': {
...@@ -55,6 +58,8 @@ module.exports = function (options = {}) { ...@@ -55,6 +58,8 @@ module.exports = function (options = {}) {
} }
res.send(response); res.send(response);
next(); next();
});
} }
} }
else { else {
......
var validator = require('./validator');
var config = require('config'); var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
// https://github.com/isaacs/node-lru-cache // https://github.com/isaacs/node-lru-cache
var LRU = require("lru-cache"), var LRU = require("lru-cache"),
...@@ -8,39 +11,56 @@ var LRU = require("lru-cache"), ...@@ -8,39 +11,56 @@ var LRU = require("lru-cache"),
}); });
var debug = false; var debug = false;
var authclient = require('seneca')({ log: 'silent' }) // var authclient = require('seneca')({ log: 'silent' })
.client({ port: config.get('authserv_port'), host: config.get('authserv_host') }); // .client({ port: config.get('authserv_port'), host: config.get('authserv_host') });
function authCheck(client_id, token, password, callback) { function authCheck(client_id, token, password, callback) {
if (require('./checkClientRole').checkRealDB(token)) { // auth realtimedb by token if (require('./checkClientRole').checkRealDB(token)) { // auth realtimedb by token
callback(true) callback(true);
} }
else { else {
if (require('./checkClientRole').getRole(token)) callback(true) // auth client device by token if (require('./checkClientRole').getRole(token)) callback(true) // auth client device by token
else { else {
authclient.act({ role: 'auth', cmd: 'token', action: 'info', token: token }, function (err, res) { // auth client device by query from db seneca.act('cmd:getAccessTokenInfo, tokencode:'+token, function(err,res) {
if (debug) { if (!err && res) {
console.log("res ------>\n"); var token_profile = (res&&res.result&&res.result[0])?res.result[0]:{};
console.log(res); var mqttauth = {
} clientid : client_id,
token : token,
if (res && res.data) { password : password
try { };
var jdata = JSON.parse(res.data); callback( validator.auth_connect(mqttauth, token_profile) );
if (jdata && jdata.code == 200) {
callback(true);
}
else callback(false);
} catch (e) {
callback(false);
}
callback(true);
} }
else { else {
callback(false); callback(false);
} }
}); });
// authclient.act({ role: 'auth', cmd: 'token', action: 'info', token: token }, function (err, res) { // auth client device by query from db
// if (debug) {
// console.log("res ------>\n");
// console.log(res);
// }
// if (res && res.data) {
// try {
// var jdata = JSON.parse(res.data);
// if (jdata && jdata.code == 200) {
// callback(true);
// }
// else callback(false);
// } catch (e) {
// callback(false);
// }
// callback(true);
// }
// else {
// callback(false);
// }
// });
} }
} }
} }
......
...@@ -43,8 +43,10 @@ module.exports = function (options = {}) { ...@@ -43,8 +43,10 @@ module.exports = function (options = {}) {
next(); next();
} }
else { else {
var _id = require('./utils/getGroupID').getGroupID(req.body.username, req.body.client_id) var GGID = require('./utils/getGroupID');
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'sub', _id, req.body.client_id) // get topic where concat with groupID
GGID.getGroupID(req.body.username, req.body.client_id, function(group) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'sub', group, req.body.client_id) // get topic where concat with groupID
var _topic = [{ // setTopic for response var _topic = [{ // setTopic for response
'topic': _ftopic, 'topic': _ftopic,
'qos': 0 'qos': 0
...@@ -55,6 +57,7 @@ module.exports = function (options = {}) { ...@@ -55,6 +57,7 @@ module.exports = function (options = {}) {
} }
res.send(response); res.send(response);
next(); next();
});
} }
} }
else { else {
......
...@@ -16,9 +16,11 @@ function on_unsubscribe(req, res, next) { ...@@ -16,9 +16,11 @@ function on_unsubscribe(req, res, next) {
next() next()
} }
else { else {
var _id = require('./utils/getGroupID').getGroupID(token, client_id) var GGID = require('./utils/getGroupID');
if (_id) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'unsub', _id, client_id) GGID.getGroupID(token, client_id, function(group) {
if (group) {
var _ftopic = require('./utils/getTopic').rewriteTopic(topic, 'unsub', group, client_id)
response = { response = {
"result": "ok", "result": "ok",
"topics": [_ftopic] "topics": [_ftopic]
...@@ -27,6 +29,7 @@ function on_unsubscribe(req, res, next) { ...@@ -27,6 +29,7 @@ function on_unsubscribe(req, res, next) {
else response = { 'result': 'no' } else response = { 'result': 'no' }
res.send(response); res.send(response);
next() next()
});
} }
} }
module.exports.on_unsubscribe = on_unsubscribe module.exports.on_unsubscribe = on_unsubscribe
\ No newline at end of file
module.exports.getGroupID = getGroupID
var config = require('config'); var config = require('config');
var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') }); var seneca = require('seneca')({log: 'silent'}).client({ port: config.get('device_registry_port'), host: config.get('device_registry_host') });
var getRole = require('../checkClientRole').getRole var getRole = require('../checkClientRole').getRole
async function getGroupID(token, client_id) { function getGroupID(token, client_id, callback) {
var role = getRole(token); var role = getRole(token);
if (role && role.hasOwnProperty('groupId')) { if (role && role.hasOwnProperty('groupId')) {
return role.groupId; callback(role.groupId);
} }
else { else {
var group = await doDB(client_id); doDB(client_id, function(group) {
return group; callback(group);
});
} }
} }
module.exports.getGroupID = getGroupID
function doDB(client_id) { function doDB(client_id, callback) {
return new Promise((resolve, reject) => {
seneca.act('cmd:getGroupByClientid, clientid:'+client_id, function(err, res) { seneca.act('cmd:getGroupByClientid, clientid:'+client_id, function(err, res) {
if (err) reject(err); if (err) callback(null);
else resolve((res && res.result &&res.result[0])?res.result[0]:null); else callback((res && res.result &&res.result[0])?res.result[0]:null);
}); });
});
}
//Test
async function test() {
var g = await getGroupID('', 'aw9f0d2c-aliceclient');
console.log(g);
} }
test();
\ No newline at end of file
module.exports.auth_connect = auth_connect
/*
{ _key: '1196651',
_id: 'access_token/1196651',
_rev: '_XdtTzQK--_',
"type": "v1",
"code": "f2a05d9a420e141d2d268b0c41f2af8e",
"device": "bd2w9fkc-bobclient",
"scope": [
"w:@shadow/read",
"w:@shadow/write"
],
"iat": 1537502874269,
"nbf": 1537502874269,
"exp": 1537609874269,
"for": [
{
"clientid": "bd2w9fkc-bobclient",
"verify": false
}
],
"user": "nexpie"
}
*/
function auth_connect(mqttauth, token_profile) {
var res = {
status : true
}
if (token_profile) {
if (token_profile.for) {
var found = false;
for (var i=0; i<token_profile.for.length; i++) {
if (token_profile.for[i].clientid == mqttauth.clientid) {
found = true;
break;
}
}
if (!found) return {status: false, reason: 'uneligible'};
}
if (Date.now() > token_profile.exp) return {status: false, reason: 'expired'};
if (token_profile.nbf && (Date.now() < token_profile.nbf)) return {status: false, reason: 'uneligible'};
return {status: true};
}
else return false;
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment