2017-10-29 07:55:55 +08:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
|
|
const express = require('express');
|
|
|
|
|
const router = express.Router();
|
2017-11-03 08:48:02 +08:00
|
|
|
const options = require('../../services/options');
|
2017-10-29 10:17:00 +08:00
|
|
|
const utils = require('../../services/utils');
|
2017-10-30 02:55:48 +08:00
|
|
|
const migration = require('../../services/migration');
|
2017-11-17 10:50:00 +08:00
|
|
|
const source_id = require('../../services/source_id');
|
2017-11-10 12:25:23 +08:00
|
|
|
const auth = require('../../services/auth');
|
|
|
|
|
const password_encryption = require('../../services/password_encryption');
|
|
|
|
|
const protected_session = require('../../services/protected_session');
|
2017-10-29 07:55:55 +08:00
|
|
|
|
2017-11-10 12:25:23 +08:00
|
|
|
router.post('/sync', async (req, res, next) => {
|
2017-10-29 10:17:00 +08:00
|
|
|
const timestamp = req.body.timestamp;
|
2017-10-29 07:55:55 +08:00
|
|
|
|
2017-10-29 10:17:00 +08:00
|
|
|
const now = utils.nowTimestamp();
|
2017-10-29 07:55:55 +08:00
|
|
|
|
2017-10-29 10:17:00 +08:00
|
|
|
if (Math.abs(timestamp - now) > 5) {
|
|
|
|
|
res.status(400);
|
|
|
|
|
res.send({ message: 'Auth request time is out of sync' });
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-30 02:55:48 +08:00
|
|
|
const dbVersion = req.body.dbVersion;
|
2017-10-29 10:17:00 +08:00
|
|
|
|
|
|
|
|
if (dbVersion !== migration.APP_DB_VERSION) {
|
|
|
|
|
res.status(400);
|
|
|
|
|
res.send({ message: 'Non-matching db versions, local is version ' + migration.APP_DB_VERSION });
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-03 08:48:02 +08:00
|
|
|
const documentSecret = await options.getOption('document_secret');
|
2017-10-30 02:55:48 +08:00
|
|
|
const expectedHash = utils.hmac(documentSecret, timestamp);
|
2017-10-29 10:17:00 +08:00
|
|
|
|
|
|
|
|
const givenHash = req.body.hash;
|
|
|
|
|
|
|
|
|
|
if (expectedHash !== givenHash) {
|
|
|
|
|
res.status(400);
|
|
|
|
|
res.send({ message: "Hash doesn't match" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
req.session.loggedIn = true;
|
|
|
|
|
|
2017-11-02 11:16:21 +08:00
|
|
|
res.send({
|
2017-11-17 10:50:00 +08:00
|
|
|
sourceId: source_id.currentSourceId
|
2017-11-02 11:16:21 +08:00
|
|
|
});
|
2017-10-29 07:55:55 +08:00
|
|
|
});
|
|
|
|
|
|
2017-11-10 12:25:23 +08:00
|
|
|
// this is for entering protected mode so user has to be already logged-in (that's the reason we don't require username)
|
2017-11-11 11:55:19 +08:00
|
|
|
router.post('/protected', auth.checkApiAuth, async (req, res, next) => {
|
2017-11-10 12:25:23 +08:00
|
|
|
const password = req.body.password;
|
|
|
|
|
|
|
|
|
|
if (!await password_encryption.verifyPassword(password)) {
|
2017-11-11 11:55:19 +08:00
|
|
|
res.send({
|
2017-11-10 12:25:23 +08:00
|
|
|
success: false,
|
|
|
|
|
message: "Given current password doesn't match hash"
|
2017-11-11 11:55:19 +08:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return;
|
2017-11-10 12:25:23 +08:00
|
|
|
}
|
|
|
|
|
|
2017-11-16 12:39:50 +08:00
|
|
|
const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(password);
|
2017-11-10 12:25:23 +08:00
|
|
|
|
|
|
|
|
const protectedSessionId = protected_session.setDataKey(req, decryptedDataKey);
|
|
|
|
|
|
|
|
|
|
res.send({
|
|
|
|
|
success: true,
|
|
|
|
|
protectedSessionId: protectedSessionId
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2017-10-29 07:55:55 +08:00
|
|
|
module.exports = router;
|
