roles into wsscnx from sess
This commit is contained in:
+1
-1
@@ -146,7 +146,7 @@ export const methods = {
|
||||
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan)) &&
|
||||
(! this.rediscnx.redPillsUuids.includes(this.uuid)) ) {
|
||||
this.sendErr(action, 'Unauthorized chan !', reqid);
|
||||
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan)
|
||||
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan, this.userId, this.roles)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -86,6 +86,7 @@ export const methods = {
|
||||
};
|
||||
|
||||
if(!this.accessRights.canGet(this.userId, this.roles, payload.key)) {
|
||||
console.log('Unauth GET key:',this.userId, this.roles, payload.key)
|
||||
this.sendErr(action, 'Unauthorized key !', reqid);
|
||||
return
|
||||
}
|
||||
|
||||
+10
-34
@@ -5,17 +5,16 @@ export class WssConnexion {
|
||||
|
||||
constructor(options){
|
||||
Object.assign(this, gatewayActions)
|
||||
|
||||
this.config = options.config;
|
||||
this.socket = options.socket;
|
||||
this.req = options.req;
|
||||
this.uuid = options.uuid;
|
||||
this.wssSrv = options.wssSrv;
|
||||
this.debug = options.debug;
|
||||
this.rediscnx = options.rediscnx;
|
||||
this.roles = []
|
||||
this.accessRights = options.accessRights;
|
||||
this.userId = '';
|
||||
this.config = options.config
|
||||
this.socket = options.socket
|
||||
this.req = options.req
|
||||
this.uuid = options.uuid
|
||||
this.wssSrv = options.wssSrv
|
||||
this.debug = options.debug
|
||||
this.rediscnx = options.rediscnx
|
||||
this.accessRights = options.accessRights
|
||||
this.userId = options.userId
|
||||
this.roles = options.roles
|
||||
this.sessionID = null // null until login
|
||||
|
||||
this.subscriptions = [];
|
||||
@@ -36,29 +35,6 @@ export class WssConnexion {
|
||||
if(this.debug) console.log(`Welcome to UUID ${this.uuid}`)
|
||||
}
|
||||
|
||||
async checkLogin(userInfo, otp){
|
||||
if(!this.config.server.devotpToken){
|
||||
let rawPayload = await this.rediscnx.redisGet(userInfo, this.config.redis.authTokenPrefix)
|
||||
let payload = JSON.parse(rawPayload)
|
||||
if(this.debug) console.log(`Got a token from Redis for ${userInfo} => ${JSON.stringify(payload)}`)
|
||||
if((!payload) || (!payload.token) || (!payload.roles)) return(false) // Redis/sessions issues : don't crash the daemon !
|
||||
this.token = payload.token
|
||||
this.roles = payload.roles
|
||||
this.sessionID = payload.sessionID || '!!no sessionID in the token key in Redis!!'
|
||||
} else {
|
||||
this.token = this.config.server.devotpToken
|
||||
this.roles = ['EIC_Dev']
|
||||
this.sessionID = this.config.server.devotpToken
|
||||
}
|
||||
|
||||
let data = new TextEncoder().encode(this.token+this.challenge)
|
||||
let bytesBuf = await crypto.subtle.digest("SHA-512", data)
|
||||
let arrayBuf = Array.from(new Uint8Array(bytesBuf))
|
||||
let goodOTP = arrayBuf.map((b) => b.toString(16).padStart(2, "0")).join("")
|
||||
if(this.debug) console.log(`Checking challenge-response (token=${this.token}): ${otp} ?? ${goodOTP}`)
|
||||
return(otp == goodOTP)
|
||||
}
|
||||
|
||||
startKeepAlive() {
|
||||
if(this.config.server.keepAliveInterval>0) {
|
||||
if(this.config.server.keepAliveInterval >= (1.5*this.config.server.keepAliveTimeout)) {
|
||||
|
||||
+7
-15
@@ -20,27 +20,19 @@
|
||||
{
|
||||
"roles": "*",
|
||||
"mustSubscribe": [ "system:notifs:[UID]", "onlineUsers", "system:notifs" ],
|
||||
"canSubscribe": ["chat:*_*","userchans:notifs"],
|
||||
"canPublish": [ "chat:*_*", "userchans:notifs" ],
|
||||
"canSet": [ "[UID]:userPrefs", "chat:friends", "collaborative:chalkboardUsers" ],
|
||||
"canGet": [ "[UID]:userPrefs", "chat:friends", "collaborative:chalkboardUsers" ]
|
||||
"canSubscribe": ["gps:*","agents:*"],
|
||||
"canPublish": [ ],
|
||||
"canSet": [ "[UID]:userPrefs" ],
|
||||
"canGet": [ "[UID]:userPrefs"]
|
||||
},
|
||||
{
|
||||
"roles": ["EIC_Admin","EIC_Dev"],
|
||||
"roles": ["admin"],
|
||||
"mustSubscribe": ["system:adminNotifs"],
|
||||
"canSubscribe": ["collaborative:*"],
|
||||
"canPublish": ["system:notifs:*", "system:notifs", "infraNotifs:httpGateway", "infraNotifs:test", "collaborative:*"],
|
||||
"canSubscribe": [ "infraNotifs:*", "gps:*","agents:*"],
|
||||
"canPublish": ["gps:*", "agents:*", "system:notifs:*", "system:notifs", "infraNotifs:*"],
|
||||
"canSet": ["*:userPrefs"],
|
||||
"canGet": ["*:userPrefs"],
|
||||
"canDo": ["getActiveUsers", "killSessions","reloadAccessRights", "getAccessRights", "getPlatformState", "setPlatformState", "redPill"]
|
||||
},
|
||||
{
|
||||
"roles": ["EIC_Dev"],
|
||||
"uuids":["steinic"],
|
||||
"canPublish": [],
|
||||
"canSubscribe": [],
|
||||
"mustSubscribe": [],
|
||||
"canDo": ["REDPILL", "BLUEPILL"]
|
||||
}
|
||||
],
|
||||
"redis":{
|
||||
|
||||
+7
-1
@@ -30,7 +30,7 @@ export class wssServer {
|
||||
|
||||
newWSSConnexion(socket, req) {
|
||||
var uuid = crypto.randomUUID();
|
||||
if(socket.session && socket.session.authenticated && socket.session.userInfos && socket.session.userInfos.username){
|
||||
if(socket.session && socket.session.authenticated && socket.session.userInfos && socket.session.userInfos.identity && socket.session.userInfos.identity.username){
|
||||
var wssCnx = new WssConnexion({
|
||||
socket: socket,
|
||||
req, req,
|
||||
@@ -40,8 +40,14 @@ export class wssServer {
|
||||
config: this.wssGatewayConfig,
|
||||
rediscnx: this.REDIScnx,
|
||||
accessRights: this.accessRights,
|
||||
userId: socket.session.userInfos.identity.uuid,
|
||||
roles: socket.session.userInfos.roles,
|
||||
});
|
||||
this.AllWssConnections[uuid] = wssCnx;
|
||||
if(!(wssCnx.userId in this.Users2uuids)) this.Users2uuids[wssCnx.userId] = new Set();
|
||||
this.Users2uuids[wssCnx.userId].add(uuid);
|
||||
this.OnlineUsers.add(wssCnx.userId);
|
||||
this.REDIScnx.wssConnections[uuid] = wssCnx;
|
||||
this.postLoginActions(wssCnx)
|
||||
} else socket.close()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user