roles into wsscnx from sess
This commit is contained in:
+1
-1
@@ -146,7 +146,7 @@ export const methods = {
|
|||||||
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan)) &&
|
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan)) &&
|
||||||
(! this.rediscnx.redPillsUuids.includes(this.uuid)) ) {
|
(! this.rediscnx.redPillsUuids.includes(this.uuid)) ) {
|
||||||
this.sendErr(action, 'Unauthorized chan !', reqid);
|
this.sendErr(action, 'Unauthorized chan !', reqid);
|
||||||
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan)
|
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan, this.userId, this.roles)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -86,6 +86,7 @@ export const methods = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
if(!this.accessRights.canGet(this.userId, this.roles, payload.key)) {
|
if(!this.accessRights.canGet(this.userId, this.roles, payload.key)) {
|
||||||
|
console.log('Unauth GET key:',this.userId, this.roles, payload.key)
|
||||||
this.sendErr(action, 'Unauthorized key !', reqid);
|
this.sendErr(action, 'Unauthorized key !', reqid);
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
+10
-34
@@ -5,17 +5,16 @@ export class WssConnexion {
|
|||||||
|
|
||||||
constructor(options){
|
constructor(options){
|
||||||
Object.assign(this, gatewayActions)
|
Object.assign(this, gatewayActions)
|
||||||
|
this.config = options.config
|
||||||
this.config = options.config;
|
this.socket = options.socket
|
||||||
this.socket = options.socket;
|
this.req = options.req
|
||||||
this.req = options.req;
|
this.uuid = options.uuid
|
||||||
this.uuid = options.uuid;
|
this.wssSrv = options.wssSrv
|
||||||
this.wssSrv = options.wssSrv;
|
this.debug = options.debug
|
||||||
this.debug = options.debug;
|
this.rediscnx = options.rediscnx
|
||||||
this.rediscnx = options.rediscnx;
|
this.accessRights = options.accessRights
|
||||||
this.roles = []
|
this.userId = options.userId
|
||||||
this.accessRights = options.accessRights;
|
this.roles = options.roles
|
||||||
this.userId = '';
|
|
||||||
this.sessionID = null // null until login
|
this.sessionID = null // null until login
|
||||||
|
|
||||||
this.subscriptions = [];
|
this.subscriptions = [];
|
||||||
@@ -36,29 +35,6 @@ export class WssConnexion {
|
|||||||
if(this.debug) console.log(`Welcome to UUID ${this.uuid}`)
|
if(this.debug) console.log(`Welcome to UUID ${this.uuid}`)
|
||||||
}
|
}
|
||||||
|
|
||||||
async checkLogin(userInfo, otp){
|
|
||||||
if(!this.config.server.devotpToken){
|
|
||||||
let rawPayload = await this.rediscnx.redisGet(userInfo, this.config.redis.authTokenPrefix)
|
|
||||||
let payload = JSON.parse(rawPayload)
|
|
||||||
if(this.debug) console.log(`Got a token from Redis for ${userInfo} => ${JSON.stringify(payload)}`)
|
|
||||||
if((!payload) || (!payload.token) || (!payload.roles)) return(false) // Redis/sessions issues : don't crash the daemon !
|
|
||||||
this.token = payload.token
|
|
||||||
this.roles = payload.roles
|
|
||||||
this.sessionID = payload.sessionID || '!!no sessionID in the token key in Redis!!'
|
|
||||||
} else {
|
|
||||||
this.token = this.config.server.devotpToken
|
|
||||||
this.roles = ['EIC_Dev']
|
|
||||||
this.sessionID = this.config.server.devotpToken
|
|
||||||
}
|
|
||||||
|
|
||||||
let data = new TextEncoder().encode(this.token+this.challenge)
|
|
||||||
let bytesBuf = await crypto.subtle.digest("SHA-512", data)
|
|
||||||
let arrayBuf = Array.from(new Uint8Array(bytesBuf))
|
|
||||||
let goodOTP = arrayBuf.map((b) => b.toString(16).padStart(2, "0")).join("")
|
|
||||||
if(this.debug) console.log(`Checking challenge-response (token=${this.token}): ${otp} ?? ${goodOTP}`)
|
|
||||||
return(otp == goodOTP)
|
|
||||||
}
|
|
||||||
|
|
||||||
startKeepAlive() {
|
startKeepAlive() {
|
||||||
if(this.config.server.keepAliveInterval>0) {
|
if(this.config.server.keepAliveInterval>0) {
|
||||||
if(this.config.server.keepAliveInterval >= (1.5*this.config.server.keepAliveTimeout)) {
|
if(this.config.server.keepAliveInterval >= (1.5*this.config.server.keepAliveTimeout)) {
|
||||||
|
|||||||
+7
-15
@@ -20,27 +20,19 @@
|
|||||||
{
|
{
|
||||||
"roles": "*",
|
"roles": "*",
|
||||||
"mustSubscribe": [ "system:notifs:[UID]", "onlineUsers", "system:notifs" ],
|
"mustSubscribe": [ "system:notifs:[UID]", "onlineUsers", "system:notifs" ],
|
||||||
"canSubscribe": ["chat:*_*","userchans:notifs"],
|
"canSubscribe": ["gps:*","agents:*"],
|
||||||
"canPublish": [ "chat:*_*", "userchans:notifs" ],
|
"canPublish": [ ],
|
||||||
"canSet": [ "[UID]:userPrefs", "chat:friends", "collaborative:chalkboardUsers" ],
|
"canSet": [ "[UID]:userPrefs" ],
|
||||||
"canGet": [ "[UID]:userPrefs", "chat:friends", "collaborative:chalkboardUsers" ]
|
"canGet": [ "[UID]:userPrefs"]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"roles": ["EIC_Admin","EIC_Dev"],
|
"roles": ["admin"],
|
||||||
"mustSubscribe": ["system:adminNotifs"],
|
"mustSubscribe": ["system:adminNotifs"],
|
||||||
"canSubscribe": ["collaborative:*"],
|
"canSubscribe": [ "infraNotifs:*", "gps:*","agents:*"],
|
||||||
"canPublish": ["system:notifs:*", "system:notifs", "infraNotifs:httpGateway", "infraNotifs:test", "collaborative:*"],
|
"canPublish": ["gps:*", "agents:*", "system:notifs:*", "system:notifs", "infraNotifs:*"],
|
||||||
"canSet": ["*:userPrefs"],
|
"canSet": ["*:userPrefs"],
|
||||||
"canGet": ["*:userPrefs"],
|
"canGet": ["*:userPrefs"],
|
||||||
"canDo": ["getActiveUsers", "killSessions","reloadAccessRights", "getAccessRights", "getPlatformState", "setPlatformState", "redPill"]
|
"canDo": ["getActiveUsers", "killSessions","reloadAccessRights", "getAccessRights", "getPlatformState", "setPlatformState", "redPill"]
|
||||||
},
|
|
||||||
{
|
|
||||||
"roles": ["EIC_Dev"],
|
|
||||||
"uuids":["steinic"],
|
|
||||||
"canPublish": [],
|
|
||||||
"canSubscribe": [],
|
|
||||||
"mustSubscribe": [],
|
|
||||||
"canDo": ["REDPILL", "BLUEPILL"]
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"redis":{
|
"redis":{
|
||||||
|
|||||||
+7
-1
@@ -30,7 +30,7 @@ export class wssServer {
|
|||||||
|
|
||||||
newWSSConnexion(socket, req) {
|
newWSSConnexion(socket, req) {
|
||||||
var uuid = crypto.randomUUID();
|
var uuid = crypto.randomUUID();
|
||||||
if(socket.session && socket.session.authenticated && socket.session.userInfos && socket.session.userInfos.username){
|
if(socket.session && socket.session.authenticated && socket.session.userInfos && socket.session.userInfos.identity && socket.session.userInfos.identity.username){
|
||||||
var wssCnx = new WssConnexion({
|
var wssCnx = new WssConnexion({
|
||||||
socket: socket,
|
socket: socket,
|
||||||
req, req,
|
req, req,
|
||||||
@@ -40,8 +40,14 @@ export class wssServer {
|
|||||||
config: this.wssGatewayConfig,
|
config: this.wssGatewayConfig,
|
||||||
rediscnx: this.REDIScnx,
|
rediscnx: this.REDIScnx,
|
||||||
accessRights: this.accessRights,
|
accessRights: this.accessRights,
|
||||||
|
userId: socket.session.userInfos.identity.uuid,
|
||||||
|
roles: socket.session.userInfos.roles,
|
||||||
});
|
});
|
||||||
this.AllWssConnections[uuid] = wssCnx;
|
this.AllWssConnections[uuid] = wssCnx;
|
||||||
|
if(!(wssCnx.userId in this.Users2uuids)) this.Users2uuids[wssCnx.userId] = new Set();
|
||||||
|
this.Users2uuids[wssCnx.userId].add(uuid);
|
||||||
|
this.OnlineUsers.add(wssCnx.userId);
|
||||||
|
this.REDIScnx.wssConnections[uuid] = wssCnx;
|
||||||
this.postLoginActions(wssCnx)
|
this.postLoginActions(wssCnx)
|
||||||
} else socket.close()
|
} else socket.close()
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user