roles into wsscnx from sess

This commit is contained in:
STEINNI
2025-09-21 20:09:42 +00:00
parent e7dcb7290e
commit 5d223c776c
5 changed files with 26 additions and 51 deletions
+1 -1
View File
@@ -146,7 +146,7 @@ export const methods = {
if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan)) && if( (!this.accessRights.canPublish(this.userId, this.roles, payload.chan)) &&
(! this.rediscnx.redPillsUuids.includes(this.uuid)) ) { (! this.rediscnx.redPillsUuids.includes(this.uuid)) ) {
this.sendErr(action, 'Unauthorized chan !', reqid); this.sendErr(action, 'Unauthorized chan !', reqid);
if(this.debug) console.log('PUB: Unauthorized chan', payload.chan) if(this.debug) console.log('PUB: Unauthorized chan', payload.chan, this.userId, this.roles)
return return
} }
+1
View File
@@ -86,6 +86,7 @@ export const methods = {
}; };
if(!this.accessRights.canGet(this.userId, this.roles, payload.key)) { if(!this.accessRights.canGet(this.userId, this.roles, payload.key)) {
console.log('Unauth GET key:',this.userId, this.roles, payload.key)
this.sendErr(action, 'Unauthorized key !', reqid); this.sendErr(action, 'Unauthorized key !', reqid);
return return
} }
+10 -34
View File
@@ -5,17 +5,16 @@ export class WssConnexion {
constructor(options){ constructor(options){
Object.assign(this, gatewayActions) Object.assign(this, gatewayActions)
this.config = options.config
this.config = options.config; this.socket = options.socket
this.socket = options.socket; this.req = options.req
this.req = options.req; this.uuid = options.uuid
this.uuid = options.uuid; this.wssSrv = options.wssSrv
this.wssSrv = options.wssSrv; this.debug = options.debug
this.debug = options.debug; this.rediscnx = options.rediscnx
this.rediscnx = options.rediscnx; this.accessRights = options.accessRights
this.roles = [] this.userId = options.userId
this.accessRights = options.accessRights; this.roles = options.roles
this.userId = '';
this.sessionID = null // null until login this.sessionID = null // null until login
this.subscriptions = []; this.subscriptions = [];
@@ -36,29 +35,6 @@ export class WssConnexion {
if(this.debug) console.log(`Welcome to UUID ${this.uuid}`) if(this.debug) console.log(`Welcome to UUID ${this.uuid}`)
} }
async checkLogin(userInfo, otp){
if(!this.config.server.devotpToken){
let rawPayload = await this.rediscnx.redisGet(userInfo, this.config.redis.authTokenPrefix)
let payload = JSON.parse(rawPayload)
if(this.debug) console.log(`Got a token from Redis for ${userInfo} => ${JSON.stringify(payload)}`)
if((!payload) || (!payload.token) || (!payload.roles)) return(false) // Redis/sessions issues : don't crash the daemon !
this.token = payload.token
this.roles = payload.roles
this.sessionID = payload.sessionID || '!!no sessionID in the token key in Redis!!'
} else {
this.token = this.config.server.devotpToken
this.roles = ['EIC_Dev']
this.sessionID = this.config.server.devotpToken
}
let data = new TextEncoder().encode(this.token+this.challenge)
let bytesBuf = await crypto.subtle.digest("SHA-512", data)
let arrayBuf = Array.from(new Uint8Array(bytesBuf))
let goodOTP = arrayBuf.map((b) => b.toString(16).padStart(2, "0")).join("")
if(this.debug) console.log(`Checking challenge-response (token=${this.token}): ${otp} ?? ${goodOTP}`)
return(otp == goodOTP)
}
startKeepAlive() { startKeepAlive() {
if(this.config.server.keepAliveInterval>0) { if(this.config.server.keepAliveInterval>0) {
if(this.config.server.keepAliveInterval >= (1.5*this.config.server.keepAliveTimeout)) { if(this.config.server.keepAliveInterval >= (1.5*this.config.server.keepAliveTimeout)) {
+7 -15
View File
@@ -20,27 +20,19 @@
{ {
"roles": "*", "roles": "*",
"mustSubscribe": [ "system:notifs:[UID]", "onlineUsers", "system:notifs" ], "mustSubscribe": [ "system:notifs:[UID]", "onlineUsers", "system:notifs" ],
"canSubscribe": ["chat:*_*","userchans:notifs"], "canSubscribe": ["gps:*","agents:*"],
"canPublish": [ "chat:*_*", "userchans:notifs" ], "canPublish": [ ],
"canSet": [ "[UID]:userPrefs", "chat:friends", "collaborative:chalkboardUsers" ], "canSet": [ "[UID]:userPrefs" ],
"canGet": [ "[UID]:userPrefs", "chat:friends", "collaborative:chalkboardUsers" ] "canGet": [ "[UID]:userPrefs"]
}, },
{ {
"roles": ["EIC_Admin","EIC_Dev"], "roles": ["admin"],
"mustSubscribe": ["system:adminNotifs"], "mustSubscribe": ["system:adminNotifs"],
"canSubscribe": ["collaborative:*"], "canSubscribe": [ "infraNotifs:*", "gps:*","agents:*"],
"canPublish": ["system:notifs:*", "system:notifs", "infraNotifs:httpGateway", "infraNotifs:test", "collaborative:*"], "canPublish": ["gps:*", "agents:*", "system:notifs:*", "system:notifs", "infraNotifs:*"],
"canSet": ["*:userPrefs"], "canSet": ["*:userPrefs"],
"canGet": ["*:userPrefs"], "canGet": ["*:userPrefs"],
"canDo": ["getActiveUsers", "killSessions","reloadAccessRights", "getAccessRights", "getPlatformState", "setPlatformState", "redPill"] "canDo": ["getActiveUsers", "killSessions","reloadAccessRights", "getAccessRights", "getPlatformState", "setPlatformState", "redPill"]
},
{
"roles": ["EIC_Dev"],
"uuids":["steinic"],
"canPublish": [],
"canSubscribe": [],
"mustSubscribe": [],
"canDo": ["REDPILL", "BLUEPILL"]
} }
], ],
"redis":{ "redis":{
+7 -1
View File
@@ -30,7 +30,7 @@ export class wssServer {
newWSSConnexion(socket, req) { newWSSConnexion(socket, req) {
var uuid = crypto.randomUUID(); var uuid = crypto.randomUUID();
if(socket.session && socket.session.authenticated && socket.session.userInfos && socket.session.userInfos.username){ if(socket.session && socket.session.authenticated && socket.session.userInfos && socket.session.userInfos.identity && socket.session.userInfos.identity.username){
var wssCnx = new WssConnexion({ var wssCnx = new WssConnexion({
socket: socket, socket: socket,
req, req, req, req,
@@ -40,8 +40,14 @@ export class wssServer {
config: this.wssGatewayConfig, config: this.wssGatewayConfig,
rediscnx: this.REDIScnx, rediscnx: this.REDIScnx,
accessRights: this.accessRights, accessRights: this.accessRights,
userId: socket.session.userInfos.identity.uuid,
roles: socket.session.userInfos.roles,
}); });
this.AllWssConnections[uuid] = wssCnx; this.AllWssConnections[uuid] = wssCnx;
if(!(wssCnx.userId in this.Users2uuids)) this.Users2uuids[wssCnx.userId] = new Set();
this.Users2uuids[wssCnx.userId].add(uuid);
this.OnlineUsers.add(wssCnx.userId);
this.REDIScnx.wssConnections[uuid] = wssCnx;
this.postLoginActions(wssCnx) this.postLoginActions(wssCnx)
} else socket.close() } else socket.close()