|
|
@ -36,20 +36,32 @@ exports.login = async function (username, password) {
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
|
|
* uk prefix + key ID is before _
|
|
|
|
|
|
|
|
* @param {string} key API Key
|
|
|
|
|
|
|
|
* @returns {{clear: string, index: string}} Parsed API key
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
exports.parseAPIKey = function (key) {
|
|
|
|
|
|
|
|
let index = key.substring(2, key.indexOf("_"));
|
|
|
|
|
|
|
|
let clear = key.substring(key.indexOf("_") + 1, key.length);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
|
|
|
index,
|
|
|
|
|
|
|
|
clear,
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Validate a provided API key
|
|
|
|
* Validate a provided API key
|
|
|
|
* @param {string} key API key to verify
|
|
|
|
* @param {string} key API key to verify
|
|
|
|
* @returns {boolean} API is ok?
|
|
|
|
* @returns {Promise<boolean>} API is ok?
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
async function verifyAPIKey(key) {
|
|
|
|
async function verifyAPIKey(key) {
|
|
|
|
if (typeof key !== "string") {
|
|
|
|
if (typeof key !== "string") {
|
|
|
|
return false;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// uk prefix + key ID is before _
|
|
|
|
const { index, clear } = exports.parseAPIKey(key);
|
|
|
|
let index = key.substring(2, key.indexOf("_"));
|
|
|
|
|
|
|
|
let clear = key.substring(key.indexOf("_") + 1, key.length);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
let hash = await R.findOne("api_key", " id=? ", [ index ]);
|
|
|
|
let hash = await R.findOne("api_key", " id=? ", [ index ]);
|
|
|
|
|
|
|
|
|
|
|
|
if (hash === null) {
|
|
|
|
if (hash === null) {
|
|
|
@ -65,6 +77,28 @@ async function verifyAPIKey(key) {
|
|
|
|
return hash && passwordHash.verify(clear, hash.key);
|
|
|
|
return hash && passwordHash.verify(clear, hash.key);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
|
|
* @param {string} key API key to verify
|
|
|
|
|
|
|
|
* @returns {Promise<void>}
|
|
|
|
|
|
|
|
* @throws {Error} If API key is invalid or rate limit exceeded
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
async function verifyAPIKeyWithRateLimit(key) {
|
|
|
|
|
|
|
|
const pass = await apiRateLimiter.pass(null, 0);
|
|
|
|
|
|
|
|
if (pass) {
|
|
|
|
|
|
|
|
await apiRateLimiter.removeTokens(1);
|
|
|
|
|
|
|
|
const valid = await verifyAPIKey(key);
|
|
|
|
|
|
|
|
if (!valid) {
|
|
|
|
|
|
|
|
const errMsg = "Failed API auth attempt: invalid API Key";
|
|
|
|
|
|
|
|
log.warn("api-auth", errMsg);
|
|
|
|
|
|
|
|
throw new Error(errMsg);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
const errMsg = "Failed API auth attempt: rate limit exceeded";
|
|
|
|
|
|
|
|
log.warn("api-auth", errMsg);
|
|
|
|
|
|
|
|
throw new Error(errMsg);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Callback for basic auth authorizers
|
|
|
|
* Callback for basic auth authorizers
|
|
|
|
* @callback authCallback
|
|
|
|
* @callback authCallback
|
|
|
@ -80,22 +114,10 @@ async function verifyAPIKey(key) {
|
|
|
|
* @returns {void}
|
|
|
|
* @returns {void}
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function apiAuthorizer(username, password, callback) {
|
|
|
|
function apiAuthorizer(username, password, callback) {
|
|
|
|
// API Rate Limit
|
|
|
|
verifyAPIKeyWithRateLimit(password).then(() => {
|
|
|
|
apiRateLimiter.pass(null, 0).then((pass) => {
|
|
|
|
callback(null, true);
|
|
|
|
if (pass) {
|
|
|
|
}).catch(() => {
|
|
|
|
verifyAPIKey(password).then((valid) => {
|
|
|
|
callback(null, false);
|
|
|
|
if (!valid) {
|
|
|
|
|
|
|
|
log.warn("api-auth", "Failed API auth attempt: invalid API Key");
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
callback(null, valid);
|
|
|
|
|
|
|
|
// Only allow a set number of api requests per minute
|
|
|
|
|
|
|
|
// (currently set to 60)
|
|
|
|
|
|
|
|
apiRateLimiter.removeTokens(1);
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
log.warn("api-auth", "Failed API auth attempt: rate limit exceeded");
|
|
|
|
|
|
|
|
callback(null, false);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -163,3 +185,41 @@ exports.basicAuthMiddleware = async function (req, res, next) {
|
|
|
|
});
|
|
|
|
});
|
|
|
|
middleware(req, res, next);
|
|
|
|
middleware(req, res, next);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Get the API key from the header Authorization and verify it
|
|
|
|
|
|
|
|
exports.headerAuthMiddleware = async function (req, res, next) {
|
|
|
|
|
|
|
|
const authorizationHeader = req.header("Authorization");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
let key = null;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (authorizationHeader && typeof authorizationHeader === "string") {
|
|
|
|
|
|
|
|
const arr = authorizationHeader.split(" ");
|
|
|
|
|
|
|
|
if (arr.length === 2) {
|
|
|
|
|
|
|
|
const type = arr[0];
|
|
|
|
|
|
|
|
if (type === "Bearer") {
|
|
|
|
|
|
|
|
key = arr[1];
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (key) {
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
await verifyAPIKeyWithRateLimit(key);
|
|
|
|
|
|
|
|
res.locals.apiKeyID = exports.parseAPIKey(key).index;
|
|
|
|
|
|
|
|
next();
|
|
|
|
|
|
|
|
} catch (e) {
|
|
|
|
|
|
|
|
res.status(401);
|
|
|
|
|
|
|
|
res.json({
|
|
|
|
|
|
|
|
ok: false,
|
|
|
|
|
|
|
|
msg: e.message,
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
await apiRateLimiter.removeTokens(1);
|
|
|
|
|
|
|
|
res.status(401);
|
|
|
|
|
|
|
|
res.json({
|
|
|
|
|
|
|
|
ok: false,
|
|
|
|
|
|
|
|
msg: "No API Key provided, please provide an API Key in the \"Authorization\" header",
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
};
|
|
|
|