- /** Crypto package used for hashing */
- const crypto = require('crypto');
-
-
- const configManager = require("./configManager");
-
- var users = configManager.getConfiguration().users;
-
-
- /**
- * Helper function to generate a hashed password
- * from a given plain text password.
- *
- * This uses 64 bits of entropy as the random salt
- * and uses sha256 hashing method to hash the password
- * combined with the salt.
- *
- * @param password
- * @returns {Object pass: hashedPassword, salt: salt used to hash}
- */
- const createHashedPasswordObject = function(password)
- {
- const randBuff = crypto.randomBytes(64);
-
- const salt = crypto.createHash('sha256').update(randBuff).digest('hex');
-
- const hashPass = hashPassword(password, salt);
-
- var hashPassObject = new Object();
- hashPassObject.pass = hashPass;
- hashPassObject.salt = salt;
- return hashPassObject;
- };
-
-
- const generateRandomAPIKey = function()
- {
- const randBuff = crypto.randomBytes(64);
- return crypto.createHash('sha256').update(randBuff).digest('hex');
- };
-
-
- /**
- * Hashes a pasword with a aprticular salt
- * using the crypto library
- *
- * @param password
- * @param salt
- */
- const hashPassword = function(password, salt)
- {
- return crypto.createHash('sha256')
- .update(password + salt)
- .digest('hex');
- };
-
- /**
- * Fetches the index of the user in the configuration. If the
- * user does not exists a -1 is returned.
- */
- const getIndexOfUser = function(username)
- {
- for(var i = 0; i < users.length; i++)
- {
- if (username === users[i].username)
- {
- if(username === users[i].username)
- {
- return i;
- }
- }
- }
- return -1;
- };
-
-
- module.exports =
- {
-
- isValidAPI: function(apiKey)
- {
- for(var i = 0; i < users.length; i++)
- {
- if(users[i].api === apiKey)
- {
- return true;
- }
- }
- return false;
- },
-
- isAdmin: function(username)
- {
- var index = getIndexOfUser(username);
-
- if(index !== -1)
- {
- return users[index].admin;
- }
- return false;
- },
-
-
- getID: function(username)
- {
- var index = getIndexOfUser(username);
- return users[index].id;
- },
-
-
- revokeAPI: function(username)
- {
- var index = getIndexOfUser(username);
-
- if(index !== -1)
- {
- users[index].api = generateRandomAPIKey();
- }
- console.log(users);
- configManager.getConfiguration().users = users;
- configManager.syncToDisk();
- },
-
-
- getAPIKEY: function(username)
- {
- var index = getIndexOfUser(username);
- if(index !== -1)
- return users[index].api;
- return 0;
- },
-
- /**
- * Checks to see if there was a valid login attempt
- *
- * @param username
- * @param password
- * @returns {boolean}
- */
- checkLogin: function(username, password)
- {
- const userIndex = getIndexOfUser(username);
- if(userIndex === -1)
- return false;
-
- const hashedPassword = hashPassword(password, users[userIndex].salt);
- return users[userIndex].password == hashedPassword;
- },
-
-
- /**
- * Adds a user to the configuration
- *
- * @param username
- * @param password
- * @returns {boolean}
- */
- addUser: function(username, password, admin)
- {
- const userIndex = getIndexOfUser(username);
- if(userIndex !== -1)
- return false; // user already exists
-
- var newUser = new Object();
- newUser.username = username;
- newUser.api = generateRandomAPIKey();
- if(users.length === 0)
- newUser.id = 1;
- else
- newUser.id = users[users.length -1].id + 1;
-
- const passObject = createHashedPasswordObject(password);
- newUser.salt = passObject.salt;
- newUser.password = passObject.pass;
- newUser.admin = admin;
- users.push(newUser);
-
- configManager.getConfiguration().users = users;
- configManager.syncToDisk();
- return true;
- },
-
-
- /**
- * Edits a user based on their id
- *
- * @param id
- * @param userName
- * @param password
- */
- editUser: function(id, userName, password, admin)
- {
- for(var i = 0; i < users.length; i++)
- {
- if (users[i].id + "" === id)
- {
- console.log("User account updated.");
- users[i].username = userName;
- users[i].admin = admin;
-
- var passObj = createHashedPasswordObject(password);
- users[i].salt = passObj.salt;
- users[i].password = passObj.pass;
- }
- }
- configManager.getConfiguration().users = users;
- configManager.syncToDisk();
- },
-
-
- /**
- * Removes a user account from the configuration
- * @param id
- */
- removeUser: function(id)
- {
- users = users.filter(function(value, index, arr)
- {
- return value.id + "" !== id
- });
- configManager.getConfiguration().users = users;
- configManager.syncToDisk();
- }
- };
|