|
@ -0,0 +1,150 @@ |
|
|
|
|
|
/** Crypto package used for hashing */ |
|
|
|
|
|
const crypto = require('crypto'); |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
* Helper function to generate a hashed password |
|
|
|
|
|
* from a given plain text password. |
|
|
|
|
|
* |
|
|
|
|
|
* This uses 64 bits of entropy as the random salt |
|
|
|
|
|
* and uses sha256 hashing method to hash the password |
|
|
|
|
|
* combined with the salt. |
|
|
|
|
|
* |
|
|
|
|
|
* @param password |
|
|
|
|
|
* @returns {Object pass: hashedPassword, salt: salt used to hash} |
|
|
|
|
|
*/ |
|
|
|
|
|
const createHashedPasswordObject = function(password) |
|
|
|
|
|
{ |
|
|
|
|
|
const randBuff = crypto.randomBytes(64); |
|
|
|
|
|
|
|
|
|
|
|
const salt = crypto.createHash('sha256').update(randBuff).digest('hex'); |
|
|
|
|
|
|
|
|
|
|
|
const hashPass = hashPassword(password, salt); |
|
|
|
|
|
|
|
|
|
|
|
var hashPassObject = new Object(); |
|
|
|
|
|
hashPassObject.pass = hashPass; |
|
|
|
|
|
hashPassObject.salt = salt; |
|
|
|
|
|
return hashPassObject; |
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
* Hashes a pasword with a aprticular salt |
|
|
|
|
|
* using the crypto library |
|
|
|
|
|
* |
|
|
|
|
|
* @param password |
|
|
|
|
|
* @param salt |
|
|
|
|
|
*/ |
|
|
|
|
|
const hashPassword = function(password, salt) |
|
|
|
|
|
{ |
|
|
|
|
|
return crypto.createHash('sha256') |
|
|
|
|
|
.update(password + salt) |
|
|
|
|
|
.digest('hex'); |
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
* Fetches the index of the user in the configuration. If the |
|
|
|
|
|
* user does not exists a -1 is returned. |
|
|
|
|
|
*/ |
|
|
|
|
|
const getIndexOfUser = function(username, configuration) |
|
|
|
|
|
{ |
|
|
|
|
|
for(var i = 0; i < configuration.users.length; i++) |
|
|
|
|
|
{ |
|
|
|
|
|
if (username === configuration.users[i].username) |
|
|
|
|
|
{ |
|
|
|
|
|
if(username === configuration.users[i].username) |
|
|
|
|
|
{ |
|
|
|
|
|
return i; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
return -1; |
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
module.exports = |
|
|
|
|
|
{ |
|
|
|
|
|
/** |
|
|
|
|
|
* Checks to see if there was a valid login attempt |
|
|
|
|
|
* |
|
|
|
|
|
* @param username |
|
|
|
|
|
* @param password |
|
|
|
|
|
* @param configuration |
|
|
|
|
|
* @returns {boolean} |
|
|
|
|
|
*/ |
|
|
|
|
|
checkLogin: function(username, password, configuration) |
|
|
|
|
|
{ |
|
|
|
|
|
const userIndex = getIndexOfUser(username, configuration); |
|
|
|
|
|
if(userIndex === -1) |
|
|
|
|
|
return false; |
|
|
|
|
|
|
|
|
|
|
|
const hashedPassword = hashPassword(password, configuration.users[userIndex].salt); |
|
|
|
|
|
return configuration.users[userIndex].password == hashedPassword; |
|
|
|
|
|
}, |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
* Adds a user to the configuration |
|
|
|
|
|
* |
|
|
|
|
|
* @param username |
|
|
|
|
|
* @param password |
|
|
|
|
|
* @param configuration |
|
|
|
|
|
* @returns {boolean} |
|
|
|
|
|
*/ |
|
|
|
|
|
addUser: function(username, password, configuration) |
|
|
|
|
|
{ |
|
|
|
|
|
const userIndex = getIndexOfUser(username, configuration); |
|
|
|
|
|
if(userIndex !== -1) |
|
|
|
|
|
return false; // user already exists
|
|
|
|
|
|
|
|
|
|
|
|
var newUser = new Object(); |
|
|
|
|
|
newUser.username = username; |
|
|
|
|
|
|
|
|
|
|
|
if(configuration.users.length === 0) |
|
|
|
|
|
newUser.id = 1; |
|
|
|
|
|
else |
|
|
|
|
|
newUser.id = configuration.users[configuration.users.length -1].id + 1; |
|
|
|
|
|
|
|
|
|
|
|
const passObject = createHashedPasswordObject(password); |
|
|
|
|
|
newUser.salt = passObject.salt; |
|
|
|
|
|
newUser.password = passObject.pass; |
|
|
|
|
|
|
|
|
|
|
|
configuration.push(newUser); |
|
|
|
|
|
|
|
|
|
|
|
return true; |
|
|
|
|
|
}, |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
* Edits a user based on their id |
|
|
|
|
|
* |
|
|
|
|
|
* @param id |
|
|
|
|
|
* @param userName |
|
|
|
|
|
* @param password |
|
|
|
|
|
* @param configuration |
|
|
|
|
|
*/ |
|
|
|
|
|
editUser: function(id, userName, password, configuration) |
|
|
|
|
|
{ |
|
|
|
|
|
for(var i = 0; i < configuration.users.length; i++) |
|
|
|
|
|
{ |
|
|
|
|
|
if (configuration.users[i].id + "" === id) |
|
|
|
|
|
{ |
|
|
|
|
|
configuration.users[i].username = userName; |
|
|
|
|
|
|
|
|
|
|
|
var passObj = createHashedPasswordObject(password); |
|
|
|
|
|
configuration.users[i].salt = passObj.salt; |
|
|
|
|
|
configuration.users[i].password = passObj.pass; |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
}, |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
* Removes a user account from the configuration |
|
|
|
|
|
* @param id |
|
|
|
|
|
* @param configuration |
|
|
|
|
|
*/ |
|
|
|
|
|
removeUser: function(id, configuration) |
|
|
|
|
|
{ |
|
|
|
|
|
configuration.users = configuration.users.filter(function(value, index, arr) |
|
|
|
|
|
{ |
|
|
|
|
|
return value.id + "" !== id |
|
|
|
|
|
}); |
|
|
|
|
|
} |
|
|
|
|
|
}; |