/** Crypto package used for hashing */
|
|
const crypto = require('crypto');
|
|
|
|
/**
|
|
* Helper function to generate a hashed password
|
|
* from a given plain text password.
|
|
*
|
|
* This uses 64 bits of entropy as the random salt
|
|
* and uses sha256 hashing method to hash the password
|
|
* combined with the salt.
|
|
*
|
|
* @param password
|
|
* @returns {Object pass: hashedPassword, salt: salt used to hash}
|
|
*/
|
|
const createHashedPasswordObject = function(password)
|
|
{
|
|
const randBuff = crypto.randomBytes(64);
|
|
|
|
const salt = crypto.createHash('sha256').update(randBuff).digest('hex');
|
|
|
|
const hashPass = hashPassword(password, salt);
|
|
|
|
var hashPassObject = new Object();
|
|
hashPassObject.pass = hashPass;
|
|
hashPassObject.salt = salt;
|
|
return hashPassObject;
|
|
};
|
|
|
|
|
|
/**
|
|
* Hashes a pasword with a aprticular salt
|
|
* using the crypto library
|
|
*
|
|
* @param password
|
|
* @param salt
|
|
*/
|
|
const hashPassword = function(password, salt)
|
|
{
|
|
return crypto.createHash('sha256')
|
|
.update(password + salt)
|
|
.digest('hex');
|
|
};
|
|
|
|
/**
|
|
* Fetches the index of the user in the configuration. If the
|
|
* user does not exists a -1 is returned.
|
|
*/
|
|
const getIndexOfUser = function(username, configuration)
|
|
{
|
|
for(var i = 0; i < configuration.users.length; i++)
|
|
{
|
|
if (username === configuration.users[i].username)
|
|
{
|
|
if(username === configuration.users[i].username)
|
|
{
|
|
return i;
|
|
}
|
|
}
|
|
}
|
|
return -1;
|
|
};
|
|
|
|
|
|
module.exports =
|
|
{
|
|
/**
|
|
* Checks to see if there was a valid login attempt
|
|
*
|
|
* @param username
|
|
* @param password
|
|
* @param configuration
|
|
* @returns {boolean}
|
|
*/
|
|
checkLogin: function(username, password, configuration)
|
|
{
|
|
const userIndex = getIndexOfUser(username, configuration);
|
|
if(userIndex === -1)
|
|
return false;
|
|
|
|
const hashedPassword = hashPassword(password, configuration.users[userIndex].salt);
|
|
return configuration.users[userIndex].password == hashedPassword;
|
|
},
|
|
|
|
/**
|
|
* Adds a user to the configuration
|
|
*
|
|
* @param username
|
|
* @param password
|
|
* @param configuration
|
|
* @returns {boolean}
|
|
*/
|
|
addUser: function(username, password, configuration)
|
|
{
|
|
const userIndex = getIndexOfUser(username, configuration);
|
|
if(userIndex !== -1)
|
|
return false; // user already exists
|
|
|
|
var newUser = new Object();
|
|
newUser.username = username;
|
|
|
|
if(configuration.users.length === 0)
|
|
newUser.id = 1;
|
|
else
|
|
newUser.id = configuration.users[configuration.users.length -1].id + 1;
|
|
|
|
const passObject = createHashedPasswordObject(password);
|
|
newUser.salt = passObject.salt;
|
|
newUser.password = passObject.pass;
|
|
|
|
configuration.users.push(newUser);
|
|
|
|
return true;
|
|
},
|
|
|
|
/**
|
|
* Edits a user based on their id
|
|
*
|
|
* @param id
|
|
* @param userName
|
|
* @param password
|
|
* @param configuration
|
|
*/
|
|
editUser: function(id, userName, password, configuration)
|
|
{
|
|
for(var i = 0; i < configuration.users.length; i++)
|
|
{
|
|
if (configuration.users[i].id + "" === id)
|
|
{
|
|
configuration.users[i].username = userName;
|
|
|
|
var passObj = createHashedPasswordObject(password);
|
|
configuration.users[i].salt = passObj.salt;
|
|
configuration.users[i].password = passObj.pass;
|
|
}
|
|
}
|
|
},
|
|
|
|
/**
|
|
* Removes a user account from the configuration
|
|
* @param id
|
|
* @param configuration
|
|
*/
|
|
removeUser: function(id, configuration)
|
|
{
|
|
configuration.users = configuration.users.filter(function(value, index, arr)
|
|
{
|
|
return value.id + "" !== id
|
|
});
|
|
}
|
|
};
|