root
/
telebit-relay.js
mirror of https://git.coolaj86.com/coolaj86/telebit-relay.js.git
2
0
Fork 0
Code Issues Releases Wiki Activity

grant pre-authorized tokens, duh

This commit is contained in:
AJ ONeal 2018-06-29 21:39:49 +00:00
parent 021629ea68
commit 5deefa9832
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/extensions/index.js
View File

@ -234,14 +234,20 @@ module.exports.pairPin = function (opts) {
// From a WS connection // From a WS connection
module.exports.authHelper = function (meta) { module.exports.authHelper = function (meta) {
console.log('[authHelper] 1');
var state = meta.state; var state = meta.state;
console.log('[authHelper] 2');
return state.Promise.resolve().then(function () { return state.Promise.resolve().then(function () {
console.log('[authHelper] 3');
var auth = meta.session; var auth = meta.session;
if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) { console.log('[authHelper] 4', auth);
if (!auth || 'string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
console.log('[authHelper] 5');
console.error("[SANITY FAIL] should not complete auth without authz data and access_token"); console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
console.error(auth); console.error(auth);
return; return;
} }
console.log("[authHelper] passing authzData right along", auth.authzData);
return auth.authzData; return auth.authzData;
}); });
}; };
@ -311,22 +317,21 @@ module.exports.authenticate = function (opts) {
console.log("[wss.ext.authenticate] [Error] could not parse token"); console.log("[wss.ext.authenticate] [Error] could not parse token");
decoded = null; decoded = null;
} }
console.log("[wss.ext.authenticate] incoming token decoded:"); console.log("[wss.ext.authenticate] incoming token decoded:");
console.log(decoded); console.log(decoded);
if (!auth) { if (!auth) {
console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)"); console.log("[wss.ext.authenticate] no session / auth handshake. Pass to default auth");
return state.defaults.authenticate(opts.auth);
} }
// TODO technically this could leak the token through a timing attack // TODO technically this could leak the token through a timing attack
// but it would require already knowing the semi-secret id and having // but it would require already knowing the semi-secret id and having
// completed the pair code // completed the pair code
if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) { if (auth.authn === opts.auth || auth.authz === opts.auth) {
if (!auth.authz) { if (!auth.authz) {
console.log("[wss.ext.authenticate] Create authz promise and passthru"); console.log("[wss.ext.authenticate] Create authz promise and passthru");
return getPromise(auth); return getPromise(auth);
//return state.defaults.authenticate(opts.auth);
} }
// If they used authn but now authz is available, use authz // If they used authn but now authz is available, use authz
@ -337,7 +342,7 @@ module.exports.authenticate = function (opts) {
auth._claimed = true; auth._claimed = true;
} }
console.log("[wss.ext.authenticate] Using authz"); console.log("[wss.ext.authenticate] Already using authz, skipping promise");
return module.exports.authHelper({ state: state, session: auth }); return module.exports.authHelper({ state: state, session: auth });
}; };