wiki-security-sessionless 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generate-keys.js +3 -3
- package/package.json +2 -1
- package/server/sessionless.js +30 -12
package/generate-keys.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
const sessionless = require('sessionless-node');
|
|
2
|
-
|
|
3
|
-
sessionless.generateKeys(() => {}, () => {}).then(console.log).catch(console.error);
|
|
1
|
+
const sessionless = require('sessionless-node');
|
|
2
|
+
|
|
3
|
+
sessionless.generateKeys(() => {}, () => {}).then(console.log).catch(console.error);
|
package/package.json
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "wiki-security-sessionless",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.3",
|
|
4
4
|
"description": "A sessionless security module for the federated wiki",
|
|
5
|
+
"repository": "https://github.com/zach-planet-nine/wiki-security-sessionless",
|
|
5
6
|
"keywords": [
|
|
6
7
|
"federated",
|
|
7
8
|
"wiki"
|
package/server/sessionless.js
CHANGED
|
@@ -43,17 +43,7 @@ module.exports = (log, loga, argv) => {
|
|
|
43
43
|
};
|
|
44
44
|
|
|
45
45
|
security.isAuthorized = async (req) => {
|
|
46
|
-
|
|
47
|
-
const keys = await sessionless.getKeys();
|
|
48
|
-
const signature = await sessionless.sign(req.path);
|
|
49
|
-
try {
|
|
50
|
-
const isVerified = sessionless.verifySignature(signature, req.path, keys.pubKey);
|
|
51
|
-
return isVerified;
|
|
52
|
-
} catch(err) {
|
|
53
|
-
return false;
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
|
-
return false;
|
|
46
|
+
return req.sessionless && req.sessionless.isVerified;
|
|
57
47
|
}
|
|
58
48
|
|
|
59
49
|
security.login = async (req, res) => {
|
|
@@ -67,11 +57,11 @@ module.exports = (log, loga, argv) => {
|
|
|
67
57
|
const keys = await sessionless.generateKeys(saveKeys, getKeys);
|
|
68
58
|
|
|
69
59
|
req.session.key = keys.privateKey;
|
|
60
|
+
|
|
70
61
|
return res.redirect('/view/welcome-visitors');
|
|
71
62
|
}
|
|
72
63
|
} catch(err) {}
|
|
73
64
|
|
|
74
|
-
|
|
75
65
|
res.status(403);
|
|
76
66
|
return res.send('unauthorized');
|
|
77
67
|
};
|
|
@@ -82,6 +72,34 @@ module.exports = (log, loga, argv) => {
|
|
|
82
72
|
};
|
|
83
73
|
|
|
84
74
|
security.defineRoutes = (app, cors, updateOwner) => {
|
|
75
|
+
app.use(async (req, res, next) => {
|
|
76
|
+
req.sessionless = req.sessionless || {};
|
|
77
|
+
|
|
78
|
+
if(req.session && req.session.key) {
|
|
79
|
+
try {
|
|
80
|
+
const keys = await sessionless.getKeys();
|
|
81
|
+
keys.privateKey = req.session.key;
|
|
82
|
+
sessionless.getKeys = () => keys;
|
|
83
|
+
} catch(err) {
|
|
84
|
+
req.session.reset();
|
|
85
|
+
req.sessionless.isVerified = false;
|
|
86
|
+
return next();
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
try {
|
|
90
|
+
const signature = await sessionless.sign(req.path);
|
|
91
|
+
|
|
92
|
+
const isVerified = sessionless.verifySignature(signature, req.path, keys.pubKey);
|
|
93
|
+
req.sessionless.isVerified = isVerified;
|
|
94
|
+
} catch(err) {
|
|
95
|
+
req.sessionless.isVerified = false;
|
|
96
|
+
}
|
|
97
|
+
} else {
|
|
98
|
+
req.sessionless.isVerified = false;
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
next();
|
|
102
|
+
});
|
|
85
103
|
app.get('/login', cors, security.login);
|
|
86
104
|
app.get('/logout', cors, security.logout);
|
|
87
105
|
};
|