zydronium/enigma-bbs
1
0
Fork 0
mirror of https://github.com/NuSkooler/enigma-bbs.git synced 2025-07-23 19:20:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

* Work on User & user db

Browse source
This commit is contained in:
NuSkooler 2014-10-20 22:47:13 -06:00
parent 7a3e375f5d
commit c6e6c1562d
3 changed files with 193 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

195
core/user.js
View file

@ -2,83 +2,204 @@
'use strict';
var crypto = require('crypto');
var database = require('./database.js');
var assert = require('assert');
//var database = require('./database.js');
var userDb = require('./database.js').dbs.user;
exports.User = User;
var PBKDF2_OPTIONS = {
var PBKDF2 = {
iterations : 1000,
keyLen : 128,
saltLen : 32,
};
var UserErrorCodes = Object.freeze({
NONE : 'No error',
INVALID_USER : 'Invalid user',
INVALID_PASSWORD : 'Invalid password',
});
function User() {
var self = this;
this.id = 0;
this.userName = '';
this.groups = [];
this.permissions = [];
this.properties = {};
/*
this.load = function(userName, cb) {
database.user.get('SELECT id FROM user WHERE user_name = $un LIMIT 1;', { un : userName }, function onUser(err, row) {
if(err) {
cb(err);
return;
}
var user = new User();
user.id = row.id;
// :TODO: load the rest.
database.user.serialize(function loadUserSerialized() {
database.user.each('SELECT prop_name, prop_value FROM user_property WHERE user_id = $uid;', { uid : user.id }, function onUserPropRow(err, propRow) {
user.properties[propRow.prop_name] = propRow.prop_value;
});
});
cb(null, user);
});
};*/
}
User.load = function(userName, cb) {
database.user.get('SELECT id FROM user WHERE user_name = $un LIMIT 1;', { un : userName }, function onUser(err, row) {
User.generatePasswordDerivedKey = function(password, cb) {
crypto.randomBytes(PBKDF2.saltLen, function onRandomSalt(err, salt) {
if(err) {
cb(err);
return;
}
var user = new User();
user.id = row.id;
salt = salt.toString('hex');
// :TODO: load the rest.
password = new Buffer(password).toString('hex');
database.user.serialize(function loadUserSerialized() {
database.user.each('SELECT prop_name, prop_value FROM user_property WHERE user_id = $uid;', { uid : user.id }, function onUserPropRow(err, propRow) {
user.properties[propRow.prop_name] = propRow.prop_value;
});
crypto.pbkdf2(password, salt, PBKDF2.iterations, PBKDF2.keyLen, function onDerivedKey(err, dk) {
if(err) {
cb(err);
return;
}
cb(null, { dk : dk.toString('hex'), salt : salt });
});
});
};
//
// :TODO: createNewUser(userName, password, groups)
User.addNew = function(user, cb) {
userDb.run('INSERT INTO user (user_name) VALUES(?);', [ user.userName ], function onUserInsert(err) {
if(err) {
cb(err);
return;
}
user.id = this.lastID;
user.persist(cb);
});
};
User.prototype.persist = function(cb) {
var self = this;
if(0 === this.id || 0 === this.userName.length) {
cb(new Error(UserErrorCodes.INVALID_USER));
return;
}
userDb.serialize(function onSerialized() {
userDb.run('BEGIN;');
// :TODO: Create persistProperties(id, {props})
var stmt = userDb.prepare('REPLACE INTO user_property (user_id, prop_name, prop_value) VALUES(?, ?, ?);');
Object.keys(self.properties).forEach(function onPropName(propName) {
stmt.run(self.id, propName, self.properties[propName]);
});
cb(null, user);
stmt.finalize(function onFinalized() {
userDb.run('COMMIT;');
cb(null, self.id);
});
});
};
// :TODO: make standalone function(password, dk, salt)
User.prototype.validatePassword = function(password, cb) {
assert(this.properties.pw_pbkdf2_salt);
assert(this.properties.pw_pbkdf2_dk);
var self = this;
password = new Buffer(password).toString('hex');
crypto.pbkdf2(password, this.properties.pw_pbkdf2_salt, PBKDF2.iterations, PBKDF2.keyLen, function onDerivedKey(err, dk) {
if(err) {
cb(err);
return;
}
// Constant time compare
var propDk = new Buffer(self.properties.pw_pbkdf2_dk, 'hex');
console.log(propDk);
console.log(dk);
if(propDk.length !== dk.length) {
cb(new Error('Unexpected buffer length'));
return;
}
var c = 0;
for(var i = 0; i < dk.length; i++) {
c |= propDk[i] ^ dk[i];
}
cb(null, c === 0);
});
};
// :TODO: make this something like getUserProperties(id, [propNames], cb)
function getUserDerivedKeyAndSalt(id, cb) {
var properties = {};
userDb.each(
'SELECT prop_name, prop_value ' +
'FROM user_property ' +
'WHERE user_id = ? AND prop_name="pw_pbkdf2_salt" OR prop_name="pw_pbkdf2_dk";',
[ id ],
function onPwPropRow(err, propRow) {
if(err) {
cb(err);
} else {
properties[propRow.prop_name] = propRow.prop_value;
}
},
function onComplete() {
cb(null, properties);
}
);
}
User.loadWithCredentials = function(userName, password, cb) {
userDb.get('SELECT id, user_name FROM user WHERE user_name LIKE ? LIMIT 1;"', [ userName ], function onUserIds(err, userRow) {
if(err) {
cb(err);
return;
}
if(!userRow) {
cb(new Error(UserErrorCodes.INVALID_USER));
return;
}
// Load dk & salt properties for password validation
getUserDerivedKeyAndSalt(userRow.id, function onDkAndSalt(err, props) {
var user = new User();
user.properties = props;
user.validatePassword(password, function onValidatePw(err, isCorrect) {
if(err) {
cb(err);
return;
}
if(!isCorrect) {
cb(new Error(UserErrorCodes.INVALID_PASSWORD));
return;
}
// userName and password OK -- load the rest.
user.id = userRow.id;
user.userName = userRow.user_name;
cb(null, user);
});
});
});
};
User.prototype.setPassword = function(password, cb) {
// :TODO: validate min len, etc. here?
crypto.randomBytes(PBKDF2_OPTIONS.saltLen, function onRandomSalt(err, salt) {
crypto.randomBytes(PBKDF2.saltLen, function onRandomSalt(err, salt) {
if(err) {
cb(err);
return;
}
password = Buffer.isBuffer(password) ? password : new Buffer(password, 'base64');
password = Buffer.isBuffer(password) ? password : new Buffer(password, 'hex');
crypto.pbkdf2(password, salt, PBKDF2_OPTIONS.iterations, PBKDF2_OPTIONS.keyLen, function onPbkdf2Generated(err, dk) {
crypto.pbkdf2(password, salt, PBKDF2.iterations, PBKDF2.keyLen, function onPbkdf2Generated(err, dk) {
if(err) {
cb(err);
return;