From c304c2f88e9d0c057053a19d99033d67e6d8ec6b Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Sat, 23 Nov 2019 13:47:06 +0100 Subject: [PATCH] Can check user tokens --- src/controllers/Routes.ts | 7 ++++--- src/entities/RequestHandler.ts | 36 ++++++++++++++++++++++++++++++++++ src/helpers/AccountHelper.ts | 27 +++++++++++++++++++++++++ src/main.ts | 3 +++ 4 files changed, 70 insertions(+), 3 deletions(-) diff --git a/src/controllers/Routes.ts b/src/controllers/Routes.ts index 9d8f36a..552c5ff 100644 --- a/src/controllers/Routes.ts +++ b/src/controllers/Routes.ts @@ -17,14 +17,15 @@ export interface Route { type ?: RouteType, path: string, cb: (req : RequestHandler) => Promise | void, + needLogin ?: boolean, // Default = true } export const Routes : Route[] = [ // Welcome controller - {type: RouteType.GET, path: "/", cb: WelcomeController.HomeMessage}, + {type: RouteType.GET, path: "/", cb: WelcomeController.HomeMessage, needLogin: false}, // Account controller - {path: "/account/login", cb: AccountController.LoginUser}, - {path: "/user/connectUSER", cb: AccountController.LoginUser}, // Legacy + {path: "/account/login", cb: AccountController.LoginUser, needLogin: false}, + {path: "/user/connectUSER", cb: AccountController.LoginUser, needLogin: false}, // Legacy ] \ No newline at end of file diff --git a/src/entities/RequestHandler.ts b/src/entities/RequestHandler.ts index f3a14d2..73562ba 100644 --- a/src/entities/RequestHandler.ts +++ b/src/entities/RequestHandler.ts @@ -2,6 +2,7 @@ import { Response, Request } from "express"; import { APIHelper } from "../helpers/APIHelper"; import { APIClient } from "./APIClient"; import { checkMail } from "../utils/StringUtils"; +import { AccountHelper } from "../helpers/AccountHelper"; /** * Response to a request @@ -12,6 +13,7 @@ import { checkMail } from "../utils/StringUtils"; export class RequestHandler { private client : APIClient = null; + private userID : number = -1; private responseSent = false; @@ -97,6 +99,30 @@ export class RequestHandler { this.client = client; } + /** + * Validate user tokens + * + * @param required Specify whether the user MUST be authenticated or not + */ + public async checkUserTokens(required ?: boolean) { + + const token1 = this.postString("userToken1", 0, false); + const token2 = this.postString("userToken2", 0, false); + + if(token1.length < 1 || token2.length < 1) { + if(required !== false) + this.error(401, "This method requires the user to be signed in!"); + return; + } + + + // Validate user tokens + this.userID = await AccountHelper.GetUserIdFromTokens(this.getClientInfo(), token1, token2); + + if(this.userID < 1) + this.error(412, "Please check your login tokens!"); + } + /** * Get information about API client */ @@ -108,6 +134,16 @@ export class RequestHandler { return this.client; } + /** + * Get information about current user + */ + public getUserId() : number { + if(this.userID < 1) + throw Error("Trying to get user ID but none are available!"); + + return this.userID; + } + /** * Output an error code and throws an error * diff --git a/src/helpers/AccountHelper.ts b/src/helpers/AccountHelper.ts index 5b458a2..736990c 100644 --- a/src/helpers/AccountHelper.ts +++ b/src/helpers/AccountHelper.ts @@ -80,6 +80,33 @@ export class AccountHelper { return row == null ? null : this.DBToUserTokens(row); } + /** + * Find a user using its tokens + * + * @param client Information about the client + * @param token1 First token + * @param token2 Second token + * @returns The ID of the target user / -1 if none found + */ + public static async GetUserIdFromTokens(client : APIClient, + token1: string, token2: string) : Promise { + + const row = await DatabaseHelper.QueryRow({ + table: USERS_TOKENS_TABLE, + fields: ["user_id"], + where: { + service_id: client.id, + token1: token1, + token2: token2 + } + }); + + if(!row) + return -1; + + return Number(row.user_id); + } + /** * Crypt a password * diff --git a/src/main.ts b/src/main.ts index 6155f5d..659f2cd 100644 --- a/src/main.ts +++ b/src/main.ts @@ -37,6 +37,9 @@ async function init() { // Check API tokens await handler.checkAPITokens(); + // Check user tokens + await handler.checkUserTokens(route.needLogin); + const cb = route.cb(handler); if(cb) await cb;