(socket : DockgeSocket, server : DockgeServer)
| 21 | |
| 22 | export class MainSocketHandler extends SocketHandler { |
| 23 | create(socket : DockgeSocket, server : DockgeServer) { |
| 24 | |
| 25 | // *************************** |
| 26 | // Public Socket API |
| 27 | // *************************** |
| 28 | |
| 29 | // Setup |
| 30 | socket.on("setup", async (username, password, callback) => { |
| 31 | try { |
| 32 | if (passwordStrength(password).value === "Too weak") { |
| 33 | throw new Error("Password is too weak. It should contain alphabetic and numeric characters. It must be at least 6 characters in length."); |
| 34 | } |
| 35 | |
| 36 | if ((await R.knex("user").count("id as count").first()).count !== 0) { |
| 37 | throw new Error("Dockge has been initialized. If you want to run setup again, please delete the database."); |
| 38 | } |
| 39 | |
| 40 | const user = R.dispense("user"); |
| 41 | user.username = username; |
| 42 | user.password = generatePasswordHash(password); |
| 43 | await R.store(user); |
| 44 | |
| 45 | server.needSetup = false; |
| 46 | |
| 47 | callback({ |
| 48 | ok: true, |
| 49 | msg: "successAdded", |
| 50 | msgi18n: true, |
| 51 | }); |
| 52 | |
| 53 | } catch (e) { |
| 54 | if (e instanceof Error) { |
| 55 | callback({ |
| 56 | ok: false, |
| 57 | msg: e.message, |
| 58 | }); |
| 59 | } |
| 60 | } |
| 61 | }); |
| 62 | |
| 63 | // Login by token |
| 64 | socket.on("loginByToken", async (token, callback) => { |
| 65 | const clientIP = await server.getClientIP(socket); |
| 66 | |
| 67 | log.info("auth", `Login by token. IP=${clientIP}`); |
| 68 | |
| 69 | try { |
| 70 | const decoded = jwt.verify(token, server.jwtSecret) as JWTDecoded; |
| 71 | |
| 72 | log.info("auth", "Username from JWT: " + decoded.username); |
| 73 | |
| 74 | const user = await R.findOne("user", " username = ? AND active = 1 ", [ |
| 75 | decoded.username, |
| 76 | ]) as User; |
| 77 | |
| 78 | if (user) { |
| 79 | // Check if the password changed |
| 80 | if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) { |
nothing calls this directly
no test coverage detected