gun/sea/authenticate.js

    var SEA = require('./sea');
    var Gun = SEA.Gun;
    const queryGunAliases = require('./query')
    const parseProps = require('./parse')
    // This is internal User authentication func.
    const authenticate = async (alias, pass, gunRoot) => {
      // load all public keys associated with the username alias we want to log in with.
      const aliases = (await queryGunAliases(alias, gunRoot))
      .filter(a => !!a.pub && !!a.put)
      // Got any?
      if (!aliases.length) {
        throw { err: 'Public key does not exist!' }
      }
      let err
      // then attempt to log into each one until we find ours!
      // (if two users have the same username AND the same password... that would be bad)
      const users = await Promise.all(aliases.map(async (a, i) => {
        // attempt to PBKDF2 extend the password with the salt. (Verifying the signature gives us the plain text salt.)
        const auth = parseProps(a.put.auth)
      // NOTE: aliasquery uses `gun.get` which internally SEA.read verifies the data for us, so we do not need to re-verify it here.
      // SEA.verify(at.put.auth, pub).then(function(auth){
        try {
          const proof = await SEA.work(pass, auth.s)
          //const props = { pub: pub, proof: proof, at: at }
          // the proof of work is evidence that we've spent some time/effort trying to log in, this slows brute force.
          /*
          MARK TO @mhelander : pub vs epub!???
          */
          const salt = auth.salt
          const sea = await SEA.decrypt(auth.ek, proof)
          if (!sea) {
            err = 'Failed to decrypt secret! ' + (i+1) +'/'+aliases.length;
            return
          }
          // now we have AES decrypted the private key, from when we encrypted it with the proof at registration.
          // if we were successful, then that meanswe're logged in!
          const priv = sea.priv
          const epriv = sea.epriv
          const epub = a.put.epub
          // TODO: 'salt' needed?
          err = null
          if(SEA.window){
            var tmp = SEA.window.sessionStorage;
            if(tmp && gunRoot._.opt.remember){
              SEA.window.sessionStorage.alias = alias;
              SEA.window.sessionStorage.tmp = pass;
            }
          }
          return {priv: priv, pub: a.put.pub, salt: salt, epub: epub, epriv: epriv };
        } catch (e) {
          err = 'Failed to decrypt secret!'
          throw { err }
        }
      }))
      var user = Gun.list.map(users, function(acc){ if(acc){ return acc } })
      if (!user) {
        throw { err: err || 'Public key does not exist!' }
      }
      return user
    }
    module.exports = authenticate;