mirror of
https://github.com/amark/gun.git
synced 2025-03-30 15:08:33 +00:00
141 lines
5.6 KiB
JavaScript
141 lines
5.6 KiB
JavaScript
|
|
const Buffer = require('./buffer')
|
|
const authsettings = require('./settings')
|
|
//const { scope: seaIndexedDb } = require('./indexed')
|
|
const queryGunAliases = require('./query')
|
|
const parseProps = require('./parse')
|
|
const updateStorage = require('./update')
|
|
const SEA = require('./sea')
|
|
const Gun = SEA.Gun;
|
|
const finalizeLogin = require('./login')
|
|
|
|
// This internal func recalls persisted User authentication if so configured
|
|
const authRecall = async (gunRoot, authprops) => {
|
|
// window.sessionStorage only holds signed { alias, pin } !!!
|
|
const remember = authprops || sessionStorage.getItem('remember')
|
|
const { alias = sessionStorage.getItem('user'), pin: pIn } = authprops || {} // @mhelander what is pIn?
|
|
const pin = pIn && Buffer.from(pIn, 'utf8').toString('base64')
|
|
// Checks for existing proof, matching alias and expiration:
|
|
const checkRememberData = async ({ proof, alias: aLias, iat, exp, remember }) => {
|
|
if (!!proof && alias === aLias) {
|
|
const checkNotExpired = (args) => {
|
|
if (Math.floor(Date.now() / 1000) < (iat + args.exp)) {
|
|
// No way hook to update 'iat'
|
|
return Object.assign(args, { iat: iat, proof: proof })
|
|
} else {
|
|
Gun.log('Authentication expired!')
|
|
}
|
|
}
|
|
// We're not gonna give proof to hook!
|
|
const hooked = authsettings.hook({ alias: alias, iat: iat, exp: exp, remember: remember })
|
|
return ((hooked instanceof Promise)
|
|
&& await hooked.then(checkNotExpired)) || checkNotExpired(hooked)
|
|
}
|
|
}
|
|
const readAndDecrypt = async (data, pub, key) =>
|
|
parseProps(await SEA.decrypt(await SEA.verify(data, pub), key))
|
|
|
|
// Already authenticated?
|
|
if (gunRoot._.user
|
|
&& Gun.obj.has(gunRoot._.user._, 'pub')
|
|
&& Gun.obj.has(gunRoot._.user._, 'sea')) {
|
|
return gunRoot._.user._ // Yes, we're done here.
|
|
}
|
|
// No, got persisted 'alias'?
|
|
if (!alias) {
|
|
throw { err: 'No authentication session found!' }
|
|
}
|
|
// Yes, got persisted 'remember'?
|
|
if (!remember) {
|
|
throw { // And return proof if for matching alias
|
|
err: (await seaIndexedDb.get(alias, 'auth') && authsettings.validity
|
|
&& 'Missing PIN and alias!') || 'No authentication session found!'
|
|
}
|
|
}
|
|
// Yes, let's get (all?) matching aliases
|
|
const aliases = (await queryGunAliases(alias, gunRoot))
|
|
.filter(({ pub } = {}) => !!pub)
|
|
// Got any?
|
|
if (!aliases.length) {
|
|
throw { err: 'Public key does not exist!' }
|
|
}
|
|
let err
|
|
// Yes, then attempt to log into each one until we find ours!
|
|
// (if two users have the same username AND the same password... that would be bad)
|
|
const [ { key, at, proof, pin: newPin } = {} ] = await Promise
|
|
.all(aliases.filter(({ at: { put } = {} }) => !!put)
|
|
.map(async ({ at: at, pub: pub }) => {
|
|
const readStorageData = async (args) => {
|
|
const props = args || parseProps(await SEA.verify(remember, pub, true))
|
|
let pin = props.pin
|
|
let aLias = props.alias
|
|
|
|
const data = (!pin && alias === aLias)
|
|
// No PIN, let's try short-term proof if for matching alias
|
|
? await checkRememberData(props)
|
|
// Got PIN so get IndexedDB secret if signature is ok
|
|
: await checkRememberData(await readAndDecrypt(await seaIndexedDb.get(alias, 'auth'), pub, pin))
|
|
pin = pin || data.pin
|
|
delete data.pin
|
|
return { pin: pin, data: data }
|
|
}
|
|
// got pub, try auth with pin & alias :: or unwrap Storage data...
|
|
const __gky20 = await readStorageData(pin && { pin, alias })
|
|
const data = __gky20.data
|
|
const newPin = __gky20.pin
|
|
const proof = data.proof
|
|
|
|
if (!proof) {
|
|
if (!data) {
|
|
err = 'No valid authentication session found!'
|
|
return
|
|
}
|
|
try { // Wipes IndexedDB silently
|
|
await updateStorage()(data)
|
|
} catch (e) {} //eslint-disable-line no-empty
|
|
err = 'Expired session!'
|
|
return
|
|
}
|
|
|
|
try { // auth parsing or decryption fails or returns empty - silently done
|
|
const auth= at.put.auth.auth
|
|
const sea = await SEA.decrypt(auth, proof)
|
|
if (!sea) {
|
|
err = 'Failed to decrypt private key!'
|
|
return
|
|
}
|
|
const priv = sea.priv
|
|
const epriv = sea.epriv
|
|
const epub = at.put.epub
|
|
// Success! we've found our private data!
|
|
err = null
|
|
return { proof: proof, at: at, pin: newPin, key: { pub: pub, priv: priv, epriv: epriv, epub: epub } }
|
|
} catch (e) {
|
|
err = 'Failed to decrypt private key!'
|
|
return
|
|
}
|
|
}).filter((props) => !!props))
|
|
|
|
if (!key) {
|
|
throw { err: err || 'Public key does not exist!' }
|
|
}
|
|
|
|
// now we have AES decrypted the private key,
|
|
// if we were successful, then that means we're logged in!
|
|
try {
|
|
await updateStorage(proof, key, newPin || pin)(key)
|
|
|
|
const user = Object.assign(key, { at: at, proof: proof })
|
|
const pIN = newPin || pin
|
|
|
|
const pinProp = pIN && { pin: Buffer.from(pIN, 'base64').toString('utf8') }
|
|
|
|
return await finalizeLogin(alias, user, gunRoot, pinProp)
|
|
} catch (e) { // TODO: right log message ?
|
|
Gun.log('Failed to finalize login with new password!')
|
|
const { err = '' } = e || {}
|
|
throw { err: 'Finalizing new password login failed! Reason: '+err }
|
|
}
|
|
}
|
|
module.exports = authRecall
|
|
|