New token system

MertJSX · Aug 15, 2024 · bb5806d · bb5806d
1 parent 01def48
commit bb5806d
Show file tree

Hide file tree

Showing 5 changed files with 256 additions and 19 deletions.
diff --git a/index.js b/index.js
@@ -2,15 +2,15 @@ const express = require("express");
 const fs = require("fs");
 const colors = require("colors");
 const yaml = require("js-yaml");
-const multer = require('multer');
-const upload = multer();
 const path = require("path");
 const { strings } = require("./strings");
 const {
     getTotalSize
 } = require("./utils");
 const cors = require("cors");
 const routes = require("./routes");
+const CryptoJS = require("crypto-js");
+const jwt = require('jsonwebtoken');
 const app = express();
 const { createServer } = require("http");
 const { Server } = require("socket.io");
@@ -57,17 +57,48 @@ if (!config.folder) {
 }
 
 io.use((socket, next) => {
-    const username = socket.handshake.auth.username;
-    const password = socket.handshake.auth.password;
+    let username;
+    let password;
 
-    if (!socket.handshake.auth.username || !socket.handshake.auth.password) {
+    if (!socket.handshake.auth.token) {
         const err = new Error('Bad request!');
         return next(err);
     }
 
+    const token = socket.handshake.auth.token;
+
+    console.log("No errors here");
+
+    let bytes = CryptoJS.AES.decrypt(token, config.secret_encryption_key);
+    bytes = bytes.toString(CryptoJS.enc.Utf8);
+    console.log(bytes);
+
+    let decoded;
+    try {
+        decoded = jwt.verify(bytes, config.secret_jwt_key);
+    } catch (err) {
+        console.error(err.message);
+        if (err.message === "jwt expired") {
+            res.status(401);
+            res.json({ err: "Session expired!" })
+            return
+        } else {
+            res.status(401);
+            res.json({ err: "Unknown session error!" })
+        }
+    }
+
+    console.log("No errors here");
+
+
+    username = decoded.name;
+    password = decoded.password;
+
+
     function findUser(account) {
         return account.name === username
     }
+
     let account = config.accounts.find(findUser);
 
     if (account !== undefined) {
@@ -81,6 +112,9 @@ io.use((socket, next) => {
         err.data = { content: "That account does not exist." };
         return next(err);
     }
+
+    socket.handshake.auth.account = account;
+
     next();
 });
 
@@ -96,18 +130,63 @@ app.use("/api", (req, res, next) => {
     let username;
     let password;
 
-    if ((!req.body.username || !req.body.password) && (!req.headers.username || !req.headers.password)) {
-        res.status(400);
-        res.json({ err: "Bad request!" })
-        return
+    if (!req.body.username || !req.body.password) {
+        if (!req.body.token && !req.headers.token) {
+            res.status(400);
+            res.json({ err: "Bad request!" })
+            return
+        }
     }
+
     if (req.body.username && req.body.password) {
         username = req.body.username;
         password = req.body.password;
+    } else if (req.body.token) {
+        let bytes = CryptoJS.AES.decrypt(req.body.token, config.secret_encryption_key);
+        bytes = bytes.toString(CryptoJS.enc.Utf8);
+        let decoded;
+        try {
+            decoded = jwt.verify(bytes, config.secret_jwt_key);
+            console.log(decoded);
+        } catch (err) {
+            console.error(err.message);
+            if (err.message === "jwt expired") {
+                res.status(401);
+                res.json({ err: "Session expired!" })
+                return
+            } else {
+                res.status(401);
+                res.json({ err: "Unknown session error!" })
+            }
+        }
+        username = decoded.name;
+        password = decoded.password;
+    } else if (req.headers.token) {
+        let bytes = CryptoJS.AES.decrypt(req.headers.token, config.secret_encryption_key);
+        bytes = bytes.toString(CryptoJS.enc.Utf8);
+        let decoded;
+        try {
+            decoded = jwt.verify(bytes, config.secret_jwt_key);
+            console.log(decoded);
+        } catch (err) {
+            console.error(err.message);
+            if (err.message === "jwt expired") {
+                res.status(401);
+                res.json({ err: "Session expired!" })
+                return
+            } else {
+                res.status(401);
+                res.json({ err: "Unknown session error!" })
+            }
+        }
+        username = decoded.name;
+        password = decoded.password;
     } else {
-        username = req.headers.username;
-        password = req.headers.password;
+        res.status(400);
+        res.json({ err: "Bad request!" })
+        return
     }
+
     function findUser(account) {
         return account.name === username
     }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -14,9 +14,11 @@
     "chokidar": "^3.6.0",
     "colors": "^1.4.0",
     "cors": "^2.8.5",
+    "crypto-js": "^4.2.0",
     "express": "^4.19.2",
     "fast-folder-size": "^2.2.0",
     "js-yaml": "^4.1.0",
+    "jsonwebtoken": "^9.0.2",
     "mkdirp": "^3.0.1",
     "multer": "^1.4.5-lts.1",
     "socket.io": "^4.7.5",