diff --git a/app.js b/app.js index 1d1ddade..15216237 100644 --- a/app.js +++ b/app.js @@ -66,7 +66,7 @@ var { expressjwt: jwt } = require("express-jwt"); global.expressJwt = jwt; global.geodist = require("geodist"); global.geoip = require("geoip-lite"); -global.jwt = require("jsonwebtoken"); +global.jsonwebtoken = require("jsonwebtoken"); global.nmap = require("libnmap"); global.Loess = require("loess"); global.loki = require("lokijs"); @@ -426,29 +426,29 @@ t6console.log("==========================================================="); t6console.info("Loading routes..."); routesLoadTime = new Date(); -var index = require("./routes/index"); -var objects = require("./routes/objects"); -var dashboards = require("./routes/dashboards"); -var snippets = require("./routes/snippets"); -var rules = require("./routes/rules"); -var mqtts = require("./routes/mqtts"); -var usersRoute = require("./routes/users"); -var data = require("./routes/data"); -var flows = require("./routes/flows"); -var units = require("./routes/units"); -var datatypes = require("./routes/datatypes"); -var pwa = require("./routes/pwa"); -var notifications = require("./routes/notifications"); -var ifttt = require("./routes/ifttt"); -var ota = require("./routes/ota"); -var sources = require("./routes/sources"); -var stories = require("./routes/stories"); -var uis = require("./routes/uis"); -var news = require("./routes/news"); -var exploration = require("./routes/exploration"); -var jobs = require("./routes/jobs"); -var classifications = require("./routes/classifications"); -app = express(); +var indexRoute = require("./routes/index"); +var objectsRoute = require("./routes/objects"); +var dashboardsRoute = require("./routes/dashboards"); +var snippetsRoute = require("./routes/snippets"); +var rulesRoute = require("./routes/rules"); +var mqttsRoute = require("./routes/mqtts"); +var usersRoute = require("./routes/users"); +var dataRoute = require("./routes/data"); +var flowsRoute = require("./routes/flows"); +var unitsRoute = require("./routes/units"); +var datatypesRoute = require("./routes/datatypes"); +var pwaRoute = require("./routes/pwa"); +var notificationsRoute = require("./routes/notifications"); +var iftttRoute = require("./routes/ifttt"); +var otaRoute = require("./routes/ota"); +var sourcesRoute = require("./routes/sources"); +var storiesRoute = require("./routes/stories"); +var uisRoute = require("./routes/uis"); +var newsRoute = require("./routes/news"); +var explorationRoute = require("./routes/exploration"); +var jobsRoute = require("./routes/jobs"); +var classificationsRoute = require("./routes/classifications"); +app = express(); if(enableMonitoring) { monitor(app); t6console.log(`${appName} is being monitored.`); @@ -568,14 +568,30 @@ wss.on("connection", (ws, req) => { ws.send("OK"); break; case "claimObject": - //if(signature is correct based on database signature secret on object) { - metadata = wsClients.get(ws); - metadata.object_id = message.object_id; - wsClients.set(ws, metadata); - ws.send("OK"); - //} else { - //ws.send("NOK, Not Authorized"); - //} + let query = { "$and": [ { "user_id" : req.user_id }, { "id" : message.object_id }, ] }; + t6console.debug("Searching for Objects: ", query["$and"][0]); + let object = objects.findOne(query); + if( message.object_id && object && typeof object.secret_key!=="undefined" && object.secret_key!==null && object.secret_key!=="" ) { + t6console.debug("Found key from Object"); + jsonwebtoken.verify(""+message.signature, object.secret_key, (error, unsignedObject_id) => { + if(!error && unsignedObject_id.object_id===message.object_id) { + t6console.debug("Signature is valid - Claim accepted"); + metadata = wsClients.get(ws); + metadata.object_id = message.object_id; + wsClients.set(ws, metadata); + ws.send("OK Accepted"); + } else { + t6console.debug("Error", error); + t6console.debug("unsignedObject_id", unsignedObject_id.object_id); + t6console.debug("message.object_id", message.object_id); + t6console.debug("Signature is invalid - Claim rejected"); + ws.send("NOK, Not Authorized, invalid signature"); + } + }); + } else { + t6console.debug("No Secret Key available on Object or Object is not yours or Object does not have a valid signature key."); + ws.send("NOK, Not Authorized"); + } break; case "getUA": metadata = wsClients.get(ws); @@ -677,28 +693,28 @@ app.use(session(sessionSettings)); app.use(express.static(path.join(__dirname, "/public"), staticOptions)); app.use(express.static(path.join(__dirname, "/docs"), staticOptions)); app.use("/.well-known", express.static(path.join(__dirname, "/.well-known"), staticOptions)); -app.use("/v"+version, index); +app.use("/v"+version, indexRoute); app.use("/v"+version+"/users", usersRoute); -app.use("/v"+version+"/objects", objects); -app.use("/v"+version+"/dashboards", dashboards); -app.use("/v"+version+"/rules", rules); -app.use("/v"+version+"/mqtts", mqtts); -app.use("/v"+version+"/snippets", snippets); -app.use("/v"+version+"/flows", flows); -app.use("/v"+version+"/data", data); -app.use("/v"+version+"/units", units); -app.use("/v"+version+"/datatypes", datatypes); -app.use("/v"+version+"/notifications", notifications); -app.use("/v"+version+"/ifttt", ifttt); -app.use("/v"+version+"/ota", ota); -app.use("/v"+version+"/sources", sources); -app.use("/v"+version+"/stories", stories); -app.use("/v"+version+"/uis", uis); -app.use("/v"+version+"/exploration", exploration); -app.use("/v"+version+"/jobs", jobs); -app.use("/v"+version+"/classifications", classifications); -app.use("/news", news); -app.use("/", pwa); +app.use("/v"+version+"/objects", objectsRoute); +app.use("/v"+version+"/dashboards", dashboardsRoute); +app.use("/v"+version+"/rules", rulesRoute); +app.use("/v"+version+"/mqtts", mqttsRoute); +app.use("/v"+version+"/snippets", snippetsRoute); +app.use("/v"+version+"/flows", flowsRoute); +app.use("/v"+version+"/data", dataRoute); +app.use("/v"+version+"/units", unitsRoute); +app.use("/v"+version+"/datatypes", datatypesRoute); +app.use("/v"+version+"/notifications", notificationsRoute); +app.use("/v"+version+"/ifttt", iftttRoute); +app.use("/v"+version+"/ota", otaRoute); +app.use("/v"+version+"/sources", sourcesRoute); +app.use("/v"+version+"/stories", storiesRoute); +app.use("/v"+version+"/uis", uisRoute); +app.use("/v"+version+"/exploration", explorationRoute); +app.use("/v"+version+"/jobs", jobsRoute); +app.use("/v"+version+"/classifications", classificationsRoute); +app.use("/news", newsRoute); +app.use("/", pwaRoute); // catch 404 and forward to error handler app.use(function(req, res, next) { diff --git a/routes/data.js b/routes/data.js index f1d4ee2d..e36c8c49 100644 --- a/routes/data.js +++ b/routes/data.js @@ -102,7 +102,7 @@ let signatureCheck = function(resolve, reject) { object = typeof object!=="undefined"?object:{}; object.secret_key = typeof object.secret_key!=="undefined"?object.secret_key:jwtsettings.secret; if ( typeof payload!=="undefined" && payload.signedPayload && object.secret_key ) { - jwt.verify(payload.signedPayload, object.secret_key, function(err, decodedPayload) { + jsonwebtoken.verify(payload.signedPayload, object.secret_key, function(err, decodedPayload) { payload.datapoint_logs = initialPayload.datapoint_logs; if ( decodedPayload && !err ) { payload = getJson(decodedPayload!==""?decodedPayload:payload); @@ -1173,7 +1173,7 @@ router.post("/(:flow_id([0-9a-z\-]+))?", expressJwt({secret: jwtsettings.secret, payload.scope = "ClientApi"; payload.sub = "/users/"+user.id; req.user = payload; - return jwt.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); + return jsonwebtoken.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); } // TODO : Rate limit is not checked here ! //res.header("X-RateLimit-Limit", limit); diff --git a/routes/ifttt.js b/routes/ifttt.js index 5124356e..c60bf3ad 100644 --- a/routes/ifttt.js +++ b/routes/ifttt.js @@ -259,7 +259,7 @@ router.get("/v1/user/info", function (req, res) { if ( bearer === result.data.accessToken ) { res.status(200).send(resultUser); } else { - jwt.verify(bearer, jwtsettings.secret, function(err, decoded) { + jsonwebtoken.verify(bearer, jwtsettings.secret, function(err, decoded) { if ( !err && decoded ) { res.status(200).send({ data: { @@ -315,7 +315,7 @@ router.post("/v1/triggers/eventTrigger", function (req, res) { } } else if(bearer) { - jwt.verify(bearer, jwtsettings.secret, function(err, decoded) { + jsonwebtoken.verify(bearer, jwtsettings.secret, function(err, decoded) { if( !err && decoded ) { let queryU = { "id": decoded.id }; t6console.debug(queryU); @@ -366,7 +366,7 @@ router.delete("/v1/triggers/eventTrigger/trigger_identity/:trigger_identity([0-9 if ( bearer && bearer === result.data.accessToken ) { res.status(201).send( {} ); // FAKE MODE } else { - jwt.verify(bearer, jwtsettings.secret, function(err, decoded) { + jsonwebtoken.verify(bearer, jwtsettings.secret, function(err, decoded) { if( !err && decoded ) { let queryU = { "$and": [ { "id": decoded.id }, diff --git a/routes/index.js b/routes/index.js index bfbe8ea2..6eed64af 100644 --- a/routes/index.js +++ b/routes/index.js @@ -232,7 +232,7 @@ router.all("*", function (req, res, next) { date: moment().format("x") }; if ( !req.user && req.headers.authorization && req.headers.authorization.split(" ")[1] !== null && req.headers.authorization.split(" ")[1] !== "null" ) { - jwt.verify(req.headers.authorization.split(" ")[1], jwtsettings.secret, function(err, decodedPayload) { + jsonwebtoken.verify(req.headers.authorization.split(" ")[1], jwtsettings.secret, function(err, decodedPayload) { if(err) { t6console.debug("User can't be determined:", err); } else { @@ -500,7 +500,7 @@ router.post("/authenticate", function (req, res) { payload.quotausage = undefined; payload.data = undefined; } - var token = jwt.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); + var token = jsonwebtoken.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); var refreshPayload = crypto.randomBytes(40).toString("hex"); var refreshTokenExp = moment().add(jwtsettings.refreshExpiresInSeconds, "seconds").format("x"); @@ -603,7 +603,7 @@ router.post("/authenticate", function (req, res) { payload.quotausage = undefined; payload.data = undefined; } - let token = jwt.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); + let token = jsonwebtoken.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); let refreshPayload = crypto.randomBytes(40).toString("hex"); let refreshTokenExp = moment().add(jwtsettings.refreshExpiresInSeconds, "seconds").format("x"); @@ -686,7 +686,7 @@ router.post("/authenticate", function (req, res) { payload.quotausage = undefined; payload.data = undefined; } - let token = jwt.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); + let token = jsonwebtoken.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); let refreshPayload = crypto.randomBytes(40).toString("hex"); let refreshTokenExp = moment().add(jwtsettings.refreshExpiresInSeconds, "seconds").format("x"); @@ -803,7 +803,7 @@ router.post("/refresh", function (req, res) { payload.quotausage = undefined; payload.data = undefined; } - var token = jwt.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); + var token = jsonwebtoken.sign(payload, jwtsettings.secret, { expiresIn: jwtsettings.expiresInSeconds }); // Add the refresh token to the list tokens = db_tokens.getCollection("tokens");