zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BREAKING CHANGES: (for SeCuRiTy):

Browse Source 
By default:
- `ssid_sessions[socket.ssid]` is now `session_data`
- `require` is no longer allowed in user scripts

To access global `socket_sessions` and `ssid_sessions`, as well as `require` additional modules, you must set `privileged: true` for the specific service. See `config.json`.
This commit is contained in:
zefie
2022-10-09 13:26:14 -04:00
parent 2491f62b89
commit 37f1ab67ad
118 changed files with 577 additions and 530 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/login.js
View File

@@ -1,8 +1,8 @@
var minisrv_service_file = true;
ssid_sessions[socket.ssid].setUserLoggedIn(false);
session_data.setUserLoggedIn(false);
var challenge_response, challenge_header = "";
if (socket.ssid !== null) ssid_sessions[socket.ssid].switchUserID(0);
if (socket.ssid !== null) session_data.switchUserID(0);
var gourl = "wtv-head-waiter:/ValidateLogin?initial_login=true&";
if (request_headers.query.relogin) gourl += "relogin=true";
@@ -17,29 +17,29 @@ if (request_headers.query.guest_login) {
var send_to_relogin = true;
if (socket.ssid) {
if (ssid_sessions[socket.ssid]) {
if (session_data) {
if (request_headers["wtv-ticket"]) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 == null) {
if (session_data.data_store.wtvsec_login.ticket_b64 == null) {
if (request_headers["wtv-ticket"].length > 8) {
ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(request_headers["wtv-ticket"]);
ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = request_headers["wtv-ticket"];
session_data.data_store.wtvsec_login.DecodeTicket(request_headers["wtv-ticket"]);
session_data.data_store.wtvsec_login.ticket_b64 = request_headers["wtv-ticket"];
send_to_relogin = false;
}
}
} else {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
if (session_data.data_store.wtvsec_login) {
var client_challenge_response = request_headers["wtv-challenge-response"] || null;
if (challenge_response && client_challenge_response) {
if (challenge_response.toString(CryptoJS.enc.Base64).substring(0, 85) == client_challenge_response.substring(0, 85)) {
console.log(" * wtv-challenge-response success for " + socket.ssid);
ssid_sessions[socket.ssid].data_store.wtvsec_login.PrepareTicket();
session_data.data_store.wtvsec_login.PrepareTicket();
send_to_relogin = false;
} else {
challenge_header = "wtv-challenge: " + ssid_sessions[socket.ssid].data_store.wtvsec_login.IssueChallenge();
challenge_header = "wtv-challenge: " + session_data.data_store.wtvsec_login.IssueChallenge();
send_to_relogin = false;
}
} else {
challenge_header = "wtv-challenge: " + ssid_sessions[socket.ssid].data_store.wtvsec_login.IssueChallenge();
challenge_header = "wtv-challenge: " + session_data.data_store.wtvsec_login.IssueChallenge();
send_to_relogin = false;
}
}