zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add wtv-ticket store api

Browse Source 
- fix broken session bust crap from before
- properly resume session as user when server restarted
- api available to store other things in the wtv-ticket
This commit is contained in:
zefie
2022-02-08 16:10:15 -05:00
parent d1c70c7ab1
commit bf7369431e
7 changed files with 124 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/ValidateLogin.js
View File

@@ -71,9 +71,8 @@ minisrv-no-mail-count: true
Content-Type: text/html`;
if (client_challenge_response) {
headers += `
wtv-encrypted: true
wtv-ticket: ${wtvsec_login.ticket_b64}
`;
wtv-encrypted: true`;
if (wtvsec_login) ssid_sessions[socket.ssid].data_store.wtvsec_login.update_ticket = true;
}
if (limitedLoginRegistered) gourl = "wtv-head-waiter:/password?";
headers += `

22
zefie_wtvp_minisrv/ServiceVault/wtv-head-waiter/login-stage-two.js
View File

@@ -39,14 +39,28 @@ else {
} else {
var userid = ssid_sessions[socket.ssid].getSessionData("subscriber_userid")
var nickname = ssid_sessions[socket.ssid].getSessionData("subscriber_username");
var human_name = ssid_sessions[socket.ssid].getSessionData("subscriber_name");
var human_name = ssid_sessions[socket.ssid].getSessionData("subscriber_name") || nickname;
var messenger_enabled = ssid_sessions[socket.ssid].getSessionData("messenger_enabled") || 0;
var messenger_authorized = ssid_sessions[socket.ssid].getSessionData("messenger_authorized") || 0;
var home_url = "wtv-home:/splash?";
}
var limitedLogin = ssid_sessions[socket.ssid].lockdown;
var limitedLoginRegistered = (limitedLogin || (ssid_sessions[socket.ssid].isRegistered() && ssid_sessions[socket.ssid].getSessionData('password_valid')));
var offline_user_list = CryptoJS.enc.Latin1.parse("<user-list>\n\t<user userid=\"" + userid + " user-name=\"" + nickname + "\" first-name=\"" + minisrv_config.config.service_name + "User \" last-name=\\" + namerand + "\" password=\"\" mail-enabled=\"true\" />\n</user-list>").toString(CryptoJS.enc.Base64);
var offline_user_list = null;
if (ssid_sessions[socket.ssid].isRegistered() && ssid_sessions[socket.ssid].user_id == 0) {
var accounts = ssid_sessions[socket.ssid].listPrimaryAccountUsers();
console.log(accounts);
var num_accounts = ssid_sessions[socket.ssid].getNumberOfUserAccounts();
var offline_user_list_str = "<user-list>\n";
var i = 0;
Object.keys(accounts).forEach((k) => {
var account_display_name = (accounts[k].subscriber_name) ? accounts[k].subscriber_name : accounts[k].subscriber_username
offline_user_list_str += "\t" + '<user userid="' + i + '" user-name="' + accounts[k].subscriber_username + '" first-name="' + account_display_name + '" last-name="" passsword="" mail-enabled=true />' + "\n";
i++;
});
offline_user_list_str += "</user-list>\n";
offline_user_list = CryptoJS.enc.Latin1.parse(offline_user_list_str).toString(CryptoJS.enc.Base64);
}
if (limitedLoginRegistered) var home_url = "wtv-head-waiter:/password?";
@@ -74,8 +88,8 @@ wtv-login-timeout: 7200
if (!limitedLogin) {
headers += getServiceString('all', { "exceptions": ["wtv-register"] });
headers += `wtv-offline-user-list: ${offline_user_list}
wtv-messenger-authorized: ${messenger_authorized}
if (offline_user_list) headers += "wtv-offline-user-list: " + offline_user_list + "\n";
headers += `wtv-messenger-authorized: ${messenger_authorized}
wtv-messenger-enable: ${messenger_enabled}
wtv-messagewatch-checktimeoffset: off
`;

2
zefie_wtvp_minisrv/ServiceVault/wtv-register/ValidateReviewAccountInfo.js
View File

@@ -17,7 +17,7 @@ if (!request_headers.query.registering ||
ssid_sessions[socket.ssid].setSessionData("subscriber_username", request_headers.query.subscriber_username);
ssid_sessions[socket.ssid].setSessionData("subscriber_contact", request_headers.query.subscriber_contact);
ssid_sessions[socket.ssid].setSessionData("subscriber_contact_method", request_headers.query.subscriber_contact_method);
ssid_sessions[socket.ssid].setSessionData("subscriber_userid", '1' + Math.floor(Math.random() * 1000000000000000000));
ssid_sessions[socket.ssid].setSessionData("subscriber_userid", 0);
ssid_sessions[socket.ssid].setSessionData("registered", true);
if (!ssid_sessions[socket.ssid].storeSessionData(true)) {
var errpage = wtvshared.doErrorPage(400);

1
zefie_wtvp_minisrv/ServiceVault/wtv-setup/validate-add-user-done.js
View File

@@ -30,6 +30,7 @@ if (errpage) {
var freeUserId = ssid_sessions[socket.ssid].findFreeUserSlot(ssid_sessions[socket.ssid]);
if (freeUserId) {
userSession.user_id = freeUserId;
userSession.setSessionData("subscriber_userid", freeUserId);
userSession.setSessionData("subscriber_name", request_headers.query.display_name);
userSession.setSessionData("subscriber_username", request_headers.query.user_name);
userSession.setSessionData("registered", true);

24
zefie_wtvp_minisrv/WTVClientSessionData.js
View File

@@ -1,6 +1,7 @@
const { lib } = require('crypto-js');
const CryptoJS = require('crypto-js');
const WTVMail = require('./WTVMail.js')
const WTVSec = require('./WTVSec.js');
class WTVClientSessionData {
fs = require('fs');
@@ -54,10 +55,31 @@ class WTVClientSessionData {
}
switchUserID(user_id, update_mail = true) {
switchUserID(user_id, update_mail = true, update_ticket = true) {
this.user_id = user_id;
this.loadSessionData();
this.mailstore = new WTVMail(this.minisrv_config, this.ssid, this)
if (this.data_store.wtvsec_login && update_ticket) this.setTicketData('user_id', user_id);
}
setTicketData(key, value) {
if (this.data_store.wtvsec_login) this.data_store.wtvsec_login.setTicketData(key, value);
else return false;
return true;
}
getTicketData(key) {
if (this.data_store.wtvsec_login) return this.data_store.wtvsec_login.getTicketData(key);
return false;
}
deleteTicketData(key) {
if (this.data_store.wtvsec_login) this.data_store.wtvsec_login.deleteTicketData(key);
else return false;
return true;
}
findFreeUserSlot() {

67
zefie_wtvp_minisrv/WTVSec.js
View File

@@ -32,6 +32,8 @@ class WTVSec {
hRC4_Key2 = null;
RC4Session = new Array();
minisrv_config = [];
update_ticket = false;
ticket_store = {};
/**
*
@@ -41,7 +43,7 @@ class WTVSec {
* @param {Boolean} minisrv_config.config.debug_flags.debug Enable debugging
*
*/
constructor(minisrv_config, wtv_incarnation = 1) {
constructor(minisrv_config, wtv_incarnation = 1) {
this.minisrv_config = minisrv_config;
this.initial_shared_key = CryptoJS.enc.Base64.parse(this.initial_shared_key_b64);
@@ -87,11 +89,15 @@ class WTVSec {
*/
PrepareTicket() {
// store last challenge response in ticket
var ticket_data = this.challenge_raw;
if (this.minisrv_config.config.debug_flags.debug) console.log(" * Preparing a new ticket with ticket_store:", this.ticket_store)
var ticket_data_raw = this.challenge_raw;
try {
var ticket_data_enc = CryptoJS.DES.encrypt(ticket_data, this.initial_shared_key, {
var ticket_data = ticket_data_raw.toString(CryptoJS.enc.Hex) + CryptoJS.enc.Utf8.parse(JSON.stringify(this.ticket_store)).toString(CryptoJS.enc.Hex);
ticket_data_raw = CryptoJS.enc.Hex.parse(ticket_data);
var ticket_data_enc = CryptoJS.DES.encrypt(ticket_data_raw, this.initial_shared_key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.NoPadding
padding: CryptoJS.pad.Pkcs7
});
// create a copy of WordArray since concat modifies the original
var challenge_signed_key = this.DuplicateWordArray(this.challenge_signed_key);
@@ -103,6 +109,17 @@ class WTVSec {
return this.ticket_b64;
}
tryDecodeJSON(json_string) {
var out;
try {
out = JSON.parse(json_string);
} catch (e) {
console.log(e);
out = {};
}
return out;
}
/**
* Decodes a wtv-ticket to set up this instance
*
@@ -112,6 +129,7 @@ class WTVSec {
var ticket_hex = CryptoJS.enc.Base64.parse(ticket_b64).toString(CryptoJS.enc.Hex);
var challenge_key = CryptoJS.enc.Hex.parse(ticket_hex.substring(0, 16));
var challenge_enc = CryptoJS.enc.Hex.parse(ticket_hex.substring(16));
var ticket_dec = CryptoJS.DES.decrypt(
{
ciphertext: challenge_enc
@@ -119,11 +137,46 @@ class WTVSec {
this.initial_shared_key,
{
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.NoPadding
padding: CryptoJS.pad.Pkcs7
}
);
this.ProcessChallenge(ticket_dec.toString(CryptoJS.enc.Base64), challenge_key);
console.log(" * Decoded session from wtv-ticket");
var data_offset = 216; // (108 * 2);
var challenge_code = ticket_dec.toString().substring(0, data_offset);
var challenge_code_b64 = CryptoJS.enc.Hex.parse(challenge_code).toString(CryptoJS.enc.Base64);
if ((ticket_dec.sigBytes * 2) >= challenge_code.length) {
var ticket_data_dec = CryptoJS.enc.Hex.parse(ticket_dec.toString().substring(data_offset)).toString(CryptoJS.enc.Utf8);
this.ticket_store = this.tryDecodeJSON(ticket_data_dec);
} else {
this.ticket_store = {};
}
this.ProcessChallenge(challenge_code_b64, challenge_key);
if (this.minisrv_config.config.debug_flags.debug) console.log(" * Decoded session from wtv-ticket with ticket_store:", this.ticket_store);
}
getTicketData(key = null) {
if (typeof (this.ticket_store) === 'session_store') return null;
else if (key === null) return this.ticket_store;
else return null;
}
setTicketData(key, value) {
if (key === null) throw ("WTVSec.ssetTicketDataet(): invalid key provided");
if (typeof (this.ticket_store) === 'undefined') this.ticket_store = {};
this.ticket_store[key] = value;
if (this.ticket_b64) this.PrepareTicket();
this.update_ticket = true;
}
deleteTicketData(key) {
if (key === null) throw ("WTVSec.deleteTicketData(): invalid key provided");
if (typeof (this.ticket_store) === 'undefined') {
this.ticket_store = {};
return;
}
delete this.ticket_store[key];
if (this.ticket_b64) this.PrepareTicket();
this.update_ticket = true;
}
/**

40
zefie_wtvp_minisrv/app.js
View File

@@ -405,19 +405,6 @@ Location: " + minisrv_config.config.unauthorized_url`;
return;
}
/*
if (ssid_sessions[socket.ssid].isRegistered(false) && !ssid_sessions[socket.ssid].isAuthorized(shortURL, 'login', true)) {
if (!ssid_sessions[socket.ssid].getSessionData("subscriber_username")) {
headers = `300 Session Error
Location: client:relogin`;
data = "";
sendToClient(socket, headers, data);
console.log(" * Session error: Asking client to relogin via socket ID", socket.id);
return;
}
}
*/
// Check URL for :/, but not :// (to differentiate wtv urls)
if (shortURL.indexOf(':/') >= 0 && shortURL.indexOf('://') == -1) {
var ssid = socket.ssid;
@@ -802,6 +789,7 @@ async function sendToClient(socket, headers_obj, data) {
if (headers_obj["secure"]) delete headers_obj["secure"];
}
// calculate content length
// make sure we are using our Content-length and not one set in a script.
if (headers_obj["Content-Length"]) delete headers_obj["Content-Length"];
@@ -809,13 +797,14 @@ async function sendToClient(socket, headers_obj, data) {
headers_obj["Content-length"] = content_length;
// Send wtv-ticket if it has been flagged as updated
if (ssid_sessions[socket.ssid]) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64) {
if (ssid_sessions[socket.ssid].data_store.update_ticket) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.update_ticket) {
headers_obj["wtv-ticket"] = ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64;
headers_obj = moveObjectElement("wtv-ticket", "Connection", headers_obj);
ssid_sessions[socket.ssid].data_store.update_ticket = false;
ssid_sessions[socket.ssid].data_store.wtvsec_login.update_ticket = false;
}
}
}
@@ -1077,13 +1066,22 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
} else {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 != headers["wtv-ticket"]) {
if (minisrv_config.config.debug_flags.debug) console.log(" # New ticket from client");
ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id) {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id > 0)
ssid_sessions[socket.ssid].switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
}
} else {
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 != headers["wtv-ticket"])
if (!ssid_sessions[socket.ssid].data_store.wtvsec_login.update_ticket) {
if (minisrv_config.config.debug_flags.debug) console.log(" # New ticket from client");
ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64);
if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]);
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id > 0) {
if (ssid_sessions[socket.ssid].user_id != ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id)
switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
}
}
}
}
}