server/hornchat.serverlet.authentication.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

const fs = require("fs");
global.rateLimits = {};

module.exports = (socket, msg, updateConnectedDevices) => {
    if (!updateConnectedDevices) updateConnectedDevices = false;

    let data;
    try {
        data = JSON.parse(msg);
    } catch (e) {
        socket.send(JSON.stringify({error:"INVALID_DATA", fatal: true}));
        console.log("[" + socket.id + "] Unable to authenticate");
        rateLimits[socket.ip] = new Date();
        socket.close();
        return;
    }

    try {
        if (data.username && data.token) {
            console.log("[" + socket.id + "] Username:", data.username, "Token:", "<redacted>");
            let currentDevice = null;

            if (userCredentials.filter((i) => i.id === data.username).length > 0) {
                if (userCredentials.filter((i) => i.id === data.username)[0]['devices'].length > 0) {
                    for (let device of userCredentials.filter((i) => i.id === data.username)[0]['devices']) {
                        if (data.token === device.token) {
                            currentDevice = device;
                            global.userCredentials = userCredentials.map((i) => {
                                if (i.id === data.username) {
                                    i.devices = i.devices.map((j) => {
                                        if (data.token === j.token) {
                                            j.addresses = [...new Set([...j.addresses, socket.ip])];
                                            j.lastSeen = new Date();
                                        }

                                        return j;
                                    })
                                }

                                return i;
                            })

                            fs.writeFileSync(dataPath + "/users.json", JSON.stringify(userCredentials, null, 2));
                            socket.send(JSON.stringify({device: device.id}));
                            console.log("[" + socket.id + "] Authenticated successfully");

                            if (updateConnectedDevices) {
                                if (!connectedDevices[data.username]) connectedDevices[data.username] = [];
                                connectedDevices[data.username].push(device.id);
                            }

                            socket.authenticated = {
                                device: device.id,
                                user: data.username
                            }

                            break;
                        }
                    }
                }
            } else {
                socket.send(JSON.stringify({error:"USER_NOT_FOUND", fatal: true}));
                console.log("[" + socket.id + "] Unable to authenticate");
                rateLimits[socket.ip] = new Date();
                socket.close();
            }
        } else {
            socket.send(JSON.stringify({error:"MISSING_OPERAND", fatal: true}));
            console.log("[" + socket.id + "] Unable to authenticate");
            rateLimits[socket.ip] = new Date();
            socket.close();
        }
    } catch (e) {
        console.error(e);
        socket.send(JSON.stringify({error:"INTERNAL_ERROR", fatal: true}));
        console.log("[" + socket.id + "] Unable to authenticate");
        rateLimits[socket.ip] = new Date();
        socket.close();
    }
}