session management, improved

main
june moretz 2023-05-09 01:45:19 -04:00
parent 5c700eb425
commit bda996eb27
2 changed files with 19 additions and 5 deletions

View File

@ -10,10 +10,12 @@ function rand() {
} }
async function auth() { async function auth() {
let session = rand();
const sig = await openpgp.sign({ const sig = await openpgp.sign({
message: new openpgp.CleartextMessage("vybe_auth " + rand(), ""), message: new openpgp.CleartextMessage("vybe_auth " + session, ""),
signingKeys: window.keys.priv, signingKeys: window.keys.priv,
}); });
window.session = session;
window.socket.emit("authenticate", { name: window.name, message: sig }); window.socket.emit("authenticate", { name: window.name, message: sig });
} }
@ -122,6 +124,15 @@ window.onload = () => {
}); });
window.socket.on("authenticate", (msg) => { window.socket.on("authenticate", (msg) => {
if (msg.success) swap(); if (msg.success) swap();
let emitter = window.socket.emit;
window.socket.emit = (type, data) => {
if (data)
return emitter.call(window.socket, type, {
...data,
__session: window.session,
});
else return emitter.call(window.socket, type);
};
}); });
window.socket.on("list_threads", (msg) => { window.socket.on("list_threads", (msg) => {
document.getElementById("threadlist").innerHTML = ""; document.getElementById("threadlist").innerHTML = "";

View File

@ -1,15 +1,18 @@
const db = require("../db"); const db = require("../db");
const authwrap = (fn) => async (msg, respond, socket) => { const authwrap = (fn) => async (msg, respond, socket) => {
if (!socket.userid) { if (!msg.__session) {
return respond({ return respond({
success: false, success: false,
message: "Not authenticated", message: "Not authenticated",
}); });
} }
const result = await db.query("select * from users where id = ?", [ const result = await db.query(
socket.userid, `select users.* from users join authentications
]); on authentications.user = users.id
where authentications.salt = ?`,
[msg.__session]
);
if (result.rows.length === 0) { if (result.rows.length === 0) {
return respond({ return respond({
success: false, success: false,