session management, improved

main
june moretz 2023-05-09 01:45:19 -04:00
parent 5c700eb425
commit bda996eb27
2 changed files with 19 additions and 5 deletions

View File

@ -10,10 +10,12 @@ function rand() {
}
async function auth() {
let session = rand();
const sig = await openpgp.sign({
message: new openpgp.CleartextMessage("vybe_auth " + rand(), ""),
message: new openpgp.CleartextMessage("vybe_auth " + session, ""),
signingKeys: window.keys.priv,
});
window.session = session;
window.socket.emit("authenticate", { name: window.name, message: sig });
}
@ -122,6 +124,15 @@ window.onload = () => {
});
window.socket.on("authenticate", (msg) => {
if (msg.success) swap();
let emitter = window.socket.emit;
window.socket.emit = (type, data) => {
if (data)
return emitter.call(window.socket, type, {
...data,
__session: window.session,
});
else return emitter.call(window.socket, type);
};
});
window.socket.on("list_threads", (msg) => {
document.getElementById("threadlist").innerHTML = "";

View File

@ -1,15 +1,18 @@
const db = require("../db");
const authwrap = (fn) => async (msg, respond, socket) => {
if (!socket.userid) {
if (!msg.__session) {
return respond({
success: false,
message: "Not authenticated",
});
}
const result = await db.query("select * from users where id = ?", [
socket.userid,
]);
const result = await db.query(
`select users.* from users join authentications
on authentications.user = users.id
where authentications.salt = ?`,
[msg.__session]
);
if (result.rows.length === 0) {
return respond({
success: false,