src/session.js

   1 var dbAccounts = require("./database/accounts");
   2 var crypto = require("crypto");
   3
   4 function sha256(input) {
   5     var hash = crypto.createHash("sha256");
   6     hash.update(input);
   7     return hash.digest("base64");
   8 }
   9
  10 exports.genSession = function (account, expiration, cb) {
  11     if (expiration instanceof Date) {
  12         expiration = Date.parse(expiration);
  13     }
  14
  15     var salt = crypto.pseudoRandomBytes(24).toString("base64");
  16     var hashInput = [account.name, account.password, expiration, salt].join(":");
  17     var hash = sha256(hashInput);
  18
  19     cb(null, [account.name, expiration, salt, hash, account.global_rank].join(":"));
  20 };
  21
  22 exports.verifySession = function (input, cb) {
  23     if (typeof input !== "string") {
  24         return cb(new Error("Invalid auth string"));
  25     }
  26
  27     var parts = input.split(":");
  28     if (parts.length !== 4 && parts.length !== 5) {
  29         return cb(new Error("Invalid auth string"));
  30     }
  31
  32     const [name, expiration, salt, hash, _global_rank] = parts;
  33
  34     if (Date.now() > parseInt(expiration, 10)) {
  35         return cb(new Error("Session expired"));
  36     }
  37
  38     dbAccounts.getUser(name, function (err, account) {
  39         if (err) {
  40             if (!(err instanceof Error)) err = new Error(err);
  41             return cb(err);
  42         }
  43
  44         var hashInput = [account.name, account.password, expiration, salt].join(":");
  45         if (sha256(hashInput) !== hash) {
  46             return cb(new Error("Invalid auth string"));
  47         }
  48
  49         cb(null, account);
  50     });
  51 };