2016-07-19 01:35:02 +00:00
|
|
|
"use strict";
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
var _ = require("lodash");
|
2016-06-12 01:44:28 +00:00
|
|
|
var pkg = require("../package.json");
|
2014-08-14 16:35:37 +00:00
|
|
|
var Client = require("./client");
|
|
|
|
|
var ClientManager = require("./clientManager");
|
2014-09-26 22:12:53 +00:00
|
|
|
var express = require("express");
|
2017-04-20 10:17:25 +00:00
|
|
|
var expressHandlebars = require("express-handlebars");
|
2014-08-14 16:35:37 +00:00
|
|
|
var fs = require("fs");
|
2017-04-20 10:17:25 +00:00
|
|
|
var path = require("path");
|
2014-08-14 16:35:37 +00:00
|
|
|
var io = require("socket.io");
|
2016-04-03 05:12:49 +00:00
|
|
|
var dns = require("dns");
|
2014-09-13 12:23:17 +00:00
|
|
|
var Helper = require("./helper");
|
2016-07-30 01:20:38 +00:00
|
|
|
var ldap = require("ldapjs");
|
2016-11-18 17:25:23 +00:00
|
|
|
var colors = require("colors/safe");
|
2017-06-11 19:33:04 +00:00
|
|
|
const net = require("net");
|
2016-12-17 09:51:33 +00:00
|
|
|
const Identification = require("./identification");
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2016-04-26 20:41:08 +00:00
|
|
|
var manager = null;
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
module.exports = function() {
|
2016-12-17 09:51:33 +00:00
|
|
|
log.info(`The Lounge ${colors.green(Helper.getVersion())} \
|
|
|
|
|
(node ${colors.green(process.versions.node)} on ${colors.green(process.platform)} ${process.arch})`);
|
|
|
|
|
log.info(`Configuration file: ${colors.green(Helper.CONFIG_PATH)}`);
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2017-01-08 00:05:42 +00:00
|
|
|
if (!fs.existsSync("client/js/bundle.js")) {
|
|
|
|
|
log.error(`The client application was not built. Run ${colors.bold("NODE_ENV=production npm run build")} to resolve this.`);
|
|
|
|
|
process.exit();
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-26 22:12:53 +00:00
|
|
|
var app = express()
|
2016-05-01 17:27:10 +00:00
|
|
|
.use(allRequests)
|
2014-08-14 16:35:37 +00:00
|
|
|
.use(index)
|
2017-04-20 10:17:25 +00:00
|
|
|
.use(express.static("client"))
|
2017-07-06 15:33:09 +00:00
|
|
|
.use("/storage/", express.static(Helper.getStoragePath(), {
|
|
|
|
|
redirect: false,
|
|
|
|
|
maxAge: 86400 * 1000,
|
|
|
|
|
}))
|
2017-06-01 19:43:23 +00:00
|
|
|
.engine("html", expressHandlebars({
|
|
|
|
|
extname: ".html",
|
|
|
|
|
helpers: {
|
2017-04-08 12:34:31 +00:00
|
|
|
tojson: (c) => JSON.stringify(c)
|
2017-06-01 19:43:23 +00:00
|
|
|
}
|
|
|
|
|
}))
|
2017-04-20 10:17:25 +00:00
|
|
|
.set("view engine", "html")
|
|
|
|
|
.set("views", path.join(__dirname, "..", "client"));
|
2014-11-01 20:06:01 +00:00
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
var config = Helper.config;
|
2014-09-26 23:26:21 +00:00
|
|
|
var server = null;
|
|
|
|
|
|
2016-07-30 01:20:38 +00:00
|
|
|
if (config.public && (config.ldap || {}).enable) {
|
2016-08-10 06:14:09 +00:00
|
|
|
log.warn("Server is public and set to use LDAP. Set to private mode if trying to use LDAP authentication.");
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
if (!config.https.enable) {
|
2014-09-26 23:26:21 +00:00
|
|
|
server = require("http");
|
2016-12-17 09:51:33 +00:00
|
|
|
server = server.createServer(app);
|
2014-09-26 23:26:21 +00:00
|
|
|
} else {
|
2016-10-04 22:35:04 +00:00
|
|
|
const keyPath = Helper.expandHome(config.https.key);
|
|
|
|
|
const certPath = Helper.expandHome(config.https.certificate);
|
2017-04-10 18:49:58 +00:00
|
|
|
const caPath = Helper.expandHome(config.https.ca);
|
2017-04-13 21:05:28 +00:00
|
|
|
|
|
|
|
|
if (!keyPath.length || !fs.existsSync(keyPath)) {
|
2016-10-04 22:35:04 +00:00
|
|
|
log.error("Path to SSL key is invalid. Stopping server...");
|
|
|
|
|
process.exit();
|
|
|
|
|
}
|
2017-04-13 21:05:28 +00:00
|
|
|
|
|
|
|
|
if (!certPath.length || !fs.existsSync(certPath)) {
|
2016-10-04 22:35:04 +00:00
|
|
|
log.error("Path to SSL certificate is invalid. Stopping server...");
|
|
|
|
|
process.exit();
|
|
|
|
|
}
|
2017-04-13 21:05:28 +00:00
|
|
|
|
2017-04-10 18:49:58 +00:00
|
|
|
if (caPath.length && !fs.existsSync(caPath)) {
|
|
|
|
|
log.error("Path to SSL ca bundle is invalid. Stopping server...");
|
|
|
|
|
process.exit();
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-13 21:05:28 +00:00
|
|
|
server = require("spdy");
|
2014-09-26 23:26:21 +00:00
|
|
|
server = server.createServer({
|
2016-10-04 22:35:04 +00:00
|
|
|
key: fs.readFileSync(keyPath),
|
2017-04-10 18:49:58 +00:00
|
|
|
cert: fs.readFileSync(certPath),
|
|
|
|
|
ca: caPath ? fs.readFileSync(caPath) : undefined
|
2016-12-17 09:51:33 +00:00
|
|
|
}, app);
|
2014-09-26 23:26:21 +00:00
|
|
|
}
|
|
|
|
|
|
2016-12-17 09:51:33 +00:00
|
|
|
server.listen({
|
|
|
|
|
port: config.port,
|
|
|
|
|
host: config.host,
|
|
|
|
|
}, () => {
|
|
|
|
|
const protocol = config.https.enable ? "https" : "http";
|
|
|
|
|
var address = server.address();
|
2014-10-11 10:09:27 +00:00
|
|
|
|
2017-08-23 05:19:50 +00:00
|
|
|
log.info(
|
|
|
|
|
"Available at " +
|
|
|
|
|
colors.green(`${protocol}://${address.address}:${address.port}/`) +
|
|
|
|
|
` in ${colors.bold(config.public ? "public" : "private")} mode`
|
|
|
|
|
);
|
2016-07-30 01:20:38 +00:00
|
|
|
|
2017-08-23 05:19:50 +00:00
|
|
|
const sockets = io(server, {
|
|
|
|
|
serveClient: false,
|
|
|
|
|
transports: config.transports
|
|
|
|
|
});
|
2014-11-01 20:06:01 +00:00
|
|
|
|
2017-08-23 05:19:50 +00:00
|
|
|
sockets.on("connect", (socket) => {
|
|
|
|
|
if (config.public) {
|
|
|
|
|
performAuthentication.call(socket, {});
|
|
|
|
|
} else {
|
|
|
|
|
socket.emit("auth", {success: true});
|
|
|
|
|
socket.on("auth", performAuthentication);
|
|
|
|
|
}
|
|
|
|
|
});
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2017-08-23 05:19:50 +00:00
|
|
|
manager = new ClientManager();
|
2016-12-07 05:50:11 +00:00
|
|
|
|
2017-08-23 05:19:50 +00:00
|
|
|
new Identification((identHandler) => {
|
|
|
|
|
manager.init(identHandler, sockets);
|
|
|
|
|
});
|
2016-12-17 09:51:33 +00:00
|
|
|
});
|
2014-08-14 16:35:37 +00:00
|
|
|
};
|
|
|
|
|
|
2017-06-11 19:33:04 +00:00
|
|
|
function getClientIp(request) {
|
|
|
|
|
let ip = request.connection.remoteAddress;
|
2016-07-31 00:54:09 +00:00
|
|
|
|
2017-06-11 19:33:04 +00:00
|
|
|
if (Helper.config.reverseProxy) {
|
|
|
|
|
const forwarded = (request.headers["x-forwarded-for"] || "").split(/\s*,\s*/).filter(Boolean);
|
|
|
|
|
|
|
|
|
|
if (forwarded.length && net.isIP(forwarded[0])) {
|
|
|
|
|
ip = forwarded[0];
|
|
|
|
|
}
|
2016-04-03 05:12:49 +00:00
|
|
|
}
|
2016-07-31 00:54:09 +00:00
|
|
|
|
|
|
|
|
return ip.replace(/^::ffff:/, "");
|
2016-04-03 05:12:49 +00:00
|
|
|
}
|
|
|
|
|
|
2016-05-01 17:27:10 +00:00
|
|
|
function allRequests(req, res, next) {
|
|
|
|
|
res.setHeader("X-Content-Type-Options", "nosniff");
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
function index(req, res, next) {
|
2016-05-01 09:41:17 +00:00
|
|
|
if (req.url.split("?")[0] !== "/") {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-20 10:17:25 +00:00
|
|
|
var data = _.merge(
|
|
|
|
|
pkg,
|
|
|
|
|
Helper.config
|
|
|
|
|
);
|
|
|
|
|
data.gitCommit = Helper.getGitCommit();
|
|
|
|
|
data.themes = fs.readdirSync("client/themes/").filter(function(themeFile) {
|
|
|
|
|
return themeFile.endsWith(".css");
|
|
|
|
|
}).map(function(css) {
|
2017-04-21 08:26:02 +00:00
|
|
|
const filename = css.slice(0, -4);
|
|
|
|
|
return {
|
|
|
|
|
name: filename.charAt(0).toUpperCase() + filename.slice(1),
|
|
|
|
|
filename: filename
|
|
|
|
|
};
|
2014-08-14 16:35:37 +00:00
|
|
|
});
|
2017-07-06 15:33:09 +00:00
|
|
|
|
|
|
|
|
const policies = [
|
|
|
|
|
"default-src *",
|
|
|
|
|
"connect-src 'self' ws: wss:",
|
|
|
|
|
"style-src * 'unsafe-inline'",
|
|
|
|
|
"script-src 'self'",
|
|
|
|
|
"child-src 'self'",
|
|
|
|
|
"object-src 'none'",
|
|
|
|
|
"form-action 'none'",
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
// If prefetch is enabled, but storage is not, we have to allow mixed content
|
|
|
|
|
if (Helper.config.prefetchStorage || !Helper.config.prefetch) {
|
|
|
|
|
policies.push("img-src 'self'");
|
|
|
|
|
policies.unshift("block-all-mixed-content");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res.setHeader("Content-Security-Policy", policies.join("; "));
|
2017-04-20 10:17:25 +00:00
|
|
|
res.setHeader("Referrer-Policy", "no-referrer");
|
|
|
|
|
res.render("index", data);
|
2014-08-14 16:35:37 +00:00
|
|
|
}
|
|
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
function initializeClient(socket, client, generateToken, token) {
|
|
|
|
|
socket.emit("authorized");
|
2016-09-25 06:52:16 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.on("disconnect", function() {
|
|
|
|
|
client.clientDetach(socket.id);
|
|
|
|
|
});
|
2017-07-10 19:47:03 +00:00
|
|
|
client.clientAttach(socket.id, token);
|
2016-11-19 20:34:05 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.on(
|
|
|
|
|
"input",
|
|
|
|
|
function(data) {
|
|
|
|
|
client.input(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
2016-09-25 06:41:10 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.on(
|
|
|
|
|
"more",
|
|
|
|
|
function(data) {
|
|
|
|
|
client.more(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
socket.on(
|
|
|
|
|
"conn",
|
|
|
|
|
function(data) {
|
|
|
|
|
// prevent people from overriding webirc settings
|
|
|
|
|
data.ip = null;
|
|
|
|
|
data.hostname = null;
|
|
|
|
|
|
|
|
|
|
client.connect(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!Helper.config.public && !Helper.config.ldap.enable) {
|
2014-08-14 16:35:37 +00:00
|
|
|
socket.on(
|
2017-08-13 18:37:12 +00:00
|
|
|
"change-password",
|
2014-08-14 16:35:37 +00:00
|
|
|
function(data) {
|
2017-08-13 18:37:12 +00:00
|
|
|
var old = data.old_password;
|
|
|
|
|
var p1 = data.new_password;
|
|
|
|
|
var p2 = data.verify_password;
|
|
|
|
|
if (typeof p1 === "undefined" || p1 === "") {
|
|
|
|
|
socket.emit("change-password", {
|
|
|
|
|
error: "Please enter a new password"
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (p1 !== p2) {
|
|
|
|
|
socket.emit("change-password", {
|
|
|
|
|
error: "Both new password fields must match"
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-05-31 21:28:31 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
Helper.password
|
|
|
|
|
.compare(old || "", client.config.password)
|
|
|
|
|
.then((matching) => {
|
|
|
|
|
if (!matching) {
|
|
|
|
|
socket.emit("change-password", {
|
|
|
|
|
error: "The current password field does not match your account password"
|
|
|
|
|
});
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
const hash = Helper.password.hash(p1);
|
2016-05-31 21:28:31 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
client.setPassword(hash, (success) => {
|
|
|
|
|
const obj = {};
|
2016-05-31 21:28:31 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
if (success) {
|
|
|
|
|
obj.success = "Successfully updated your password";
|
|
|
|
|
} else {
|
|
|
|
|
obj.error = "Failed to update your password";
|
|
|
|
|
}
|
2016-05-31 21:28:31 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.emit("change-password", obj);
|
2017-03-23 07:47:51 +00:00
|
|
|
});
|
2017-08-13 18:37:12 +00:00
|
|
|
}).catch((error) => {
|
|
|
|
|
log.error(`Error while checking users password. Error: ${error}`);
|
2016-02-17 00:14:43 +00:00
|
|
|
});
|
2014-09-24 19:42:36 +00:00
|
|
|
}
|
|
|
|
|
);
|
2017-08-13 18:37:12 +00:00
|
|
|
}
|
2017-07-24 06:01:25 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.on(
|
|
|
|
|
"open",
|
|
|
|
|
function(data) {
|
|
|
|
|
client.open(socket.id, data);
|
|
|
|
|
}
|
|
|
|
|
);
|
2017-07-24 06:01:25 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.on(
|
|
|
|
|
"sort",
|
|
|
|
|
function(data) {
|
|
|
|
|
client.sort(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
2017-07-24 06:01:25 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.on(
|
|
|
|
|
"names",
|
|
|
|
|
function(data) {
|
|
|
|
|
client.names(data);
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
socket.on("msg:preview:toggle", function(data) {
|
|
|
|
|
const networkAndChan = client.find(data.target);
|
|
|
|
|
if (!networkAndChan) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const message = networkAndChan.chan.findMessage(data.msgId);
|
|
|
|
|
|
|
|
|
|
if (!message) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const preview = message.findPreview(data.link);
|
|
|
|
|
|
|
|
|
|
if (preview) {
|
|
|
|
|
preview.shown = data.shown;
|
|
|
|
|
}
|
|
|
|
|
});
|
2017-07-24 06:01:25 +00:00
|
|
|
|
2017-07-10 19:47:03 +00:00
|
|
|
socket.on("push:register", (subscription) => {
|
|
|
|
|
if (!client.isRegistered() || !client.config.sessions[token]) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const registration = client.registerPushSubscription(client.config.sessions[token], subscription);
|
|
|
|
|
|
|
|
|
|
if (registration) {
|
|
|
|
|
client.manager.webPush.pushSingle(client, registration, {
|
|
|
|
|
type: "notification",
|
|
|
|
|
timestamp: Date.now(),
|
|
|
|
|
title: "The Lounge",
|
|
|
|
|
body: "🚀 Push notifications have been enabled"
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
socket.on("push:unregister", () => {
|
|
|
|
|
if (!client.isRegistered()) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
client.unregisterPushSubscription(token);
|
|
|
|
|
});
|
|
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.on("sign-out", () => {
|
|
|
|
|
delete client.config.sessions[token];
|
2017-07-24 06:01:25 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
client.manager.updateUser(client.name, {
|
|
|
|
|
sessions: client.config.sessions
|
|
|
|
|
}, (err) => {
|
|
|
|
|
if (err) {
|
|
|
|
|
log.error("Failed to update sessions for", client.name, err);
|
2016-02-17 02:29:44 +00:00
|
|
|
}
|
2017-07-24 06:01:25 +00:00
|
|
|
});
|
|
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
socket.emit("sign-out");
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
socket.join(client.id);
|
|
|
|
|
|
|
|
|
|
const sendInitEvent = (tokenToSend) => {
|
2014-08-14 16:35:37 +00:00
|
|
|
socket.emit("init", {
|
2017-07-10 19:47:03 +00:00
|
|
|
applicationServerKey: manager.webPush.vapidKeys.publicKey,
|
|
|
|
|
pushSubscription: client.config.sessions[token],
|
2016-09-25 06:41:10 +00:00
|
|
|
active: client.lastActiveChannel,
|
2014-09-15 21:13:03 +00:00
|
|
|
networks: client.networks,
|
2017-08-13 18:37:12 +00:00
|
|
|
token: tokenToSend
|
2014-08-14 16:35:37 +00:00
|
|
|
});
|
2017-08-13 18:37:12 +00:00
|
|
|
};
|
2014-08-14 16:35:37 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
if (generateToken) {
|
|
|
|
|
client.generateToken((newToken) => {
|
|
|
|
|
token = newToken;
|
2016-04-03 05:12:49 +00:00
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
client.updateSession(token, getClientIp(socket.request), socket.request);
|
2016-04-03 05:12:49 +00:00
|
|
|
|
2017-06-21 07:58:29 +00:00
|
|
|
client.manager.updateUser(client.name, {
|
|
|
|
|
sessions: client.config.sessions
|
|
|
|
|
}, (err) => {
|
|
|
|
|
if (err) {
|
|
|
|
|
log.error("Failed to update sessions for", client.name, err);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
sendInitEvent(token);
|
2014-08-14 16:35:37 +00:00
|
|
|
});
|
2017-08-13 18:37:12 +00:00
|
|
|
} else {
|
|
|
|
|
sendInitEvent(null);
|
2014-08-14 16:35:37 +00:00
|
|
|
}
|
2016-04-03 05:12:49 +00:00
|
|
|
}
|
|
|
|
|
|
2016-07-30 01:20:38 +00:00
|
|
|
function localAuth(client, user, password, callback) {
|
2017-06-21 07:58:29 +00:00
|
|
|
// If no user is found, or if the client has not provided a password,
|
|
|
|
|
// fail the authentication straight away
|
2016-10-21 19:00:43 +00:00
|
|
|
if (!client || !password) {
|
|
|
|
|
return callback(false);
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-21 07:58:29 +00:00
|
|
|
// If this user has no password set, fail the authentication
|
2016-10-21 19:00:43 +00:00
|
|
|
if (!client.config.password) {
|
2017-01-04 07:13:07 +00:00
|
|
|
log.error(`User ${colors.bold(user)} with no local password set tried to sign in. (Probably a LDAP user)`);
|
2016-10-21 19:00:43 +00:00
|
|
|
return callback(false);
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-23 07:47:51 +00:00
|
|
|
Helper.password
|
|
|
|
|
.compare(password, client.config.password)
|
2017-04-08 12:34:31 +00:00
|
|
|
.then((matching) => {
|
2017-06-02 08:02:03 +00:00
|
|
|
if (matching && Helper.password.requiresUpdate(client.config.password)) {
|
2017-03-23 07:47:51 +00:00
|
|
|
const hash = Helper.password.hash(password);
|
2016-10-21 19:00:43 +00:00
|
|
|
|
2017-04-08 12:34:31 +00:00
|
|
|
client.setPassword(hash, (success) => {
|
2017-03-23 07:47:51 +00:00
|
|
|
if (success) {
|
|
|
|
|
log.info(`User ${colors.bold(client.name)} logged in and their hashed password has been updated to match new security requirements`);
|
|
|
|
|
}
|
|
|
|
|
});
|
2016-10-21 19:00:43 +00:00
|
|
|
}
|
|
|
|
|
|
2017-03-23 07:47:51 +00:00
|
|
|
callback(matching);
|
2017-04-08 12:34:31 +00:00
|
|
|
}).catch((error) => {
|
2017-03-23 07:47:51 +00:00
|
|
|
log.error(`Error while checking users password. Error: ${error}`);
|
2016-10-21 19:00:43 +00:00
|
|
|
});
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function ldapAuth(client, user, password, callback) {
|
2017-03-21 14:15:33 +00:00
|
|
|
if (!user) {
|
|
|
|
|
return callback(false);
|
|
|
|
|
}
|
2017-03-21 14:49:54 +00:00
|
|
|
var config = Helper.config;
|
2016-11-19 08:49:16 +00:00
|
|
|
var userDN = user.replace(/([,\\/#+<>;"= ])/g, "\\$1");
|
2016-07-30 01:20:38 +00:00
|
|
|
|
2016-10-16 06:47:30 +00:00
|
|
|
var ldapclient = ldap.createClient({
|
2017-03-21 14:49:54 +00:00
|
|
|
url: config.ldap.url,
|
|
|
|
|
tlsOptions: config.ldap.tlsOptions
|
2016-10-16 06:47:30 +00:00
|
|
|
});
|
|
|
|
|
|
2017-03-21 14:49:54 +00:00
|
|
|
var base = config.ldap.base;
|
2017-03-21 14:15:33 +00:00
|
|
|
var searchOptions = {
|
2017-03-21 14:49:54 +00:00
|
|
|
scope: config.ldap.scope,
|
|
|
|
|
filter: "(&(" + config.ldap.primaryKey + "=" + userDN + ")" + config.ldap.filter + ")",
|
|
|
|
|
attributes: ["dn"]
|
2017-03-21 14:15:33 +00:00
|
|
|
};
|
|
|
|
|
|
2016-10-16 06:47:30 +00:00
|
|
|
ldapclient.on("error", function(err) {
|
|
|
|
|
log.error("Unable to connect to LDAP server", err);
|
|
|
|
|
callback(!err);
|
|
|
|
|
});
|
|
|
|
|
|
2017-03-21 14:49:54 +00:00
|
|
|
ldapclient.bind(config.ldap.rootDN, config.ldap.rootPassword, function(err) {
|
2017-03-21 14:15:33 +00:00
|
|
|
if (err) {
|
|
|
|
|
log.error("Invalid LDAP root credentials");
|
|
|
|
|
ldapclient.unbind();
|
|
|
|
|
callback(false);
|
|
|
|
|
} else {
|
2017-03-21 14:49:54 +00:00
|
|
|
ldapclient.search(base, searchOptions, function(err2, res) {
|
|
|
|
|
if (err2) {
|
2017-03-21 14:15:33 +00:00
|
|
|
log.warning("User not found: ", userDN);
|
|
|
|
|
ldapclient.unbind();
|
|
|
|
|
callback(false);
|
|
|
|
|
} else {
|
|
|
|
|
var found = false;
|
2017-03-21 14:49:54 +00:00
|
|
|
res.on("searchEntry", function(entry) {
|
2017-03-21 14:15:33 +00:00
|
|
|
found = true;
|
|
|
|
|
var bindDN = entry.objectName;
|
2017-03-21 14:49:54 +00:00
|
|
|
log.info("Auth against LDAP ", config.ldap.url, " with bindDN ", bindDN);
|
|
|
|
|
ldapclient.unbind();
|
2017-03-21 14:15:33 +00:00
|
|
|
var ldapclient2 = ldap.createClient({
|
2017-03-21 14:49:54 +00:00
|
|
|
url: config.ldap.url,
|
|
|
|
|
tlsOptions: config.ldap.tlsOptions
|
2017-03-21 14:15:33 +00:00
|
|
|
});
|
2017-03-21 14:49:54 +00:00
|
|
|
ldapclient2.bind(bindDN, password, function(err3) {
|
|
|
|
|
if (!err3 && !client) {
|
2017-03-21 14:15:33 +00:00
|
|
|
if (!manager.addUser(user, null)) {
|
|
|
|
|
log.error("Unable to create new user", user);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ldapclient2.unbind();
|
2017-03-21 14:49:54 +00:00
|
|
|
callback(!err3);
|
2017-03-21 14:15:33 +00:00
|
|
|
});
|
|
|
|
|
});
|
2017-03-21 14:49:54 +00:00
|
|
|
res.on("error", function(err3) {
|
|
|
|
|
log.error("LDAP error: ", err3);
|
2017-03-21 14:15:33 +00:00
|
|
|
callback(false);
|
|
|
|
|
});
|
2017-03-21 14:49:54 +00:00
|
|
|
res.on("end", function() {
|
2017-03-21 14:15:33 +00:00
|
|
|
if (!found) {
|
|
|
|
|
callback(false);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
});
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
function performAuthentication(data) {
|
2017-06-21 07:58:29 +00:00
|
|
|
const socket = this;
|
|
|
|
|
let client;
|
|
|
|
|
|
2017-08-13 18:37:12 +00:00
|
|
|
const finalInit = () => initializeClient(socket, client, !!data.remember, data.token || null);
|
|
|
|
|
|
2017-06-21 07:58:29 +00:00
|
|
|
const initClient = () => {
|
2017-08-13 18:37:12 +00:00
|
|
|
client.ip = getClientIp(socket.request);
|
|
|
|
|
|
|
|
|
|
// If webirc is enabled perform reverse dns lookup
|
|
|
|
|
if (Helper.config.webirc === null) {
|
|
|
|
|
return finalInit();
|
2017-06-21 07:58:29 +00:00
|
|
|
}
|
2017-08-13 18:37:12 +00:00
|
|
|
|
|
|
|
|
reverseDnsLookup(client.ip, (hostname) => {
|
|
|
|
|
client.hostname = hostname;
|
|
|
|
|
|
|
|
|
|
finalInit();
|
|
|
|
|
});
|
2017-06-21 07:58:29 +00:00
|
|
|
};
|
|
|
|
|
|
2016-06-08 09:26:24 +00:00
|
|
|
if (Helper.config.public) {
|
2016-07-30 01:20:38 +00:00
|
|
|
client = new Client(manager);
|
2014-08-14 16:35:37 +00:00
|
|
|
manager.clients.push(client);
|
2017-06-21 07:58:29 +00:00
|
|
|
|
2014-08-14 16:35:37 +00:00
|
|
|
socket.on("disconnect", function() {
|
|
|
|
|
manager.clients = _.without(manager.clients, client);
|
|
|
|
|
client.quit();
|
|
|
|
|
});
|
2017-06-21 07:58:29 +00:00
|
|
|
|
|
|
|
|
initClient();
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const authCallback = (success) => {
|
|
|
|
|
// Authorization failed
|
|
|
|
|
if (!success) {
|
|
|
|
|
socket.emit("auth", {success: false});
|
|
|
|
|
return;
|
2016-04-03 05:12:49 +00:00
|
|
|
}
|
2016-07-30 01:20:38 +00:00
|
|
|
|
2017-06-21 07:58:29 +00:00
|
|
|
// If authorization succeeded but there is no loaded user,
|
|
|
|
|
// load it and find the user again (this happens with LDAP)
|
|
|
|
|
if (!client) {
|
|
|
|
|
manager.loadUser(data.user);
|
|
|
|
|
client = manager.findClient(data.user);
|
2016-07-30 01:20:38 +00:00
|
|
|
}
|
|
|
|
|
|
2017-06-21 07:58:29 +00:00
|
|
|
initClient();
|
|
|
|
|
};
|
2016-07-30 01:20:38 +00:00
|
|
|
|
2017-06-21 07:58:29 +00:00
|
|
|
client = manager.findClient(data.user);
|
|
|
|
|
|
|
|
|
|
// We have found an existing user and client has provided a token
|
|
|
|
|
if (client && data.token && typeof client.config.sessions[data.token] !== "undefined") {
|
|
|
|
|
client.updateSession(data.token, getClientIp(socket.request), socket.request);
|
|
|
|
|
|
|
|
|
|
authCallback(true);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Perform password checking
|
|
|
|
|
if (!Helper.config.public && Helper.config.ldap.enable) {
|
|
|
|
|
ldapAuth(client, data.user, data.password, authCallback);
|
|
|
|
|
} else {
|
|
|
|
|
localAuth(client, data.user, data.password, authCallback);
|
2014-08-14 16:35:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-08-13 18:37:12 +00:00
|
|
|
|
|
|
|
|
function reverseDnsLookup(ip, callback) {
|
|
|
|
|
dns.reverse(ip, (err, hostnames) => {
|
|
|
|
|
if (!err && hostnames.length) {
|
|
|
|
|
return callback(hostnames[0]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
callback(ip);
|
|
|
|
|
});
|
|
|
|
|
}
|
