Archives
/
RTL
mirror of https://github.com/Ride-The-Lightning/RTL
2
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
backend-config-fix
Release-0.15.1
cln-boltz
master
Release-0.15.0
ng-17
clnrest-migration
Release-0.14.1
ng-lint
ng-16
ux-link-fixes
lnd-taproot
rtl-donation
csv-download
ecl-routing-fee
lnd-payments-sort
revert-1297-loop-version
loop-version
ecl-channel-response-update
cln-prefix-version-fix
cln-peer-swap
cln-localremote-swap
Release-0.14.0
cln-msat-migration
cln-channel-filter
cln-htlc-list
ecl-circular-rebalance
lnd-lease-utxo
home-redirect-filter
modal-to-graph-lookup
connect-node-on-lookup
Release-0.13.6
pr/1205
Release-0.13.5
default-invoice-expiry
configurable-dblocation
switch-toggle
enhanced-error-message
bug-testing
bugfix-password-change-button
Release-0.13.4
fix-2fa
Release-0.13.3
ecl-default-filter-bugfix
Release-0.13.2
cln-ps-swap-lists
cln-ps-swapin-swapout
cln-ps-listpeers
Release-0.13.1
cln-peerswap-config
Release-0.13.0
Release-0.12.3
Release-0.12.2
Release-0.12.1
Release-0.12.0
Release-0.11.2
Release-0.11.1
Release-0.11.0
Release-0.10.2
Release-0.10.1
v0.15.0
v0.14.1
v0.14.0
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.2
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.1
v0.7.0
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.1
v0.6.0
0.1.6-alpha
0.4.2
v0.1.11-alpha
v0.1.12-alpha
v0.1.13-alpha
v0.1.14-alpha
v0.1.7-alpha
v0.11.0-rc2
v0.11.0-rc3
v0.11.0-rc5
v0.11.0-rc6
v0.11.2-rc1
v0.11.2-rc2
v0.11.2-rc3
v0.11.3-rc1
v0.12.0-rc1
v0.12.0-rc2
v0.12.0-rc3
v0.12.4-rc1
v0.12.4-rc2
v0.12.4-rc3
v0.12.4-rc4
v0.12.4-rc5
v0.13.0-rc1
v0.13.0-rc2
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.2
v0.6.3
v0.6.4-rc
v0.6.4-rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c1d7e22642'
${ noResults }
RTL/controllers/shared/authenticate.js

112 lines
5.5 KiB
JavaScript
Raw Blame History

var common = require('../../routes/common');
var connect = require('../../routes/connect');
var logger = require('./logger');
const jwt = require("jsonwebtoken");
const otplib = require("otplib");
var crypto = require('crypto');
var ONE_MINUTE = 60000;
var LOCKING_PERIOD = 30 * ONE_MINUTE; // HALF AN HOUR
var ALLOWED_LOGIN_ATTEMPTS = 5;
var failedLoginAttempts = {};
setInterval(() => {
for (var ip in failedLoginAttempts) {
if (new Date().getTime() > (failedLoginAttempts[ip].lastTried + LOCKING_PERIOD)) {
delete failedLoginAttempts[ip];
}
}
}, LOCKING_PERIOD);
getFailedInfo = (reqIP, currentTime) => {
let failed = failedLoginAttempts[reqIP] ? failedLoginAttempts[reqIP] : failedLoginAttempts[reqIP] = {count: 0, lastTried: currentTime};
if (currentTime > (failed.lastTried + LOCKING_PERIOD)) {
failed = failedLoginAttempts[reqIP] = {count: 0, lastTried: currentTime};
}
return failed;
}
handleMultipleFailedAttemptsError = (failed, currentTime, errMsg) => {
if (failed.count >= ALLOWED_LOGIN_ATTEMPTS && (currentTime <= (failed.lastTried + LOCKING_PERIOD))) {
return {
message: "Multiple Failed Login Attempts!",
error: "Application locked for " + (LOCKING_PERIOD/ONE_MINUTE) + " minutes due to multiple failed attempts!\nTry again after " + common.convertTimestampToTime((failed.lastTried + LOCKING_PERIOD)/1000) + "!"
};
} else {
return {
message: "Authentication Failed!",
error: errMsg + "\nApplication will be locked after " + (ALLOWED_LOGIN_ATTEMPTS - failed.count) + " more unsuccessful attempts!"
};
}
}
exports.verifyToken = (twoFAToken) => {
if (common.rtl_secret2fa && common.rtl_secret2fa !== '' && otplib.authenticator.check(twoFAToken, common.rtl_secret2fa)) {
return true;
}
return false;
};
exports.authenticateUser = (req, res, next) => {
logger.log({level: 'INFO', fileName: 'Authenticate', msg: 'Authenticating User..'});
if (+common.rtl_sso) {
if (req.body.authenticateWith === 'JWT' && jwt.verify(req.body.authenticationValue, common.secret_key)) {
logger.log({level: 'INFO', fileName: 'Authenticate', msg: 'User Authenticated'});
res.status(200).json({ token: token });
} else if (req.body.authenticateWith === 'PASSWORD' && common.cookie.trim().length >= 32 && crypto.timingSafeEqual(Buffer.from(crypto.createHash('sha256').update(common.cookie).digest('hex'), 'utf-8'), Buffer.from(req.body.authenticationValue, 'utf-8'))) {
connect.refreshCookie(common.rtl_cookie_path);
const token = jwt.sign({ user: 'SSO_USER' }, common.secret_key);
logger.log({level: 'INFO', fileName: 'Authenticate', msg: 'User Authenticated.'});
res.status(200).json({ token: token });
} else {
const errMsg = 'SSO Authentication Failed! Access key too short or does not match.';
const err = common.handleError({ statusCode: 406, message: 'SSO Authentication Error', error: errMsg }, 'Authenticate', errMsg);
return res.status(err.statusCode).json({message: err.message, error: err.error});
}
} else {
const currentTime = new Date().getTime();
const reqIP = common.getRequestIP(req);
let failed = getFailedInfo(reqIP, currentTime);
const password = req.body.authenticationValue;
if (common.rtl_pass === password && failed.count < ALLOWED_LOGIN_ATTEMPTS) {
if (req.body.twoFAToken && req.body.twoFAToken !== '') {
if (!this.verifyToken(req.body.twoFAToken)) {
logger.log({level: 'ERROR', fileName: 'Authenticate', msg: 'Invalid Token! Failed IP ' + reqIP, error: {error: 'Invalid token.'}});
failed.count = failed.count + 1;
failed.lastTried = currentTime;
return res.status(401).json(handleMultipleFailedAttemptsError(failed, currentTime, 'Invalid 2FA Token!'));
}
}
delete failedLoginAttempts[reqIP];
const token = jwt.sign({ user: 'NODE_USER' }, common.secret_key);
logger.log({level: 'INFO', fileName: 'Authenticate', msg: 'User Authenticated'});
res.status(200).json({ token: token });
} else {
logger.log({level: 'ERROR', fileName: 'Authenticate', msg: 'Invalid Password! Failed IP ' + reqIP, error: {error: 'Invalid password.'}});
failed.count = common.rtl_pass !== password ? (failed.count + 1) : failed.count;
failed.lastTried = common.rtl_pass !== password ? currentTime : failed.lastTried;
return res.status(401).json(handleMultipleFailedAttemptsError(failed, currentTime, 'Invalid Password!'));
}
}
};
exports.resetPassword = (req, res, next) => {
logger.log({level: 'INFO', fileName: 'Authenticate', msg: 'Resetting Password..'});
if (+common.rtl_sso) {
const errMsg = 'Password cannot be reset for SSO authentication';
const err = common.handleError({ statusCode: 401, message: 'Password Reset Error', error: errMsg }, 'Authenticate', errMsg);
return res.status(err.statusCode).json({message: err.message, error: err.error});
} else {
const currPassword = req.body.currPassword;
if (common.rtl_pass === currPassword) {
common.rtl_pass = connect.replacePasswordWithHash(req.body.newPassword);
const token = jwt.sign({ user: 'NODE_USER' }, common.secret_key);
logger.log({level: 'INFO', fileName: 'Authenticate', msg: 'Password Reset Successful'});
res.status(200).json({ token: token });
} else {
const errMsg = 'Incorrect Old Password';
const err = common.handleError({ statusCode: 401, message: 'Password Reset Error', error: errMsg }, 'Authenticate', errMsg);
return res.status(err.statusCode).json({message: err.message, error: err.error});
}
}
};
Reference in New Issue View Git Blame Copy Permalink