Server: encrypt password in database
This commit is contained in:
parent
f84a89f0e7
commit
26d7d31ba3
6 changed files with 74 additions and 15 deletions
|
@ -35,6 +35,7 @@
|
|||
},
|
||||
"dependencies": {
|
||||
"async": "^2.0.0",
|
||||
"bcrypt": "^0.8.7",
|
||||
"bittorrent-tracker": "^8.0.0",
|
||||
"body-parser": "^1.12.4",
|
||||
"concurrently": "^2.0.0",
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
'use strict'
|
||||
|
||||
const bcrypt = require('bcrypt')
|
||||
const crypto = require('crypto')
|
||||
const fs = require('fs')
|
||||
const openssl = require('openssl-wrapper')
|
||||
|
@ -12,7 +13,9 @@ const algorithm = 'aes-256-ctr'
|
|||
|
||||
const peertubeCrypto = {
|
||||
checkSignature: checkSignature,
|
||||
comparePassword: comparePassword,
|
||||
createCertsIfNotExist: createCertsIfNotExist,
|
||||
cryptPassword: cryptPassword,
|
||||
decrypt: decrypt,
|
||||
encrypt: encrypt,
|
||||
sign: sign
|
||||
|
@ -24,6 +27,14 @@ function checkSignature (publicKey, rawData, hexSignature) {
|
|||
return isValid
|
||||
}
|
||||
|
||||
function comparePassword (plainPassword, hashPassword, callback) {
|
||||
bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
|
||||
if (err) return callback(err)
|
||||
|
||||
return callback(null, isPasswordMatch)
|
||||
})
|
||||
}
|
||||
|
||||
function createCertsIfNotExist (callback) {
|
||||
certsExist(function (exist) {
|
||||
if (exist === true) {
|
||||
|
@ -36,6 +47,16 @@ function createCertsIfNotExist (callback) {
|
|||
})
|
||||
}
|
||||
|
||||
function cryptPassword (password, callback) {
|
||||
bcrypt.genSalt(constants.BCRYPT_SALT_SIZE, function (err, salt) {
|
||||
if (err) return callback(err)
|
||||
|
||||
bcrypt.hash(password, salt, function (err, hash) {
|
||||
return callback(err, hash)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
function decrypt (key, data, callback) {
|
||||
fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (err, file) {
|
||||
if (err) return callback(err)
|
||||
|
|
|
@ -6,6 +6,8 @@ const path = require('path')
|
|||
// API version of our pod
|
||||
const API_VERSION = 'v1'
|
||||
|
||||
const BCRYPT_SALT_SIZE = 10
|
||||
|
||||
const CONFIG = {
|
||||
DATABASE: {
|
||||
DBNAME: 'peertube' + config.get('database.suffix'),
|
||||
|
@ -115,6 +117,7 @@ if (isTestInstance() === true) {
|
|||
|
||||
module.exports = {
|
||||
API_VERSION: API_VERSION,
|
||||
BCRYPT_SALT_SIZE: BCRYPT_SALT_SIZE,
|
||||
CONFIG: CONFIG,
|
||||
CONSTRAINTS_FIELDS: CONSTRAINTS_FIELDS,
|
||||
FRIEND_SCORE: FRIEND_SCORE,
|
||||
|
|
|
@ -114,8 +114,8 @@ function createOAuthAdminIfNotExist (callback) {
|
|||
user.save(function (err, createdUser) {
|
||||
if (err) return callback(err)
|
||||
|
||||
logger.info('Username: ' + createdUser.username)
|
||||
logger.info('User password: ' + createdUser.password)
|
||||
logger.info('Username: ' + username)
|
||||
logger.info('User password: ' + password)
|
||||
|
||||
return callback(null)
|
||||
})
|
||||
|
|
|
@ -41,7 +41,22 @@ function getRefreshToken (refreshToken, callback) {
|
|||
function getUser (username, password) {
|
||||
logger.debug('Getting User (username: ' + username + ', password: ' + password + ').')
|
||||
|
||||
return User.getByUsernameAndPassword(username, password)
|
||||
return User.getByUsername(username).then(function (user) {
|
||||
if (!user) return null
|
||||
|
||||
// We need to return a promise
|
||||
return new Promise(function (resolve, reject) {
|
||||
return user.isPasswordMatch(password, function (err, isPasswordMatch) {
|
||||
if (err) return reject(err)
|
||||
|
||||
if (isPasswordMatch === true) {
|
||||
return resolve(user)
|
||||
}
|
||||
|
||||
return resolve(null)
|
||||
})
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
function revokeToken (token) {
|
||||
|
|
|
@ -2,6 +2,7 @@ const mongoose = require('mongoose')
|
|||
|
||||
const customUsersValidators = require('../helpers/custom-validators').users
|
||||
const modelUtils = require('./utils')
|
||||
const peertubeCrypto = require('../helpers/peertube-crypto')
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
|
@ -20,27 +21,53 @@ UserSchema.path('username').required(customUsersValidators.isUserUsernameValid)
|
|||
UserSchema.path('role').validate(customUsersValidators.isUserRoleValid)
|
||||
|
||||
UserSchema.methods = {
|
||||
isPasswordMatch: isPasswordMatch,
|
||||
toFormatedJSON: toFormatedJSON
|
||||
}
|
||||
|
||||
UserSchema.statics = {
|
||||
countTotal: countTotal,
|
||||
getByUsernameAndPassword: getByUsernameAndPassword,
|
||||
getByUsername: getByUsername,
|
||||
listForApi: listForApi,
|
||||
loadById: loadById,
|
||||
loadByUsername: loadByUsername
|
||||
}
|
||||
|
||||
UserSchema.pre('save', function (next) {
|
||||
const user = this
|
||||
|
||||
peertubeCrypto.cryptPassword(this.password, function (err, hash) {
|
||||
if (err) return next(err)
|
||||
|
||||
user.password = hash
|
||||
|
||||
return next()
|
||||
})
|
||||
})
|
||||
|
||||
mongoose.model('User', UserSchema)
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// ------------------------------ METHODS ------------------------------
|
||||
|
||||
function isPasswordMatch (password, callback) {
|
||||
return peertubeCrypto.comparePassword(password, this.password, callback)
|
||||
}
|
||||
|
||||
function toFormatedJSON () {
|
||||
return {
|
||||
id: this._id,
|
||||
username: this.username,
|
||||
role: this.role
|
||||
}
|
||||
}
|
||||
// ------------------------------ STATICS ------------------------------
|
||||
|
||||
function countTotal (callback) {
|
||||
return this.count(callback)
|
||||
}
|
||||
|
||||
function getByUsernameAndPassword (username, password) {
|
||||
return this.findOne({ username: username, password: password })
|
||||
function getByUsername (username) {
|
||||
return this.findOne({ username: username })
|
||||
}
|
||||
|
||||
function listForApi (start, count, sort, callback) {
|
||||
|
@ -55,11 +82,3 @@ function loadById (id, callback) {
|
|||
function loadByUsername (username, callback) {
|
||||
return this.findOne({ username: username }, callback)
|
||||
}
|
||||
|
||||
function toFormatedJSON () {
|
||||
return {
|
||||
id: this._id,
|
||||
username: this.username,
|
||||
role: this.role
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue