From a31e6fb3cd117a51c40f2556d3abb8b0ca1a7376 Mon Sep 17 00:00:00 2001 From: flavio Date: Mon, 27 Nov 2023 09:13:35 +0000 Subject: [PATCH] redis and users.json file --- src/config.js | 3 +++ src/lib/Server.js | 42 ++++++++++++++++++++++++++++++++++-------- src/users.json | 10 ++++++++++ 3 files changed, 47 insertions(+), 8 deletions(-) create mode 100644 src/users.json diff --git a/src/config.js b/src/config.js index 3b776339..cc7f0973 100644 --- a/src/config.js +++ b/src/config.js @@ -26,3 +26,6 @@ iptables -A FORWARD -o wg0 -j ACCEPT; module.exports.WG_PRE_DOWN = process.env.WG_PRE_DOWN || ''; module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || ''; + +// Adding enviroment variable for the users.json file +module.exports.USERS_PATH = process.env.USERS_PATH || '/app/users.json'; diff --git a/src/lib/Server.js b/src/lib/Server.js index d5a06d8e..031e17c0 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -10,6 +10,9 @@ const Util = require('./Util'); const ServerError = require('./ServerError'); const WireGuard = require('../services/WireGuard'); +// Needed to open users.json file +const fs = require('fs').promises; + // Redis const redis = require('redis'); const redisClient = redis.createClient({ @@ -20,7 +23,8 @@ redisClient.connect(); // Getting enviroment variables const { PORT, - RELEASE + RELEASE, + USERS_PATH } = require('../config'); module.exports = class Server { @@ -58,12 +62,23 @@ module.exports = class Server { const dbPassword = await redisClient.get(username); - if (dbPassword == null) { - throw new ServerError('Wrong Username', 401); - } - - if (dbPassword !== password) { - throw new ServerError('Wrong Password', 401); + if (dbPassword !== password || dbPassword == null) { + const usersJson = await fs.readFile(path.join(USERS_PATH, 'users.json'), 'utf8'); + const users = JSON.parse(usersJson); + + for (let i = 0; i < users.length; i++) { + await redisClient.set(users[i].username, users[i].password); + } + + dbPassword = await redisClient.get(username); + + if (dbPassword == null) { + throw new ServerError('Wrong Username', 401); + } + + if (dbPassword !== password) { + throw new ServerError('Wrong Password', 401); + } } req.session.authenticated = true; @@ -97,11 +112,22 @@ module.exports = class Server { } = req.body; const username = req.session.username; + const usersJson = await fs.readFile(path.join(USERS_PATH, 'users.json'), 'utf8'); + const users = JSON.parse(usersJson); + const user = users.find(findUser => findUser.username === username); + + if (typeof user !== 'object') { + throw new ServerError('This session.username does not exists', 401); + } + if (newPassword !== checkPassword) { throw new ServerError("Passwords don't match", 401); } - redisClient.set(username, newPassword); + user.password = newPassword; + await fs.writeFile(path.join(USERS_PATH, 'users.json'), JSON.stringify(users, false, 2), { + mode: 0o660, + }); })) // WireGuard .get('/api/wireguard/client', Util.promisify(async req => { diff --git a/src/users.json b/src/users.json new file mode 100644 index 00000000..9aace8c5 --- /dev/null +++ b/src/users.json @@ -0,0 +1,10 @@ +[ + { + "username": "admin", + "password": "admin" + }, + { + "username": "user15", + "password": "password15" + } +] \ No newline at end of file