-
Notifications
You must be signed in to change notification settings - Fork 0
/
session.js
85 lines (75 loc) · 2.22 KB
/
session.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
var crypto = require("crypto");
var sessions = {};
var Cookies = require("cookies");
var fs = require("fs");
var users = require("./database/users");
var util = require("util");
var syncedUsers = {};
function newSession(username) {
// Start a new session. No password required. Security level is high.
var len = 16;
var alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMOPQRSTUVWXYZ_-";
var ssid = "";
do
{
for (var i = 0; i < len; ++i) {
ssid += alphabet[Math.floor(Math.random() * alphabet.length)];
}
} while (sessions[ssid]);
sessions[ssid] = username;
return ssid;
}
function validateSession(ssid, username) {
// Check if session valid
if (!(ssid && username))
return false;
return (sessions[ssid] == username);
}
function logOut(ssid) {
// Delete session. Note, it DOES NOT remove cookies, it just makes them worthless.
delete sessions[ssid];
}
function getUsername(request, response) {
// Get current user's username
var cookies = new Cookies(request, response);
var ssid = cookies.get("SSID");
var username = cookies.get("username");
if (validateSession(ssid, username))
return username;
else
return null;
}
function isAdmin(request, response) {
// Is current user an admin?
var username = getUsername(request, response);
if (!username) {
return false;
}
return syncedUsers[username].group == 'admin';
}
function isAuthorized(request, response) {
// Simple check, if user logged in
return getUsername(request, response) !== null;
}
function reloadUsers(callback) {
util.log("Syncing users to DB");
users.User.find({}, function(err, result) {
if (result) {
for (var i in result) {
syncedUsers[result[i].username] = {
password: result[i].password,
group: result[i].group,
_id: result[i]._id
}
}
callback();
}
})
}
exports.newSession = newSession;
exports.validateSession = validateSession;
exports.logOut = logOut;
exports.getUsername = getUsername;
exports.isAdmin = isAdmin;
exports.isAuthorized = isAuthorized;
exports.reloadUsers = reloadUsers;