fix(token_auth): corrected logic to check token

!6
2023-08-16 17:37:34 +09:30
parent 072a56d035
commit 1a995c4394
1 changed files with 2 additions and 2 deletions
--- a/flows.json
+++ b/flows.json
@ -8154,7 +8154,7 @@
        "z": "8179bf22c4c31682",
        "g": "bcaed4334222c14a",
        "name": "Session: Load and Check",
-        "func": "var have_session = null;\nvar no_session = msg;\n\nvar status = { fill: \"red\", shape: \"ring\", text: \"incomplete\"};\n\nvar auth_url = global.get('config.oauth.url.auth') + \"?response_type=code&client_id=\" + global.get('config.oauth.client_id') + \"&redirect_uri=\" + encodeURIComponent(global.get('config.oauth.url.callback')) + \"&scope=openid&state=\" + String(Date.now());\n\nif (Object.keys(msg.req.cookies || {}).length > 0) {\n\n    if ( msg.req.cookies.hasOwnProperty('auth')) {\n\n        var filename = String(env.get('HOME') + '/' + global.get('config.paths.token_sessions')) + msg.req.cookies.auth + '.json';\n\n        fs.stat( filename, function (err) {\n\n            if (err) {\n                status.text = \"No Saved Session\";\n                status.fill = \"yellow\";\n\n                \n                msg.statusCode = 303;\n\n                msg.headers = {\n                    Location: auth_url\n                }\n\n            } else {\n                status.text = \"Saved Session Exists\";\n                status.fill = \"green\";\n\n                msg.filename = filename;\n\n                have_session = msg;\n                no_session = null;\n\n            }\n\n            node.status(status);\n\n            node.send([\n                have_session,\n                no_session\n            ]);\n\n        })\n\n    } else {\n        \n        status.text = \"No Auth Cookie\";\n        status.fill = \"yellow\";\n\n        msg.statusCode = 303;\n\n        msg.headers = {\n            Location: auth_url\n        }\n\n        no_session = msg;\n\n        node.status(status);\n\n        node.send([\n            have_session,\n            no_session\n        ]);\n    }\n\n} else {\n\n    status.text = \"No Cookies\";\n    status.fill = \"yellow\";\n\n    node.status(status);\n\n    msg.statusCode = 303;\n\n    msg.headers = {\n        Location: auth_url\n    }\n\n    no_session = msg;\n\n    node.send([\n        have_session,\n        no_session\n    ]);\n\n}\n",
+        "func": "var have_session = null;\nvar no_session = msg;\n\nvar cookie = false;\nvar token = false;\n\nvar filename = null;\nvar status = { fill: \"red\", shape: \"ring\", text: \"incomplete\"};\n\nvar auth_url = global.get('config.oauth.url.auth') + \"?response_type=code&client_id=\" + global.get('config.oauth.client_id') + \"&redirect_uri=\" + encodeURIComponent(global.get('config.oauth.url.callback')) + \"&scope=openid&state=\" + String(Date.now());\n\nnode.warn('here');\n\n\nif (Object.keys(msg.req.cookies || {}).length > 0) {\n    node.warn('cookie');\n\n    if ( msg.req.cookies.hasOwnProperty('auth')) {\n        node.warn('cookie1');\n\n        filename = String(env.get('HOME') + '/' + global.get('config.paths.token_sessions')) + msg.req.cookies.auth + '.json';\n        \n        cookie = fs.existsSync(filename)\n\n    }\n\n} \n\n\nif (Object.keys(msg.req.query || {}).length > 0 ) {\n    node.warn('token');\n    if (msg.req.query.hasOwnProperty('token')) {\n        node.warn('token1');\n\n        filename = String(env.get('HOME') + '/' + global.get('config.paths.token_sessions')) + msg.req.query.token + '.json';\n        node.warn('token1.5' + filename );\n        \n        token = fs.existsSync(filename);\n\n    }\n\n} \n\nif( cookie ) {\n    node.warn('cookie3');\n    status.text = \"Saved Session Exists\";\n    status.fill = \"green\";\n\n    msg.filename = filename;\n    msg.token = msg.req.cookies.auth;\n\n    \n    have_session = msg;\n    no_session = null;\n    \n} else if( token ) {\n    node.warn('token3');\n    status.text = \"Saved Token Exists\";\n    status.fill = \"green\";\n    \n    msg.filename = filename;\n    msg.token = msg.req.query.token;\n\n    have_session = msg;\n    no_session = null;\n\n} else {\n    \n    node.warn('here3');\n    status.text = \"No Saved Sessions\";\n    status.fill = \"yellow\";\n\n    msg.statusCode = 303;\n\n    msg.headers = {\n        Location: auth_url\n    }\n\n}\n\nnode.status(status);\n\nnode.send([\n    have_session,\n    no_session\n]);\n",
        "outputs": 2,
        "noerr": 0,
        "initialize": "",
@ -8277,7 +8277,7 @@
        "z": "8179bf22c4c31682",
        "g": "75c44e5f7f101beb",
        "name": "Validate Token File",
-        "func": "var success = null;\nvar failure = null;\n\nif( msg.session.datetime > Date.now() ) {\n\n    if( msg.session.hasOwnProperty(\"user\") ) {\n\n        if (\n            msg.session.user.hasOwnProperty(\"fname\") &&\n            msg.session.user.hasOwnProperty(\"lname\") &&\n            msg.session.user.hasOwnProperty(\"username\") &&\n            msg.session.user.hasOwnProperty(\"mail\")\n        ) {\n\n            node.status({ fill: \"green\", shape: \"ring\", text: \"Authorized\" });\n            msg.auth.access = true;\n            msg.auth.user = msg.session.user;\n\n            msg.cookies = {\n                token: {\n                    value: String(msg.token),\n                    expires: 0\n                }\n            };\n\n            delete msg.token;\n            delete msg.payload;\n            success = msg\n\n        } else {\n\n            node.status({ fill: \"grey\", shape: \"ring\", text: \"Missing User details, not Authorized\" });\n            \n            delete msg.token;\n            delete msg.payload;\n            failure = msg;\n\n        }\n    } else{\n\n        node.status({ fill: \"grey\", shape: \"ring\", text: \"Missing User, not Authorized\" });\n\n        delete msg.token;\n        delete msg.payload;\n        failure = msg;\n\n    }\n    \n\n} else {\n\n    node.status({ fill: \"yellow\", shape: \"ring\", text: \"Not Authorized\" });\n    delete msg.token;\n    delete msg.payload;\n    failure = msg;\n}\n\n\nnode.send([success, failure]);",
+        "func": "var success = null;\nvar failure = null;\n\nif( msg.session.datetime > Date.now() ) {\n\n    if( msg.session.hasOwnProperty(\"user\") ) {\n\n        if (\n            msg.session.user.hasOwnProperty(\"fname\") &&\n            msg.session.user.hasOwnProperty(\"lname\") &&\n            msg.session.user.hasOwnProperty(\"username\") &&\n            msg.session.user.hasOwnProperty(\"mail\")\n        ) {\n\n            node.status({ fill: \"green\", shape: \"ring\", text: \"Authorized\" });\n            //msg.auth.access = true;\n            //msg.auth.user = msg.session.user;\n\n            msg.cookies = {\n                auth: {\n                    value: String(msg.token),\n                    maxAge: msg.session.datetime - Date.now()\n                }\n            };\n\n            delete msg.token;\n            delete msg.payload;\n            success = msg\n\n        } else {\n\n            node.status({ fill: \"grey\", shape: \"ring\", text: \"Missing User details, not Authorized\" });\n            \n            delete msg.token;\n            delete msg.payload;\n            failure = msg;\n\n        }\n    } else{\n\n        node.status({ fill: \"grey\", shape: \"ring\", text: \"Missing User, not Authorized\" });\n\n        delete msg.token;\n        delete msg.payload;\n        failure = msg;\n\n    }\n    \n\n} else {\n\n    node.status({ fill: \"yellow\", shape: \"ring\", text: \"Not Authorized\" });\n    delete msg.token;\n    delete msg.payload;\n    failure = msg;\n}\n\n\nnode.send([success, failure]);",
        "outputs": 2,
        "noerr": 0,
        "initialize": "",