-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.js
98 lines (80 loc) · 2.63 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
const express = require ('express');
const auth = require('express-basic-auth');
const url = require('url');
const fs = require('fs');
var authInfo;
fs.readFile('auth.json', 'utf8', function (err, data) {
if (err) throw err;
authInfo = JSON.parse(data);
});
var app = express()
app.get('/whitelist', (req, res) => {
let credentials = decodeAuthorization(req.get('Authorization'))
//Esto es nonsense
if (req.query.u){
let user = req.query.u
if (!authInfo.users.hasOwnProperty(user) || user != credentials.user){
res.status(401).send('Unauthorized');
return
}
}//
if (req.query.g) {
let group = req.query.g
if (!authInfo.groups.hasOwnProperty(group)){
res.status(401).send('Specified group not found');
return
}
let users = authInfo.groups[group]
if (!users.includes(credentials.user)){
res.status(401).send('User not included in the specified group');
return
}
}
if (authorize(credentials)) {
res.status(200).send('Authorized');
} else res.status(401).send('Unauthorized');
});
app.get('/blacklist', function (req, res) {
let credentials = decodeAuthorization(req.get('Authorization'))
if (req.query.u){
let user = req.query.u
if (user == credentials.user){
res.status(401).send('Unauthorized');
return
}
}
if (req.query.g) {
let group = req.query.g
if (!authInfo.groups.hasOwnProperty(group)){
res.status(401).send('Specified group not found');
return
}
let users = authInfo.groups[group]
if (users.includes(credentials.user)){
res.status(401).send('Unauthorized');
return
}
}
if (authorize(credentials)) {
res.status(200).send('Authorized');
} else res.status(401).send('Unauthorized');
});
const decodeAuthorization = (authorizarion) => {
let encodedCredentials = authorizarion.split(' ')[1]
let decodedCredentials = Buffer.from(encodedCredentials, 'base64').toString('ascii');
let aux = decodedCredentials.split(':')
let credentials = {}
credentials.user = aux[0]
credentials.password = aux[1]
return credentials
}
const authorize = (credentials) => {
if (authInfo.users.hasOwnProperty(credentials.user)) {
let isPasswordCorrect = auth.safeCompare(credentials.password, authInfo.users[credentials.user])
return isPasswordCorrect
}
return false
}
app.listen(8080, function () {
console.log('Server listening on port 8080!');
});