lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add request data to user_tokens and token filtering

Browse source
This commit is contained in:
Sérgio Salgado 2020-10-26 09:57:31 +00:00 committed by Josh Harvey
parent c4e7547c45
commit 791b275cdf
9 changed files with 61 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/new-admin/admin-server.js
View file

@ -71,7 +71,7 @@ app.get('/api/register', (req, res, next) => {
if (!otp) return next()
return login.register(otp)
return login.register(req)
.then(r => {
if (r.expired) return res.status(401).send('OTP expired, generate new registration link')

4
lib/new-admin/graphql/schema.js
View file

@ -224,7 +224,7 @@ const typeDefs = gql`
transactionsCsv(from: Date, until: Date, limit: Int, offset: Int): String
accounts: JSONObject
config: JSONObject
userTokens: [UserToken]
userTokens(browser: String!, os: String!): [UserToken]
}
enum MachineAction {
@ -283,7 +283,7 @@ const resolvers = {
transactions.batch(from, until, limit, offset).then(parseAsync),
config: () => settingsLoader.loadLatestConfigOrNone(),
accounts: () => settingsLoader.loadAccounts(),
userTokens: () => tokenManager.getTokenList()
userTokens: (...[, { browser, os }]) => tokenManager.getTokenList(browser, os)
},
Mutation: {
machineAction: (...[, { deviceId, action, cassette1, cassette2, newName }]) => machineAction({ deviceId, action, cassette1, cassette2, newName }),

10
lib/new-admin/login.js
View file

@ -1,5 +1,6 @@
const crypto = require('crypto')
const browserOS = require('../../new-lamassu-admin/src/utils/browser-os')
const db = require('../db')
function generateOTP (name) {
@ -21,15 +22,18 @@ function validateOTP (otp) {
.catch(() => ({ success: false, expired: false }))
}
function register (otp) {
function register (req) {
const otp = req.query.otp
return validateOTP(otp)
.then(r => {
if (!r.success) return r
const deviceInfo = browserOS.getInformation(req.headers['user-agent'])
const token = crypto.randomBytes(32).toString('hex')
const sql = 'insert into user_tokens (token, name) values ($1, $2)'
const sql = 'insert into user_tokens (token, name, browser_version, os_version, ip_address) values ($1, $2, $3, $4, $5)'
return db.none(sql, [token, r.name])
return db.none(sql, [token, r.name, deviceInfo.browser, deviceInfo.OS, browserOS.getRequestIP(req)])
.then(() => ({ success: true, token: token }))
})
.catch(() => ({ success: false, expired: false }))