d8171f8b03
The JSON-API can't _really_ use regular http requests because this server then has to do a lot of multi-threading nonsense. For the sake of simplicity for myself and others that try to write their own FC compliant servers: the rtc server(for now) only takes in websocket requests, and attemptes to discern servers from users connections for event handling
51 lines
1.4 KiB
JavaScript
51 lines
1.4 KiB
JavaScript
const jsonwebtoken = require('jsonwebtoken')
|
|
const fs = require('fs')
|
|
|
|
const SERVER_HMAC = fs.readFileSync('wss-hmac.secret')
|
|
const USER_HMAC = fs.readFileSync('hmac.secret')
|
|
|
|
|
|
exports.verify = function(token) {
|
|
/**
|
|
* @param {String} token
|
|
* @returns 'user' on user connection
|
|
* @returns 'server' on server connection
|
|
* @retusn false on failure
|
|
*/
|
|
console.log('given token: ', token)
|
|
try {
|
|
const decoded = jsonwebtoken.verify(token, USER_HMAC, vconfig);
|
|
return 'user'
|
|
} catch (err) {
|
|
try {
|
|
const decoded = jsonwebtoken.verify(token, SERVER_HMAC, {ignoreNotBefore: true})
|
|
return 'server'
|
|
} catch (err) {
|
|
console.log('failed server check: ', err)
|
|
return false
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
exports.prepare_auth = function(req) {
|
|
// NOTE: Why? because setting headers from the server is completely undocumented and I've ran
|
|
// through basically every library under the sun I literally con't be fucked to
|
|
// read people's code for a feature that could have a fucking tweet as documentation
|
|
|
|
// Typical User connections are setup with authentication in the headers
|
|
// Requested channel is the path
|
|
let header_auth = req.headers['authentication'] || req.headers['jwt']
|
|
if(!header_auth) {
|
|
let path = req.url
|
|
let uri = '/jwt/'
|
|
if(req.url.startsWith(uri)) {
|
|
let jwt = req.url.slice(uri.length)
|
|
return [jwt,null]
|
|
}
|
|
}
|
|
else {
|
|
return [header_auth, req.url]
|
|
}
|
|
}
|