UNPKG

@flowfuse/flowfuse

Version:

An open source low-code development platform

flowfuse.com

FlowFuse/flowfuse

121 lines (107 loc) 4.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
const { compareHash, parseNrMqttId } = require('../utils') module.exports = { authenticateCredentials: async function (app, username, password) { const parts = username.split('@') if (parts.length === 2) { const user = await app.db.models.TeamBrokerClient.byUsername(parts[0], parts[1]) if (!user) { return false } if (user.Team.suspended) { return false } await user.Team.ensureTeamTypeExists() if (!user.Team.getFeatureProperty('teamBroker')) { return false } if (!password || password.length > 128) { return false } if (compareHash(password, user.password)) { return true } } return false }, authenticateNrMqttNodeUser: async function (app, authId, clientId, password) { // Basic checks if (!password || password.length > 128) { return false } const parsedUsername = parseNrMqttId(authId, 'username') const parsedClientId = parseNrMqttId(clientId, 'clientId') let clientIdValid = false if (!parsedUsername.valid || !parsedClientId.valid) { return false } // Check if the clientId matches the username if (parsedUsername.teamId !== parsedClientId.teamId || parsedUsername.ownerType !== parsedClientId.ownerType || parsedUsername.ownerId !== parsedClientId.ownerId) { return false // clientId and username must match (excluding HA ID) } if (parsedClientId.haId) { clientIdValid = `${authId}:${parsedClientId.haId}` === clientId } else { clientIdValid = authId === clientId } if (!clientIdValid) { return false // clientId must match the username } // get the user and validate its settings and password const teamBrokerClient = await app.db.models.TeamBrokerClient.byUsername(parsedClientId.username, parsedClientId.teamId, true, true) if (!teamBrokerClient) { return false } if (teamBrokerClient.ownerType !== parsedUsername.ownerType) { // project or device return false } if (teamBrokerClient.ownerType === 'device') { if (teamBrokerClient.Device?.hashid !== parsedUsername.ownerId) { return false } } else if (teamBrokerClient.ownerType === 'project') { if (teamBrokerClient.Project?.id !== parsedUsername.ownerId) { return false } } if (teamBrokerClient.Team.suspended) { return false } await teamBrokerClient.Team.ensureTeamTypeExists() if (!teamBrokerClient.Team.getFeatureProperty('teamBroker')) { return false } if (!compareHash(password, teamBrokerClient.password)) { return false } return { username: parsedClientId.username, teamId: teamBrokerClient.Team.hashid, clientIdValid } }, /** * Update the MQTT password for the linked NR MQTT node team client user (if it exists) * @param {*} app - the app instance * @param {*} teamId - the team ID this client belongs to * @param {'instance'|'device'} ownerType - the owner type (e.g. 'instance', 'device') * @param {string} ownerId - the owner ID (e.g. project ID or device HASHID) * @param {string} password - the new password * @returns {boolean} - true if the password was updated, false if the user does not exist * @throws {Error} - if user is found but it fails to update/save */ updateNtMqttNodeUserPassword: async function (app, teamId, ownerType, ownerId, password) { if (ownerType === 'project') { ownerType = 'instance' } const username = `${ownerType}:${ownerId}` const existingClient = await app.db.models.TeamBrokerClient.byUsername(username, teamId) if (existingClient) { existingClient.password = password await existingClient.save() return true } return false } }