UNPKG

homebridge-camera-ui

Version:

User Interface for RTSP capable cameras.

github.com/SeydX/homebridge-camera-ui

SeydX/homebridge-camera-ui

115 lines (97 loc) 3.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/* eslint-disable unicorn/prevent-abbreviations */ 'use-strict'; const crypto = require('crypto'); const jwt = require('jsonwebtoken'); const AuthModel = require('../components/auth/auth.model'); const UserModel = require('../components/users/users.model'); const config = require('../../services/config/config.service.js'); const jwtSecret = config.ui.jwt_secret; const getBearerToken = async (username, password) => { if (username && username !== '' && password && password !== '') { const user = await UserModel.findByName(username); if (user) { let passwordFields = user.password.split('$'); let salt = passwordFields[0]; let hash = crypto.createHmac('sha512', salt).update(password).digest('base64'); if (hash === passwordFields[1]) { const payload = { id: user.id, username: user.username, sessionTimer: user.sessionTimer, permissionLevel: user.permissionLevel, photo: user.photo, }; let sessionTimer = payload.sessionTimer || 14400; payload.salt = crypto.randomBytes(16).toString('base64'); return jwt.sign(payload, jwtSecret, { expiresIn: sessionTimer }); } } } }; exports.validJWTNeeded = async (req, res, next) => { let bypassValidation = false; if (req.query.username && req.query.password) { const authorization = await getBearerToken(req.query.username, req.query.password); if (authorization) { bypassValidation = true; req.headers['authorization'] = `Bearer ${authorization}`; } } if (req.headers['authorization'] || req.headers['Authorization']) { try { let authHeader = req.headers['authorization'] || req.headers['Authorization']; let authorization = authHeader.split(' '); if (authorization[0] !== 'Bearer') { return res.status(401).send({ statusCode: 401, message: 'Unauthorized', }); } else { //check if user/token exists in database and is still valid const user = AuthModel.findByToken(authorization[1]); if (!bypassValidation && (!user || (user && !user.valid))) { return res.status(401).send({ statusCode: 401, message: 'Token expired', }); } req.jwt = jwt.verify(authorization[1], jwtSecret); return next(); } } catch (error) { return res.status(401).send({ statusCode: 401, message: error, }); } } else { return res.status(401).send({ statusCode: 401, message: 'Unauthorized', }); } }; exports.validJWTOptional = async (req, res, next) => { if (req.query.username && req.query.password) { const authorization = await getBearerToken(req.query.username, req.query.password); if (authorization) { req.headers['authorization'] = `Bearer ${authorization}`; } } if (req.headers['authorization'] || req.headers['Authorization']) { try { let authHeader = req.headers['authorization'] || req.headers['Authorization']; let authorization = authHeader.split(' '); if (authorization[0] === 'Bearer') { //check if user/token exists in database and is still valid const user = AuthModel.findByToken(authorization[1]); if (!user || (user && user.valid)) { req.jwt = jwt.verify(authorization[1], jwtSecret); } } } catch { return next(); } } return next(); };