Archives
/
RTL
mirror of https://github.com/Ride-The-Lightning/RTL
2
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
backend-config-fix
Release-0.15.1
cln-boltz
master
Release-0.15.0
ng-17
clnrest-migration
Release-0.14.1
ng-lint
ng-16
ux-link-fixes
lnd-taproot
rtl-donation
csv-download
ecl-routing-fee
lnd-payments-sort
revert-1297-loop-version
loop-version
ecl-channel-response-update
cln-prefix-version-fix
cln-peer-swap
cln-localremote-swap
Release-0.14.0
cln-msat-migration
cln-channel-filter
cln-htlc-list
ecl-circular-rebalance
lnd-lease-utxo
home-redirect-filter
modal-to-graph-lookup
connect-node-on-lookup
Release-0.13.6
pr/1205
Release-0.13.5
default-invoice-expiry
configurable-dblocation
switch-toggle
enhanced-error-message
bug-testing
bugfix-password-change-button
Release-0.13.4
fix-2fa
Release-0.13.3
ecl-default-filter-bugfix
Release-0.13.2
cln-ps-swap-lists
cln-ps-swapin-swapout
cln-ps-listpeers
Release-0.13.1
cln-peerswap-config
Release-0.13.0
Release-0.12.3
Release-0.12.2
Release-0.12.1
Release-0.12.0
Release-0.11.2
Release-0.11.1
Release-0.11.0
Release-0.10.2
Release-0.10.1
v0.15.0
v0.14.1
v0.14.0
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.2
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.1
v0.7.0
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.1
v0.6.0
0.1.6-alpha
0.4.2
v0.1.11-alpha
v0.1.12-alpha
v0.1.13-alpha
v0.1.14-alpha
v0.1.7-alpha
v0.11.0-rc2
v0.11.0-rc3
v0.11.0-rc5
v0.11.0-rc6
v0.11.2-rc1
v0.11.2-rc2
v0.11.2-rc3
v0.11.3-rc1
v0.12.0-rc1
v0.12.0-rc2
v0.12.0-rc3
v0.12.4-rc1
v0.12.4-rc2
v0.12.4-rc3
v0.12.4-rc4
v0.12.4-rc5
v0.13.0-rc1
v0.13.0-rc2
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.14
v0.2.15
v0.2.16
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.2
v0.6.3
v0.6.4-rc
v0.6.4-rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f817ae39bc'
${ noResults }
RTL/controllers/shared/authenticate.js

123 lines
4.9 KiB
JavaScript
Raw Blame History

var common = require('../../common');
var connect = require('../../connect');
var logger = require('./logger');
const jwt = require("jsonwebtoken");
const otplib = require("otplib");
var crypto = require('crypto');
var ONE_MINUTE = 60000;
var LOCKING_PERIOD = 30 * ONE_MINUTE; // HALF AN HOUR
var ALLOWED_LOGIN_ATTEMPTS = 5;
var failedLoginAttempts = {};
setInterval(() => {
for (var ip in failedLoginAttempts) {
if (new Date().getTime() > (failedLoginAttempts[ip].lastTried + LOCKING_PERIOD)) {
delete failedLoginAttempts[ip];
}
}
}, LOCKING_PERIOD);
getFailedInfo = (reqIP, currentTime) => {
let failed = failedLoginAttempts[reqIP] ? failedLoginAttempts[reqIP] : failedLoginAttempts[reqIP] = {count: 0, lastTried: currentTime};
if (currentTime > (failed.lastTried + LOCKING_PERIOD)) {
failed = failedLoginAttempts[reqIP] = {count: 0, lastTried: currentTime};
}
return failed;
}
handleError = (failed, currentTime, errMsg) => {
if (failed.count >= ALLOWED_LOGIN_ATTEMPTS && (currentTime <= (failed.lastTried + LOCKING_PERIOD))) {
return {
message: "Multiple Failed Login Attempts!",
error: "Application locked for " + (LOCKING_PERIOD/ONE_MINUTE) + " minutes due to multiple failed login attempts! Try again after " + common.convertTimestampToLocalDate((failed.lastTried + LOCKING_PERIOD)/1000) + "!"
};
} else {
return {
message: "Authentication Failed!",
error: errMsg + "\nApplication will be locked after " + (ALLOWED_LOGIN_ATTEMPTS - failed.count) + " more unsuccessful attempts!"
};
}
}
exports.verifyToken = (twoFAToken) => {
if (common.rtl_secret2fa && common.rtl_secret2fa !== '' && otplib.authenticator.check(twoFAToken, common.rtl_secret2fa)) {
return true;
}
return false;
};
exports.authenticateUser = (req, res, next) => {
if(+common.rtl_sso) {
if(req.body.authenticateWith === 'JWT' && jwt.verify(req.body.authenticationValue, common.secret_key)) {
res.status(200).json({ token: token });
} else if (req.body.authenticateWith === 'PASSWORD' && crypto.createHash('sha256').update(common.cookie).digest('hex') === req.body.authenticationValue) {
connect.refreshCookie(common.rtl_cookie_path);
const token = jwt.sign(
{ user: 'SSO_USER', configPath: common.nodes[0].config_path, macaroonPath: common.nodes[0].macaroon_path },
common.secret_key
);
res.status(200).json({ token: token });
} else {
logger.error({fileName: 'Authenticate', lineNum: 20, msg: 'SSO Authentication Failed!'});
res.status(406).json({
message: "Login Failure!",
error: "SSO Authentication Failed!"
});
}
} else {
const currentTime = new Date().getTime();
const reqIP = common.getRequestIP(req);
let failed = getFailedInfo(reqIP, currentTime);
const password = req.body.authenticationValue;
if (common.rtl_pass === password && failed.count < ALLOWED_LOGIN_ATTEMPTS) {
if (req.body.twoFAToken && req.body.twoFAToken !== '') {
if (!this.verifyToken(req.body.twoFAToken)) {
logger.error({fileName: 'Authenticate', lineNum: 61, msg: 'Invalid Token! Failed IP ' + reqIP});
failed.count = failed.count + 1;
failed.lastTried = currentTime;
return res.status(401).json(handleError(failed, currentTime, 'Invalid 2FA Token!'));
}
}
delete failedLoginAttempts[reqIP];
let rpcUser = 'NODE_USER';
const token = jwt.sign(
{ user: rpcUser, configPath: common.nodes[0].config_path, macaroonPath: common.nodes[0].macaroon_path },
common.secret_key
);
res.status(200).json({ token: token });
} else {
logger.error({fileName: 'Authenticate', lineNum: 85, msg: 'Invalid Password! Failed IP ' + reqIP});
failed.count = common.rtl_pass !== password ? (failed.count + 1) : failed.count;
failed.lastTried = common.rtl_pass !== password ? currentTime : failed.lastTried;
return res.status(401).json(handleError(failed, currentTime, 'Invalid Password!'));
}
}
};
exports.resetPassword = (req, res, next) => {
if(+common.rtl_sso) {
logger.error({fileName: 'Authenticate', lineNum: 47, msg: 'Password Reset Failed!'});
res.status(401).json({
message: "Password Reset Failed!",
error: "Password cannot be reset for SSO authentication!"
});
} else {
const currPassword = req.body.currPassword;
if (common.rtl_pass === currPassword) {
common.rtl_pass = connect.replacePasswordWithHash(req.body.newPassword);
var rpcUser = 'NODE_USER';
const token = jwt.sign(
{ user: rpcUser, configPath: common.nodes[0].config_path, macaroonPath: common.nodes[0].macaroon_path },
common.secret_key
);
res.status(200).json({ token: token });
} else {
logger.error({fileName: 'Authenticate', lineNum: 63, msg: 'Password Reset Failed!'});
res.status(401).json({
message: "Password Reset Failed!",
error: "Old password is not correct!"
});
}
}
};
Reference in New Issue View Git Blame Copy Permalink