Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 09:47:08 +00:00
Code Issues Packages Projects Releases Activity

Refactor JWT credentials check to use class User

Browse Source
This commit is contained in:
D. Berge
2025-07-24 18:36:34 +02:00
parent 065f6617af
commit 989ec84852
1 changed files with 3 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/www/server/lib/jwt.js
View File

@@ -1,9 +1,9 @@
const crypto = require('crypto');
const JWT = require('jsonwebtoken');
const cfg = require('./config');
const ServerUser = require('./db/user/User');
function checkValidCredentials ({user, password, jwt}) {
async function checkValidCredentials ({user, password, jwt}) {
if (jwt) {
try {
const decoded = JWT.verify(jwt, cfg.jwt.secret, {maxAge: "1d"});
@@ -16,16 +16,7 @@ function checkValidCredentials ({user, password, jwt}) {
return; // Invalid JWT
}
} else if (user && password) {
const hash = crypto
.pbkdf2Sync(password, 'Dougal'+user, 10712, 48, 'sha512')
.toString('base64');
for (const credentials of cfg._("global.users.login.user") || []) {
if (credentials.name == user && credentials.hash == hash) {
const payload = {...credentials};
delete payload.hash;
return payload;
}
}
return (await ServerUser.authenticateSQL(user, password))?.toJSON();
}
}