Refactor user authentication code to use database

lib/www/server/api/middleware/auth/authentify.js

@@ -2,16 +2,23 @@ const dns = require('dns');
 const { Netmask } = require('netmask');
 const cfg = require('../../../lib/config');
 const jwt = require('../../../lib/jwt');
+const user = require('../../../lib/db/user');
 
 async function authorisedIP (req, res) {
-	const validIPs = cfg._("global.users.login.ip") || {};
-	for (const key in validIPs) {
-		const block = new Netmask(key);
+	const validIPs = await user.ip({active: true}); // Get all active IP logins
+	validIPs.forEach( i => i.$block = new Netmask(i.ip) );
+	validIPs.sort( (a, b) => b.$block.bitmask - a.$block.netmask ); // More specific IPs have precedence
+	for (const ip of validIPs) {
+		const block = ip.$block;
 		if (block.contains(req.ip)) {
-			const payload = Object.assign({
+			const payload = {
+				...ip,
 				ip: req.ip,
 				autologin: true
-			}, validIPs[key]);
+			};
+			delete payload.$block;
+			delete payload.hash;
+			delete payload.active;
 			jwt.issue(payload, req, res);
 			return true;
 		}
@@ -20,7 +27,7 @@ async function authorisedIP (req, res) {
 }
 
 async function authorisedHost (req, res) {
-	const validHosts = cfg._("global.users.login.host") || {};
+	const validHosts = await user.host({active: true}); // Get all active host logins
 	for (const key in validHosts) {
 		try {
 			const ip = await dns.promises.resolve(key);
@@ -42,6 +49,17 @@ async function authorisedHost (req, res) {
 	return false;
 }
 
+// TODO: Check client TLS certificates
+// Probably will do this via Nginx with
+// ssl_verify_client optional;
+// and then putting either of the
+// $ssl_client_s_dn or $ssl_client_escaped_cert
+// variables into an HTTP header for Node
+// to check (naturally, it must be ensured
+// that a user cannot just insert the header
+// in a request).
+
+
 async function auth (req, res, next) {
 
 	if (res.headersSent) {