Изменения механизма ограничения доступа

2022-11-27 18:12:59 +07:00
parent dca59e02dd
commit 59b4f48897
5 changed files with 80 additions and 10 deletions
--- a/server/config/base.js
+++ b/server/config/base.js
@@ -11,6 +11,7 @@ module.exports = {
    execDir,

    accessPassword: '',
+    accessTimeout: 0,
    bookReadLink: '',
    loggingEnabled: true,

--- a/server/config/index.js
+++ b/server/config/index.js
@@ -6,6 +6,7 @@ const branchFilename = __dirname + '/application_env';

 const propsToSave = [
    'accessPassword',
+    'accessTimeout',
    'bookReadLink',
    'loggingEnabled',
    'dbCacheSize',
--- a/server/controllers/WebSocketController.js
+++ b/server/controllers/WebSocketController.js
@@ -6,16 +6,18 @@ const WebWorker = require('../core/WebWorker');//singleton
 const log = new (require('../core/AppLogger'))().log;//singleton
 const utils = require('../core/utils');

-const cleanPeriod = 1*60*1000;//1 минута
+const cleanPeriod = 1*60*1000;//1 минута, не менять!
+const cleanUnusedTokenTimeout = 5*60*1000;//5 минут
 const closeSocketOnIdle = 5*60*1000;//5 минут

 class WebSocketController {
    constructor(wss, config) {
        this.config = config;
        this.isDevelopment = (config.branch == 'development');
-        this.accessToken = '';
-        if (config.accessPassword)
-            this.accessToken = utils.getBufHash(config.accessPassword, 'sha256', 'hex');
+
+        this.freeAccess = (config.accessPassword === '');
+        this.accessTimeout = config.accessTimeout*60*1000;
+        this.accessMap = new Map();

        this.workerState = new WorkerState();
        this.webWorker = new WebWorker(config);
@@ -38,6 +40,19 @@ class WebSocketController {
    periodicClean() {
        try {
            const now = Date.now();
+
+            //почистим accessMap
+            if (!this.freeAccess) {
+                for (const [accessToken, accessRec] of this.accessMap) {
+                    if (   !(accessRec.used > 0 || now - accessRec.time < cleanUnusedTokenTimeout)
+                        || !(this.accessTimeout === 0 || now - accessRec.time < this.accessTimeout)
+                        ) {
+                        this.accessMap.delete(accessToken);
+                    }
+                }
+            }
+
+            //почистим ws-клиентов
            this.wss.clients.forEach((ws) => {
                if (!ws.lastActivity || now - ws.lastActivity > closeSocketOnIdle - 50) {
                    ws.terminate();
@@ -48,6 +63,24 @@ class WebSocketController {
        }
    }

+    hasAccess(accessToken) {
+        if (this.freeAccess)
+            return true;
+
+        const accessRec = this.accessMap.get(accessToken);
+        if (accessRec) {
+            const now = Date.now();
+
+            if (this.accessTimeout === 0 || now - accessRec.time < this.accessTimeout) {
+                accessRec.used++;
+                accessRec.time = now;
+                return true;
+            }
+        }
+
+        return false;
+    }
+
    async onMessage(ws, message) {
        let req = {};
        try {
@@ -62,14 +95,23 @@ class WebSocketController {
            //pong for WebSocketConnection
            this.send({_rok: 1}, req, ws);

-            if (this.accessToken && req.accessToken !== this.accessToken) {
-                await utils.sleep(1000);
-                throw new Error('need_access_token');
+            //access
+            if (!this.hasAccess(req.accessToken)) {
+                await utils.sleep(500);
+                const salt = utils.randomHexString(32);
+                const accessToken = utils.getBufHash(this.config.accessPassword + salt, 'sha256', 'hex');
+                this.accessMap.set(accessToken, {time: Date.now(), used: 0});
+
+                this.send({error: 'need_access_token', salt}, req, ws);
+                return;
            }

+            //api
            switch (req.action) {
                case 'test':
                    await this.test(req, ws); break;
+                case 'logout':
+                    await this.logout(req, ws); break;
                case 'get-config':
                    await this.getConfig(req, ws); break;
                case 'get-worker-state':
@@ -120,6 +162,11 @@ class WebSocketController {
        this.send({message: `${this.config.name} project is awesome`}, req, ws);
    }

+    async logout(req, ws) {
+        this.accessMap.delete(req.accessToken);
+        this.send({success: true}, req, ws);
+    }
+
    async getConfig(req, ws) {
        const config = _.pick(this.config, this.config.webConfigParams);
        config.dbConfig = await this.webWorker.dbConfig();