deadcxap/inpx-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Изменения механизма ограничения доступа

Browse Source
This commit is contained in:
Book Pauk
2022-11-27 18:12:59 +07:00
parent dca59e02dd
commit 59b4f48897
5 changed files with 80 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
client/components/Api/Api.vue
View File

@@ -60,10 +60,21 @@ const componentOptions = {
settings() { settings() {
this.loadSettings(); this.loadSettings();
}, },
modelValue(newValue) {
this.accessGranted = newValue;
},
accessGranted(newValue) {
this.$emit('update:modelValue', newValue);
}
}, },
}; };
class Api { class Api {
_options = componentOptions; _options = componentOptions;
_props = {
modelValue: Boolean,
};
accessGranted = false;
busyDialogVisible = false; busyDialogVisible = false;
mainMessage = ''; mainMessage = '';
jobMessage = ''; jobMessage = '';
@@ -123,7 +134,13 @@ class Api {
}); });
if (result && result.value) { if (result && result.value) {
const accessToken = utils.toHex(cryptoUtils.sha256(result.value)); //получим свежую соль
const response = await wsc.message(await wsc.send({}), 10);
let salt = '';
if (response && response.error == 'need_access_token' && response.salt)
salt = response.salt;
const accessToken = utils.toHex(cryptoUtils.sha256(result.value + salt));
this.commit('setSettings', {accessToken}); this.commit('setSettings', {accessToken});
} }
} finally { } finally {
@@ -192,10 +209,13 @@ class Api {
const response = await wsc.message(await wsc.send(params), timeoutSecs); const response = await wsc.message(await wsc.send(params), timeoutSecs);
if (response && response.error == 'need_access_token') { if (response && response.error == 'need_access_token') {
this.accessGranted = false;
await this.showPasswordDialog(); await this.showPasswordDialog();
} else if (response && response.error == 'server_busy') { } else if (response && response.error == 'server_busy') {
this.accessGranted = true;
await this.showBusyDialog(); await this.showBusyDialog();
} else { } else {
this.accessGranted = true;
if (response.error) { if (response.error) {
throw new Error(response.error); throw new Error(response.error);
} }

5
client/components/App.vue
View File

@@ -1,10 +1,10 @@
<template> <template>
<div class="fit row"> <div class="fit row">
<Api ref="api" /> <Api ref="api" v-model="accessGranted" />
<Notify ref="notify" /> <Notify ref="notify" />
<StdDialog ref="stdDialog" /> <StdDialog ref="stdDialog" />
<router-view v-slot="{ Component }"> <router-view v-if="accessGranted" v-slot="{ Component }">
<keep-alive> <keep-alive>
<component :is="Component" class="col" /> <component :is="Component" class="col" />
</keep-alive> </keep-alive>
@@ -37,6 +37,7 @@ const componentOptions = {
}; };
class App { class App {
_options = componentOptions; _options = componentOptions;
accessGranted = false;
created() { created() {
this.commit = this.$store.commit; this.commit = this.$store.commit;

1
server/config/base.js
View File

@@ -11,6 +11,7 @@ module.exports = {
execDir, execDir,
accessPassword: '', accessPassword: '',
accessTimeout: 0,
bookReadLink: '', bookReadLink: '',
loggingEnabled: true, loggingEnabled: true,

1
server/config/index.js
View File

@@ -6,6 +6,7 @@ const branchFilename = __dirname + '/application_env';
const propsToSave = [ const propsToSave = [
'accessPassword', 'accessPassword',
'accessTimeout',
'bookReadLink', 'bookReadLink',
'loggingEnabled', 'loggingEnabled',
'dbCacheSize', 'dbCacheSize',

61
server/controllers/WebSocketController.js
View File

@@ -6,16 +6,18 @@ const WebWorker = require('../core/WebWorker');//singleton
const log = new (require('../core/AppLogger'))().log;//singleton const log = new (require('../core/AppLogger'))().log;//singleton
const utils = require('../core/utils'); const utils = require('../core/utils');
const cleanPeriod = 1*60*1000;//1 минута const cleanPeriod = 1*60*1000;//1 минута, не менять!
const cleanUnusedTokenTimeout = 5*60*1000;//5 минут
const closeSocketOnIdle = 5*60*1000;//5 минут const closeSocketOnIdle = 5*60*1000;//5 минут
class WebSocketController { class WebSocketController {
constructor(wss, config) { constructor(wss, config) {
this.config = config; this.config = config;
this.isDevelopment = (config.branch == 'development'); this.isDevelopment = (config.branch == 'development');
this.accessToken = '';
if (config.accessPassword) this.freeAccess = (config.accessPassword === '');
this.accessToken = utils.getBufHash(config.accessPassword, 'sha256', 'hex'); this.accessTimeout = config.accessTimeout*60*1000;
this.accessMap = new Map();
this.workerState = new WorkerState(); this.workerState = new WorkerState();
this.webWorker = new WebWorker(config); this.webWorker = new WebWorker(config);
@@ -38,6 +40,19 @@ class WebSocketController {
periodicClean() { periodicClean() {
try { try {
const now = Date.now(); const now = Date.now();
//почистим accessMap
if (!this.freeAccess) {
for (const [accessToken, accessRec] of this.accessMap) {
if ( !(accessRec.used > 0 || now - accessRec.time < cleanUnusedTokenTimeout)
|| !(this.accessTimeout === 0 || now - accessRec.time < this.accessTimeout)
) {
this.accessMap.delete(accessToken);
}
}
}
//почистим ws-клиентов
this.wss.clients.forEach((ws) => { this.wss.clients.forEach((ws) => {
if (!ws.lastActivity || now - ws.lastActivity > closeSocketOnIdle - 50) { if (!ws.lastActivity || now - ws.lastActivity > closeSocketOnIdle - 50) {
ws.terminate(); ws.terminate();
@@ -48,6 +63,24 @@ class WebSocketController {
} }
} }
hasAccess(accessToken) {
if (this.freeAccess)
return true;
const accessRec = this.accessMap.get(accessToken);
if (accessRec) {
const now = Date.now();
if (this.accessTimeout === 0 || now - accessRec.time < this.accessTimeout) {
accessRec.used++;
accessRec.time = now;
return true;
}
}
return false;
}
async onMessage(ws, message) { async onMessage(ws, message) {
let req = {}; let req = {};
try { try {
@@ -62,14 +95,23 @@ class WebSocketController {
//pong for WebSocketConnection //pong for WebSocketConnection
this.send({_rok: 1}, req, ws); this.send({_rok: 1}, req, ws);
if (this.accessToken && req.accessToken !== this.accessToken) { //access
await utils.sleep(1000); if (!this.hasAccess(req.accessToken)) {
throw new Error('need_access_token'); await utils.sleep(500);
const salt = utils.randomHexString(32);
const accessToken = utils.getBufHash(this.config.accessPassword + salt, 'sha256', 'hex');
this.accessMap.set(accessToken, {time: Date.now(), used: 0});
this.send({error: 'need_access_token', salt}, req, ws);
return;
} }
//api
switch (req.action) { switch (req.action) {
case 'test': case 'test':
await this.test(req, ws); break; await this.test(req, ws); break;
case 'logout':
await this.logout(req, ws); break;
case 'get-config': case 'get-config':
await this.getConfig(req, ws); break; await this.getConfig(req, ws); break;
case 'get-worker-state': case 'get-worker-state':
@@ -120,6 +162,11 @@ class WebSocketController {
this.send({message: `${this.config.name} project is awesome`}, req, ws); this.send({message: `${this.config.name} project is awesome`}, req, ws);
} }
async logout(req, ws) {
this.accessMap.delete(req.accessToken);
this.send({success: true}, req, ws);
}
async getConfig(req, ws) { async getConfig(req, ws) {
const config = _.pick(this.config, this.config.webConfigParams); const config = _.pick(this.config, this.config.webConfigParams);
config.dbConfig = await this.webWorker.dbConfig(); config.dbConfig = await this.webWorker.dbConfig();