Compare commits

..

No commits in common. "98d29d9f1f7ec2a1b5805c34ebafdf45ad0efa52" and "ee4dbc0428b619ed6b6ff03be57427f38933b4e2" have entirely different histories.

10 changed files with 420 additions and 107 deletions

2
.gitignore vendored
View File

@ -24,4 +24,4 @@ node_modules
# Config # Config
config.mjs config.mjs
*.sqlite3 kv-data

View File

@ -10,7 +10,7 @@ import { ACCOUNT_TYPE, Account } from './model.mjs';
*/ */
export async function loadAccount(ctx, next) { export async function loadAccount(ctx, next) {
if (ctx.state.user != null && ctx.state.user.auth_step == 'done' && ctx.state.account == null) { if (ctx.state.user != null && ctx.state.user.auth_step == 'done' && ctx.state.account == null) {
ctx.state.account = await Account.findByPk(ctx.state.user.uid); ctx.state.account = await Account.load(ctx.state.user.uid);
} }
await next(); await next();
} }
@ -28,6 +28,6 @@ export async function adminRequired(ctx, next) {
await next(); await next();
} else { } else {
ctx.status = 403; // 403 (Forbidden) ctx.status = 403; // 403 (Forbidden)
ctx.body = { error: 'You must be an administrator to access this resource.', errno: 'EPERM' }; ctx.body = { error: 'You must be an administrator to access this resource.' };
} }
} }

View File

@ -1,5 +1,6 @@
import { BASIC_TYPES } from '@og/binary-struct';
import { UUID } from '@og/uuid'; import { UUID } from '@og/uuid';
import { DataTypes, Model } from 'sequelize'; import { Model, BaseModel } from '../../kv/index.mjs';
import * as config from '../../config.mjs'; import * as config from '../../config.mjs';
import { hashPassword, isWeakPassword } from './password.mjs'; import { hashPassword, isWeakPassword } from './password.mjs';
import { timingSafeEqual } from 'node:crypto'; import { timingSafeEqual } from 'node:crypto';
@ -24,25 +25,45 @@ function calcAccountUUID(handle) {
/** /**
* A Model representing an user account. * A Model representing an user account.
* @class * @class
* @property {UUID} uid * @extends {BaseModel}
* @property {number} type
* @property {string} handle
* @property {string} name
* @property {Buffer} passwd
* @property {Buffer?} totp_key
* @property {Date} created_at
* @property {number} rating
* @property {Map} preference
*/ */
export class Account extends Model { export class Account extends Model('Account', config.kv_instance) {
/** @type {UUID} */
uid;
/** @type {number} */
type;
/** @type {string} */
handle;
/** @type {string} */
name;
/** @type {Buffer} */
passwd;
/** @type {Buffer} */
totp_key = Buffer.alloc(20, 0);
/** @type {Date} */
created_at = new Date();
/** @type {number} */
rating = 0;
/** @type {Map} */
preference = new Map();
/** @type {UUID[]} */
replays = [];
/** /**
* Asynchronously loads a Account instance based on its handle. * Getter of the primary key of Account.
* @param {string} handle - the handle of the account to load. * @returns {string|null} The primary key value or null if not applicable.
* @returns {Promise<?Account>} - The loaded account instance or null if not found.
* @async
*/ */
static loadByHandle(handle) { get pk() {
return this.findByPk(calcAccountUUID(handle).toString()); return this.uid?.toString();
} }
asInfo() { asInfo() {
@ -53,6 +74,7 @@ export class Account extends Model {
name: this.name, name: this.name,
created_at: Math.floor(this.created_at.getTime() / 1000), created_at: Math.floor(this.created_at.getTime() / 1000),
rating: this.rating, rating: this.rating,
replays: this.replays.map(r => r.toString()),
}; };
} }
@ -79,6 +101,14 @@ export class Account extends Model {
this.passwd = hashPassword(passwd); this.passwd = hashPassword(passwd);
} }
/**
* Clears the password of the account.
*/
clearPassword() {
this.type = ACCOUNT_TYPE.temporary;
this.passwd = hashPassword('');
}
/** /**
* Checks if the given password is correct. * Checks if the given password is correct.
* @param {string} passwd - password. * @param {string} passwd - password.
@ -97,12 +127,22 @@ export class Account extends Model {
return this.type != ACCOUNT_TYPE.banned; return this.type != ACCOUNT_TYPE.banned;
} }
/**
* Asynchronously loads a Account instance based on its handle.
* @param {string} handle - the handle of the account to load.
* @returns {Promise<?Account>} - The loaded account instance or null if not found.
* @async
*/
static loadByHandle(handle) {
return this.load(calcAccountUUID(handle).toString());
}
/** /**
* Creates an new account. * Creates an new account.
* @param {{handle: string, name: string, type: number, plaintext_password: string | null}} * @param {{handle: string, name: string, type: number, plaintext_password: string | null}}
* @returns {Account} Created account. * @returns {Account} Created account.
*/ */
static createInstance({ handle, name, type, plaintext_password }) { static create({ handle, name, type, plaintext_password }) {
if (handle == null) { if (handle == null) {
throw new InvalidArgumentError('handle', 'a handle is required'); throw new InvalidArgumentError('handle', 'a handle is required');
} }
@ -113,70 +153,32 @@ export class Account extends Model {
throw new InvalidArgumentError('name', 'name is too long or too short'); throw new InvalidArgumentError('name', 'name is too long or too short');
} }
if (!Object.values(ACCOUNT_TYPE).includes(type)) { if (type != null && !Object.values(ACCOUNT_TYPE).includes(type)) {
throw new InvalidArgumentError('type', 'unknown type'); throw new InvalidArgumentError('type', 'unknown type');
} }
if (typeof plaintext_password != 'string') { const res = new this();
throw new InvalidArgumentError('passwd', 'incorrect type');
}
const res = this.build();
res.setHandle(handle); res.setHandle(handle);
res.name = name; res.name = name;
res.type = type ?? ACCOUNT_TYPE.normal; res.type = type ?? ACCOUNT_TYPE.normal;
res.setPassword(plaintext_password); if (plaintext_password != null) {
res.setPassword(plaintext_password);
} else {
res.clearPassword();
}
return res; return res;
} }
};
Account.init({ static typedef = [
uid: { { field: 'uid', type: BASIC_TYPES.uuid },
type: DataTypes.UUID, { field: 'type', type: BASIC_TYPES.u8 },
allowNull: false, { field: 'handle', type: BASIC_TYPES.str },
primaryKey: true, { field: 'name', type: BASIC_TYPES.str },
unique: true, { field: 'passwd', type: BASIC_TYPES.raw(32) },
get() { { field: 'totp_key', type: BASIC_TYPES.raw(20) },
return new UUID(this.getDataValue('uid')); { field: 'created_at', type: BASIC_TYPES.DateTime },
}, { field: 'rating', type: BASIC_TYPES.i32 },
set(uuid) { { field: 'preference', type: BASIC_TYPES.StringMap },
this.setDataValue('uid', uuid.toString()); { field: 'replays', type: BASIC_TYPES.array(BASIC_TYPES.uuid) },
} ];
}, };
type: {
type: DataTypes.INTEGER,
allowNull: false,
defaultValue: ACCOUNT_TYPE.banned,
validate: {
isIn: [Object.values(ACCOUNT_TYPE)],
},
},
handle: {
type: DataTypes.STRING(32),
allowNull: false,
unique: true,
},
name: {
type: DataTypes.STRING,
allowNull: false,
},
passwd: {
type: DataTypes.STRING(32, true),
allowNull: false,
},
totp_key: {
type: DataTypes.STRING(20, true),
allowNull: true,
},
rating: {
type: DataTypes.INTEGER,
allowNull: false,
defaultValue: 1500,
}
}, {
sequelize: config.db_instance,
modelName: 'Account',
timestamps: true,
createdAt: 'created_at',
updatedAt: false,
});

View File

@ -4,7 +4,6 @@ import { loadAccount } from './middlewares.mjs';
import { ACCOUNT_TYPE, Account } from './model.mjs'; import { ACCOUNT_TYPE, Account } from './model.mjs';
import { isValidUUID } from '@og/uuid'; import { isValidUUID } from '@og/uuid';
import * as config from '../../config.mjs'; import * as config from '../../config.mjs';
import { ValidationErrorItem } from 'sequelize';
/** @typedef {import('koa').Context} Context */ /** @typedef {import('koa').Context} Context */
/** @typedef {import('koa').Next} Next */ /** @typedef {import('koa').Next} Next */
@ -23,10 +22,10 @@ export const login_view = [
const account = await Account.loadByHandle(handle); const account = await Account.loadByHandle(handle);
if (account == null || !account.checkPassword(passwd)) { if (account == null || !account.checkPassword(passwd)) {
ctx.status = 400; // Bad Request. ctx.status = 400; // Bad Request.
ctx.body = { error: 'Authentication failed: handle or password is incorrect.', errno: 'EPASSWD' }; ctx.body = { error: 'Authentication failed: handle or password is incorrect.' };
} else if (!account.canLogin()) { } else if (!account.canLogin()) {
ctx.status = 400; // Bad Request. ctx.status = 400; // Bad Request.
ctx.body = { error: 'Your account is banned or restricted.', errno: 'EBANNED' }; ctx.body = { error: 'Your account is banned or restricted.' };
} else { } else {
const token = jwt.sign({ const token = jwt.sign({
uid: account.uid.toString(), uid: account.uid.toString(),
@ -76,26 +75,27 @@ export const refresh_token_view = [
export const signup_view = [ export const signup_view = [
syllableRequired('handle', 'string'), syllableRequired('handle', 'string'),
syllableRequired('name', 'string'),
syllableRequired('passwd', 'string'), syllableRequired('passwd', 'string'),
/** /**
* @param {Context} ctx * @param {Context} ctx
* @param {Next} next * @param {Next} next
*/ */
async function(ctx, next) { async function(ctx, next) {
/** @type {{handle: string, passwd: string}} */ /** @type {{handle: string, name: string, passwd: string}} */
const {handle, passwd} = ctx.request.body; const {handle, name, passwd} = ctx.request.body;
let account = Account.create({
if (Account.loadByHandle(handle) != null) { handle, name,
ctx.status = 400;
ctx.body = { error: 'handle is taken', errno: 'EUNIQUE' };
}
let account = Account.createInstance({
handle,
type: ACCOUNT_TYPE.normal, type: ACCOUNT_TYPE.normal,
plaintext_password: passwd, plaintext_password: passwd,
}); });
if (!await account.canCreate()) {
ctx.status = 400;
ctx.body = { error: 'Handle is taken or cannot be used.' };
return;
}
await account.save(); await account.save();
ctx.status = 204; ctx.status = 204;
} }
@ -109,10 +109,10 @@ export const account_info_view = [
*/ */
async function(ctx, next) { async function(ctx, next) {
/** @type {Account?} */ /** @type {Account?} */
let account = await Account.findByPk(ctx.params.uid); let account = await Account.load(ctx.params.uid);
if (account == null) { if (account == null) {
ctx.status = 404; // 404 Not Found ctx.status = 404; // 404 Not Found
ctx.body = { error: 'requested user is not found', errno: 'E404' }; ctx.body = { error: 'requested user is not found' };
} else { } else {
ctx.status = 200; ctx.status = 200;
ctx.body = account.asInfo(); ctx.body = account.asInfo();

View File

@ -1,4 +1,4 @@
import { Sequelize } from 'sequelize'; import { FileSystemKeyValueStorage } from './kv/index.mjs';
// PRODUCTION: set this to false in production! // PRODUCTION: set this to false in production!
export const debug = true; export const debug = true;
@ -14,7 +14,7 @@ export const secret = Buffer.from('m5GDNW92K/c+YdDTlai3lG0wwL8h63LcLD9XZOSz8Lsqo
// PRODUCTION: change the folder to a suitable place // PRODUCTION: change the folder to a suitable place
// key-value storage instance to use // key-value storage instance to use
export const db_instance = new Sequelize('sqlite:server-db.sqlite3', { logging: false }); export const kv_instance = new FileSystemKeyValueStorage('./kv-data');
// Time for a JWT to expire. // Time for a JWT to expire.
export const jwt_expire = '48h'; export const jwt_expire = '48h';

318
server/kv/index.mjs Normal file
View File

@ -0,0 +1,318 @@
import { deserializeFromBinary, serializeToBinary } from '@og/binary-struct';
import { VirtualMethodNotImplementedError } from '@og/error-utils';
import { pluralize } from 'inflection';
import fs from 'node:fs/promises';
import path from 'node:path';
/**
* @abstract
* @class
* @classdesc Represents a key-value storage interface.
*/
export class BaseKeyValueStorage {
/**
* Sets a value for the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @param {ArrayBuffer} val - The value to set.
* @abstruct
* @async
*/
async set(cls, pk, val) {
throw new VirtualMethodNotImplementedError();
}
/**
* Retrieves the value associated with the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @abstruct
* @async
* @returns {Promise<ArrayBuffer|null>} - The value associated with the class and primary key, or null if not found.
*/
async get(cls, pk) {
throw new VirtualMethodNotImplementedError();
}
/**
* Checks whether a value exists for the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @abstruct
* @async
* @returns {Promise<boolean>} - True if the value exists, otherwise false.
*/
async has(cls, pk) {
throw new VirtualMethodNotImplementedError();
}
/**
* Deletes the value associated with the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @abstruct
* @async
*/
async destroy(cls, pk) {
throw new VirtualMethodNotImplementedError();
}
/**
* Initializes or updates the class.
* @param {string} cls - The class identifier.
* @abstruct
* @async
*/
async touchClass(cls) { }
}
/**
* Represents a key-value storage implementation using the file system.
* @class
* @extends {BaseKeyValueStorage}
*/
export class FileSystemKeyValueStorage extends BaseKeyValueStorage {
/**
* Creates an instance of FileSystemKeyValueStorage.
* @param {string} root - The root directory where key-value data will be stored.
*/
constructor(root) {
super();
/** @private @type {string} */
this.root = root;
}
/**
* Sets a value for the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @param {ArrayBuffer} val - The value to set.
* @abstruct
*/
async set(cls, pk, val) {
const filePath = this._getFilePath(cls, pk);
await fs.writeFile(filePath, Buffer.from(val));
}
/**
* Retrieves the value associated with the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @abstruct
* @returns {Promise<ArrayBuffer|null>} - The value associated with the class and primary key, or null if not found.
*/
async get(cls, pk) {
const filepath = this._getFilePath(cls, pk);
try {
const data = await fs.readFile(filepath);
return data.buffer;
} catch (error) {
if (error.code === 'ENOENT') { // File not found
return null;
} else {
throw error;
}
}
}
/**
* Checks whether a value exists for the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @abstruct
* @returns {Promise<boolean>} - True if the value exists, otherwise false.
*/
async has(cls, pk) {
const filepath = this._getFilePath(cls, pk);
try {
await fs.access(filepath);
return true;
} catch {
return false;
}
}
/**
* Deletes the value associated with the given class and primary key.
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @abstruct
*/
async destroy(cls, pk) {
const filepath = this._getFilePath(cls, pk);
await fs.unlink(filepath);
}
/**
* Initializes or updates the class by creating a folder for it if it doesn't exist.
* @param {string} cls - The class identifier.
* @abstruct
*/
async touchClass(cls) {
const cls_dir = path.join(this.root, cls);
await fs.mkdir(cls_dir, { recursive: true });
}
/**
* Constructs the file path for a given class and primary key.
* @private
* @param {string} cls - The class identifier.
* @param {string} pk - The primary key.
* @returns {string} - The file path.
*/
_getFilePath(cls, pk) {
const cls_dir = path.join(this.root, cls);
return path.join(cls_dir, pk);
}
}
/**
* Abstract base class for all models.
* @abstract
* @class
*/
export class BaseModel {
/**
* Gets the primary key of the model.
* @abstract
* @returns {string|null} The primary key value or null if not applicable.
*/
get pk() {
throw new VirtualMethodNotImplementedError();
}
/**
* Asynchronously saves the current model instance to the key-value storage.
* @throws {Error} - Throws an error if the primary key is not set.
* @returns {Promise<void>}
* @abstract
*/
async save() {
throw new VirtualMethodNotImplementedError();
}
/**
* Asynchronously destroys the current model instance in the key-value storage.
* @throws {Error} - Throws an error if the primary key is not set.
* @returns {Promise<void>}
* @abstract
*/
async destroy() {
throw new VirtualMethodNotImplementedError();
}
/**
* Asynchronously checks if the current model instance can be created in the key-value storage.
* @returns {Promise<boolean>} - True if the model can be created, false otherwise.
* @abstract
*/
async canCreate() {
throw new VirtualMethodNotImplementedError();
}
/**
* Asynchronously loads a model instance from the key-value storage based on its primary key.
* @param {string} pk - The primary key of the model to load.
* @returns {Promise<*>} The loaded model instance or null if not found.
* @abstract
*/
static async load(pk) {
throw new VirtualMethodNotImplementedError();
}
}
/**
* A mixin function that creates a model class with basic CRUD operations and storage methods.
*
* @param {string} name - The name of the model.
* @param {BaseKeyValueStorage} kv - The key-value storage for data persistence.
* @returns {Function} - The generated model class.
*/
export function Model(name, kv) {
const cls = pluralize(name);
/**
* @class
* @extends BaseModel
*/
return class extends BaseModel {
/**
* Asynchronously saves the current model instance to the key-value storage.
* @throws {Error} - Throws an error if the primary key is not set.
* @returns {Promise<void>}
*/
async save() {
const pk = this.pk;
if (pk == null) {
throw new PrimaryKeyNotSetError();
}
const buf = serializeToBinary(this, this.constructor);
await kv.set(cls, pk, buf);
}
/**
* Asynchronously destroys the current model instance in the key-value storage.
* @throws {Error} - Throws an error if the primary key is not set.
* @returns {Promise<void>}
*/
async destroy() {
const pk = this.pk;
if (pk == null) {
throw new PrimaryKeyNotSetError();
}
await kv.destroy(cls, pk);
}
/**
* Asynchronously checks if the current model instance can be created in the key-value storage.
* @returns {Promise<boolean>} - True if the model can be created, false otherwise.
*/
async canCreate() {
const pk = this.pk;
if (pk == null) {
return false;
}
return !(await kv.has(cls, pk));
}
/**
* Asynchronously loads a model instance from the key-value storage based on its primary key.
* @param {string} pk - The primary key of the model to load.
* @returns {Promise<*>} - The loaded model instance or null if not found.
*/
static async load(pk) {
const buf = await kv.get(cls, pk);
if (buf == null) {
return null;
}
return deserializeFromBinary(new DataView(buf), this);
}
/**
* Initializes the key-value storage for the current class.
*/
static {
kv.touchClass(cls);
}
};
}
/**
* Represents an error that is thrown when the primary key of an object is not set.
* @class
* @extends {Error}
*/
class PrimaryKeyNotSetError extends Error {
/**
* Constructs a new PrimaryKeyNotSetError instance with a default error message.
* @constructor
*/
constructor() {
super('pk() returns null');
}
};

View File

@ -9,7 +9,7 @@
export function loginRequired(ctx, next) { export function loginRequired(ctx, next) {
if (ctx.state.user == null || ctx.state.user.auth_step != 'done') { if (ctx.state.user == null || ctx.state.user.auth_step != 'done') {
ctx.status = 401; // 401 (Unauthorized) ctx.status = 401; // 401 (Unauthorized)
ctx.body = { error: 'You are not identified or your authentication process is incomplete.', errno: 'EAUTH' }; ctx.body = { error: 'You are not identified or your authentication process is incomplete.' };
} else { } else {
return next(); return next();
} }

View File

@ -13,7 +13,7 @@ export async function errorAsResponse(ctx, next) {
} catch (err) { } catch (err) {
if (err instanceof InvalidArgumentError) { if (err instanceof InvalidArgumentError) {
ctx.status = 400; ctx.status = 400;
ctx.body = { error: err.toString(), errno: 'EIA' }; ctx.body = { error: err.toString() };
} else { } else {
ctx.status = 500; ctx.status = 500;
throw err; throw err;

View File

@ -1,3 +0,0 @@
import { Account } from '../apps/auth/model.mjs';
Account.sync({ alter: true });

View File

@ -25,13 +25,9 @@
"koa": "^2.15.0", "koa": "^2.15.0",
"koa-bodyparser": "^4.4.1", "koa-bodyparser": "^4.4.1",
"koa-jwt": "^4.0.4", "koa-jwt": "^4.0.4",
"koa-router": "^12.0.1", "koa-router": "^12.0.1"
"mariadb": "^3.2.3",
"sequelize": "^6.37.1",
"sqlite3": "^5.1.7"
}, },
"devDependencies": { "devDependencies": {
"@types/koa__router": "^12.0.4", "@types/koa__router": "^12.0.4"
"sequelize-cli": "^6.6.2"
} }
} }