brianhansonxyz/rspade_system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee709ae86d6fd643af4f3b39dfd4e191fd4b7085
rspade_system/app/RSpade/resource/DebugProxy/dist/http/auth.js
root f6fac6c4bc Fix bin/publish: copy docs.dist from project root 
Fix bin/publish: use correct .env path for rspade_system
Fix bin/publish script: prevent grep exit code 1 from terminating script

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 02:08:33 +00:00

157 lines
6.0 KiB
JavaScript
Executable File
Raw Blame History

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthValidator = void 0;
const fs = __importStar(require("fs/promises"));
const crypto = __importStar(require("crypto"));
const path = __importStar(require("path"));
const logger_1 = require("../utils/logger");
const config_1 = require("../utils/config");
class AuthValidator {
logger;
sessionsCache = new Map();
constructor() {
this.logger = new logger_1.Logger('AuthValidator');
}
async validateWebSocketAuth(sessionId, signature) {
try {
const session = await this.loadSession(sessionId);
if (!session) {
this.logger.warn(`Session not found: ${sessionId}`);
return false;
}
// For WebSocket, we'll validate a simple signature
// In production, this should include timestamp and nonce
const expectedSignature = crypto
.createHmac('sha256', session.server_key)
.update(sessionId)
.digest('hex');
return signature === expectedSignature;
}
catch (error) {
this.logger.error('WebSocket auth validation failed:', error);
return false;
}
}
authMiddleware() {
return async (req, res, next) => {
const sessionId = req.headers['x-session-id'];
const signature = req.headers['x-auth-signature'];
const timestamp = req.headers['x-timestamp'];
if (!sessionId || !signature || !timestamp) {
res.status(401).json({
error: 'Missing authentication headers',
code: 401
});
return;
}
try {
const session = await this.loadSession(sessionId);
if (!session) {
res.status(401).json({
error: 'Session not found',
code: 401,
recoverable: true,
recovery: 'Create new session via POST /_ide/service/auth/create'
});
return;
}
// Validate signature
const method = req.method;
const path = req.path;
const body = JSON.stringify(req.body || {});
const signatureBase = `${method}\n${path}\n${timestamp}\n${body}`;
const expectedSignature = crypto
.createHmac('sha256', session.server_key)
.update(signatureBase)
.digest('hex');
if (signature !== expectedSignature) {
this.logger.warn('Invalid signature for session:', sessionId);
res.status(401).json({
error: 'Invalid signature',
code: 401
});
return;
}
// Check timestamp to prevent replay attacks (5 minute window)
const requestTime = parseInt(timestamp, 10);
const currentTime = Math.floor(Date.now() / 1000);
if (Math.abs(currentTime - requestTime) > 300) {
res.status(401).json({
error: 'Request timestamp expired',
code: 401
});
return;
}
// Attach session to request for use in routes
req.session = session;
req.sessionId = sessionId;
next();
}
catch (error) {
this.logger.error('Auth middleware error:', error);
res.status(500).json({
error: 'Authentication error',
code: 500
});
}
};
}
async loadSession(sessionId) {
// Check cache first
if (this.sessionsCache.has(sessionId)) {
return this.sessionsCache.get(sessionId);
}
try {
const sessionPath = path.join(config_1.Config.AUTH_SESSION_PATH, `auth-${sessionId}.json`);
const data = await fs.readFile(sessionPath, 'utf8');
const session = JSON.parse(data);
// Cache the session
this.sessionsCache.set(sessionId, session);
return session;
}
catch (error) {
if (error.code === 'ENOENT') {
return null; // Session file doesn't exist
}
throw error;
}
}
clearCache() {
this.sessionsCache.clear();
}
}
exports.AuthValidator = AuthValidator;
//# sourceMappingURL=auth.js.map
Reference in New Issue View Git Blame Copy Permalink