feat: utilities section (wip) + auth utilities

2019-06-30 15:18:26 -04:00
parent 9cd8657ce6
commit 604941fe6a
15 changed files with 496 additions and 184 deletions
--- a/server/core/auth.js
+++ b/server/core/auth.js
@@ -4,6 +4,9 @@ const _ = require('lodash')
 const path = require('path')
 const jwt = require('jsonwebtoken')
 const moment = require('moment')
+const Promise = require('bluebird')
+const crypto = Promise.promisifyAll(require('crypto'))
+const pem2jwk = require('pem-jwk').pem2jwk

 const securityHelper = require('../helpers/security')

@@ -236,5 +239,72 @@ module.exports = {
  async reloadGroups() {
    const groupsArray = await WIKI.models.groups.query()
    this.groups = _.keyBy(groupsArray, 'id')
+  },
+
+  /**
+   * Generate New Authentication Public / Private Key Certificates
+   */
+  async regenerateCertificates() {
+    WIKI.logger.info('Regenerating certificates...')
+
+    _.set(WIKI.config, 'sessionSecret', (await crypto.randomBytesAsync(32)).toString('hex'))
+    const certs = crypto.generateKeyPairSync('rsa', {
+      modulusLength: 2048,
+      publicKeyEncoding: {
+        type: 'pkcs1',
+        format: 'pem'
+      },
+      privateKeyEncoding: {
+        type: 'pkcs1',
+        format: 'pem',
+        cipher: 'aes-256-cbc',
+        passphrase: WIKI.config.sessionSecret
+      }
+    })
+
+    _.set(WIKI.config, 'certs', {
+      jwk: pem2jwk(certs.publicKey),
+      public: certs.publicKey,
+      private: certs.privateKey
+    })
+
+    await WIKI.configSvc.saveToDb([
+      'certs',
+      'sessionSecret'
+    ])
+
+    await WIKI.auth.activateStrategies()
+
+    WIKI.logger.info('Regenerated certificates: [ COMPLETED ]')
+  },
+
+  /**
+   * Reset Guest User
+   */
+  async resetGuestUser() {
+    WIKI.logger.info('Resetting guest account...')
+    const guestGroup = await WIKI.models.groups.query().where('id', 2).first()
+
+    await WIKI.models.users.query().delete().where({
+      providerKey: 'local',
+      email: 'guest@example.com'
+    }).orWhere('id', 2)
+
+    const guestUser = await WIKI.models.users.query().insert({
+      id: 2,
+      provider: 'local',
+      email: 'guest@example.com',
+      name: 'Guest',
+      password: '',
+      locale: 'en',
+      defaultEditor: 'markdown',
+      tfaIsActive: false,
+      isSystem: true,
+      isActive: true,
+      isVerified: true
+    })
+    await guestUser.$relatedQuery('groups').relate(guestGroup.id)
+
+    WIKI.logger.info('Guest user has been reset: [ COMPLETED ]')
  }
 }
--- a/server/graph/resolvers/authentication.js
+++ b/server/graph/resolvers/authentication.js
@@ -13,6 +13,9 @@ module.exports = {
    async authentication() { return {} }
  },
  AuthenticationQuery: {
+    /**
+     * Fetch active authentication strategies
+     */
    async strategies(obj, args, context, info) {
      let strategies = await WIKI.models.authentication.getStrategies(args.isEnabled)
      strategies = strategies.map(stg => {
@@ -38,6 +41,9 @@ module.exports = {
    }
  },
  AuthenticationMutation: {
+    /**
+     * Perform Login
+     */
    async login(obj, args, context) {
      try {
        const authResult = await WIKI.models.users.login(args, context)
@@ -54,6 +60,9 @@ module.exports = {
        return graphHelper.generateError(err)
      }
    },
+    /**
+     * Perform 2FA Login
+     */
    async loginTFA(obj, args, context) {
      try {
        const authResult = await WIKI.models.users.loginTFA(args, context)
@@ -65,6 +74,9 @@ module.exports = {
        return graphHelper.generateError(err)
      }
    },
+    /**
+     * Register a new account
+     */
    async register(obj, args, context) {
      try {
        await WIKI.models.users.register({ ...args, verify: true }, context)
@@ -75,6 +87,9 @@ module.exports = {
        return graphHelper.generateError(err)
      }
    },
+    /**
+     * Update Authentication Strategies
+     */
    async updateStrategies(obj, args, context) {
      try {
        WIKI.config.auth = {
@@ -103,6 +118,32 @@ module.exports = {
      } catch (err) {
        return graphHelper.generateError(err)
      }
+    },
+    /**
+     * Generate New Authentication Public / Private Key Certificates
+     */
+    async regenerateCertificates(obj, args, context) {
+      try {
+        await WIKI.auth.regenerateCertificates()
+        return {
+          responseResult: graphHelper.generateSuccess('Certificates have been regenerated successfully.')
+        }
+      } catch (err) {
+        return graphHelper.generateError(err)
+      }
+    },
+    /**
+     * Reset Guest User
+     */
+    async resetGuestUser(obj, args, context) {
+      try {
+        await WIKI.auth.resetGuestUser()
+        return {
+          responseResult: graphHelper.generateSuccess('Guest user has been reset successfully.')
+        }
+      } catch (err) {
+        return graphHelper.generateError(err)
+      }
    }
  },
  AuthenticationStrategy: {
--- a/server/graph/schemas/authentication.graphql
+++ b/server/graph/schemas/authentication.graphql
@@ -46,6 +46,9 @@ type AuthenticationMutation {
    strategies: [AuthenticationStrategyInput]!
    config: AuthenticationConfigInput
  ): DefaultResponse @auth(requires: ["manage:system"])
+
+  regenerateCertificates: DefaultResponse @auth(requires: ["manage:system"])
+  resetGuestUser: DefaultResponse @auth(requires: ["manage:system"])
 }

 # -----------------------------------------------
--- a/server/models/users.js
+++ b/server/models/users.js
@@ -336,7 +336,7 @@ module.exports = class User extends Model {

  static async loginTFA(opts, context) {
    if (opts.securityCode.length === 6 && opts.loginToken.length === 64) {
-      let result = null // await WIKI.redis.get(`tfa:${opts.loginToken}`)
+      let result = await WIKI.redis.get(`tfa:${opts.loginToken}`)
      if (result) {
        let userId = _.toSafeInteger(result)
        if (userId && userId > 0) {
--- a/server/modules/storage/git/storage.js
+++ b/server/modules/storage/git/storage.js
@@ -351,7 +351,7 @@ module.exports = {
      new stream.Transform({
        objectMode: true,
        transform: async (page, enc, cb) => {
-          const fileName = `${page.path}.${getFileExtension(page.contentType)}`
+          let fileName = `${page.path}.${getFileExtension(page.contentType)}`
          if (WIKI.config.lang.namespacing && WIKI.config.lang.code !== page.localeCode) {
            fileName = `${page.localeCode}/${fileName}`
          }