diff --git a/server/api/FileTokenManager.ts b/server/api/FileTokenManager.ts deleted file mode 100644 index a781617..0000000 --- a/server/api/FileTokenManager.ts +++ /dev/null @@ -1,59 +0,0 @@ -import { Buffer } from "node:buffer" -import config from "../config.ts" -import User from "../data/User.ts" -import crypto from 'node:crypto' -import Token from "./Token.ts" - -function normalizeKey(key: string, keyLength = 32) { - const hash = crypto.createHash('sha256') - hash.update(key) - const keyBuffer = hash.digest() - return keyLength ? keyBuffer.slice(0, keyLength) : keyBuffer -} - -export default class FileTokenManager { - static makeAuth(user: User) { - return crypto.createHash("sha256").update(user.bean.id + user.getPassword() + config.salt + '_file').digest().toString('hex') - } - static encode(token: Token) { - return crypto.createCipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update( - JSON.stringify(token) - ).toString('hex') - } - static decode(token: string) { - if (token == null) throw new Error('令牌為空!') - try { - return JSON.parse(crypto.createDecipheriv("aes-256-gcm", normalizeKey(config.aes_key + '_file'), '01234567890123456').update( - Buffer.from(token, 'hex') - ).toString()) as Token - } catch(e) { - throw new Error('令牌無效!') - } - } - - /** - * 簽發文件令牌 - */ - static make(user: User, device_id: string) { - const time = Date.now() - return this.encode({ - author: user.bean.id, - auth: this.makeAuth(user), - made_time: time, - // 過期時間: 2分鐘 - expired_time: time + (1 * 1000 * 60 * 2), - device_id: device_id - }) - } - /** - * 校驗文件令牌 - */ - static check(user: User, token: string) { - const tk = this.decode(token) - - return ( - this.makeAuth(user) == tk.auth - && tk.expired_time < Date.now() - ) - } -} diff --git a/server/main.ts b/server/main.ts index abebb4a..b67775c 100644 --- a/server/main.ts +++ b/server/main.ts @@ -11,21 +11,38 @@ import process from "node:process" import chalk from "chalk" import child_process from "node:child_process" import FileManager from "./data/FileManager.ts" +import TokenManager from "./api/TokenManager.ts" +import UserChatLinker from "./data/UserChatLinker.ts" import path from "node:path" +import cookieParser from 'cookie-parser' const app = express() app.use('/', express.static(config.data_path + '/page_compiled')) +app.use(cookieParser()) app.get('/uploaded_files/:hash', (req, res) => { const hash = req.params.hash as string + res.setHeader('Content-Type', 'text/plain') if (hash == null) { - res.sendStatus(404) - res.send("404 Not Found") + res.send("404 Not Found", 404) return } const file = FileManager.findByHash(hash) + + if (file.getChatId() != null) { + const userToken = TokenManager.decode(req.cookies.token) + console.log(userToken, req.cookies.device_id) + if (!TokenManager.checkToken(userToken, req.cookies.device_id)) { + res.send("401 UnAuthorized", 401) + return + } + if (!UserChatLinker.checkUserIsLinkedToChat(userToken.author, file.getChatId())) { + res.send("403 Forbidden", 403) + return + } + } + if (file == null) { - res.sendStatus(404) - res.send("404 Not Found") + res.send("404 Not Found", 404) return }