RanchiMall/exchangemarket-usd
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Custom session for distributed servers

Browse Source 
- Adding custom session login for the distributed server system.
- Added Sessions table to backup
This commit is contained in:
sairajzero 2022-01-18 05:11:34 +05:30
parent abb82b0b34
commit 348cc989c9
3 changed files with 123 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
args/schema.sql
View File

@ -8,10 +8,11 @@ PRIMARY KEY(floID)
);
CREATE TABLE Sessions (
id INT NOT NULL AUTO_INCREMENT,
floID CHAR(34) NOT NULL,
proxyKey CHAR(66) NOT NULL,
session_id VARCHAR(100) UNIQUE,
session_time DATETIME DEFAULT CURRENT_TIMESTAMP,
KEY (id),
PRIMARY KEY(floID),
FOREIGN KEY (floID) REFERENCES Users(floID)
);
@ -129,8 +130,7 @@ tag VARCHAR(50) NOT NULL,
sellPriority INT,
buyPriority INT,
api TINYTEXT,
PRIMARY KEY(tag),
KEY (id)
PRIMARY KEY(tag)
);
CREATE TABLE Tags (
@ -184,6 +184,13 @@ timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY(t_name, id)
);
CREATE TRIGGER Sessions_I AFTER INSERT ON Sessions
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Sessions', NEW.id) ON DUPLICATE KEY UPDATE mode=TRUE, timestamp=DEFAULT;
CREATE TRIGGER Sessions_U AFTER UPDATE ON Sessions
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Sessions', NEW.id) ON DUPLICATE KEY UPDATE mode=TRUE, timestamp=DEFAULT;
CREATE TRIGGER Sessions_D AFTER DELETE ON Sessions
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Sessions', OLD.id) ON DUPLICATE KEY UPDATE mode=NULL, timestamp=DEFAULT;
CREATE TRIGGER Cash_I AFTER INSERT ON Cash
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Cash', NEW.id) ON DUPLICATE KEY UPDATE mode=TRUE, timestamp=DEFAULT;
CREATE TRIGGER Cash_U AFTER UPDATE ON Cash

20
src/app.js
View File

@ -1,9 +1,8 @@
'use strict';
const express = require('express');
const cookieParser = require("cookie-parser");
const sessions = require('express-session');
//const cookieParser = require("cookie-parser");
//const sessions = require('express-session');
const Request = require('./request');
const WebSocket = require('ws');
const REFRESH_INTERVAL = 5 * 1000; //10 * 60 * 1000;
@ -12,16 +11,15 @@ module.exports = function App(secret, DB) {
if (!(this instanceof App))
return new App(secret, DB);
var server = null,
wss = null;
var server = null;
const app = express();
//session middleware
app.use(sessions({
/*app.use(sessions({
secret: secret,
saveUninitialized: true,
resave: false,
name: "session"
}));
}));*/
// parsing the incoming data
app.use(express.json());
app.use(express.urlencoded({
@ -30,12 +28,17 @@ module.exports = function App(secret, DB) {
//serving public file
app.use(express.static(PUBLIC_DIR));
// cookie parser middleware
app.use(cookieParser());
//app.use(cookieParser());
/* Decentralising - Users will load from user-end files and request via APIs only
//Initital page loading
app.get('/', (req, res) => res.sendFile('home.html', {
root: PUBLIC_DIR
}));
*/
//get code for login or signup
app.get('/get-login-code', Request.getLoginCode);
//signup request
app.post('/signup', Request.SignUp);
@ -76,6 +79,7 @@ module.exports = function App(secret, DB) {
app.post('/remove-tag', Request.removeUserTag);
Request.DB = DB;
Request.secret = secret;
//Properties
var periodInstance = null;

219
src/request.js
View File

@ -1,7 +1,7 @@
'use strict';
const market = require("./market");
var DB, trustedIDs; //container for database
var DB, trustedIDs, secret; //container for database
global.INVALID = function(message) {
if (!(this instanceof INVALID))
@ -28,6 +28,8 @@ function validateRequestFromFloID(request, sign, floID, proxy = true) {
return new Promise((resolve, reject) => {
if (!serving)
return reject(INVALID(INVALID_SERVER_MSG));
else if (!floCrypto.validateAddr(floID))
return res.status(INVALID.e_code).send("Invalid floID");
DB.query("SELECT " + (proxy ? "proxyKey AS pubKey FROM Sessions" : "pubKey FROM Users") + " WHERE floID=?", [floID]).then(result => {
if (result.length < 1)
return reject(INVALID(proxy ? "Session not active" : "User not registered"));
@ -57,18 +59,26 @@ function storeRequest(floID, req_str, sign) {
.then(_ => null).catch(error => console.error(error));
}
function getLoginCode(req, res) {
let randID = floCrypto.randString(8, true) + Math.round(Date.now() / 1000);
let hash = Crypto.SHA1(randID + secret);
res.status(INVALID.e_code).send({
code: randID,
hash: hash
});
}
function SignUp(req, res) {
if (!serving)
return res.status(INVALID.e_code).send(INVALID_SERVER_MSG);
let data = req.body,
session = req.session;
let data = req.body;
if (floCrypto.getFloID(data.pubKey) !== data.floID)
return res.status(INVALID.e_code).send("Invalid Public Key");
if (!session.random)
return res.status(INVALID.e_code).send("Invalid Session");
if (!data.code || data.hash != Crypto.SHA1(data.code + secret))
return res.status(INVALID.e_code).send("Invalid Code");
let req_str = validateRequest({
type: "create_account",
random: session.random,
random: data.code,
timestamp: data.timestamp
}, data.sign, data.pubKey);
if (req_str instanceof INVALID)
@ -90,22 +100,18 @@ function SignUp(req, res) {
}
function Login(req, res) {
let data = req.body,
session = req.session;
if (!session.random)
return res.status(INVALID.e_code).send("Invalid Session");
let data = req.body;
if (!data.code || data.hash != Crypto.SHA1(data.code + secret))
return res.status(INVALID.e_code).send("Invalid Code");
validateRequestFromFloID({
type: "login",
random: session.random,
random: data.code,
proxyKey: data.proxyKey,
timestamp: data.timestamp
}, data.sign, data.floID, false).then(req_str => {
DB.query("INSERT INTO Sessions (floID, session_id, proxyKey) VALUES (?, ?, ?) " +
"ON DUPLICATE KEY UPDATE session_id=?, session_time=DEFAULT, proxyKey=?",
[data.floID, req.sessionID, data.proxyKey, req.sessionID, data.proxyKey]).then(_ => {
if (data.saveSession)
session.cookie.maxAge = maxSessionTimeout;
session.user_id = data.floID;
DB.query("INSERT INTO Sessions (floID, proxyKey) VALUES (?, ?, ?) " +
"ON DUPLICATE KEY UPDATE session_time=DEFAULT, proxyKey=?",
[data.floID, data.code, data.proxyKey, data.code, data.proxyKey]).then(_ => {
storeRequest(data.floID, req_str, data.sign);
res.send("Login Successful");
}).catch(error => {
@ -123,32 +129,38 @@ function Login(req, res) {
}
function Logout(req, res) {
let session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("No logged in user found in this session");
DB.query("DELETE FROM Sessions WHERE floID=?", [session.user_id]).then(_ => {
session.destroy();
res.send('Logout successful');
validateRequestFromFloID({
type: "logout",
timestamp: data.timestamp
}, data.sign, data.floID).then(req_str => {
DB.query("DELETE FROM Sessions WHERE floID=?", [data.floID]).then(_ => {
storeRequest(data.floID, req_str, data.sign);
res.send('Logout successful');
}).catch(error => {
console.error(error);
res.status(INTERNAL.e_code).send("Logout failed! Try again later! Contact support if this error occurs frequently");
});
}).catch(error => {
console.error(error);
res.status(INTERNAL.e_code).send("Logout failed! Try again later! Contact support if this error occurs frequently");
if (error instanceof INVALID)
res.status(INVALID.e_code).send(error.message);
else {
console.error(error);
res.status(INTERNAL.e_code).send("Request processing failed! Try again later!");
}
});
}
function PlaceSellOrder(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "sell_order",
quantity: data.quantity,
min_price: data.min_price,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.addSellOrder(session.user_id, data.quantity, data.min_price)
}, data.sign, data.floID).then(req_str => {
market.addSellOrder(data.floID, data.quantity, data.min_price)
.then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send('Sell Order placed successfully');
}).catch(error => {
if (error instanceof INVALID)
@ -169,19 +181,16 @@ function PlaceSellOrder(req, res) {
}
function PlaceBuyOrder(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "buy_order",
quantity: data.quantity,
max_price: data.max_price,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.addBuyOrder(session.user_id, data.quantity, data.max_price)
}, data.sign, data.floID).then(req_str => {
market.addBuyOrder(data.floID, data.quantity, data.max_price)
.then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send('Buy Order placed successfully');
}).catch(error => {
if (error instanceof INVALID)
@ -202,19 +211,16 @@ function PlaceBuyOrder(req, res) {
}
function CancelOrder(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "cancel_order",
order: data.orderType,
id: data.orderID,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.cancelOrder(data.orderType, data.orderID, session.user_id)
}, data.sign, data.floID).then(req_str => {
market.cancelOrder(data.orderType, data.orderID, data.floID)
.then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -263,54 +269,42 @@ function getRate(req, res) {
}
function Account(req, res) {
if (!serving)
return res.status(INVALID.e_code).send(INVALID_SERVER_MSG);
const setLogin = function(message) {
let randID = floCrypto.randString(16, true);
req.session.random = randID;
res.status(INVALID.e_code).send({
message,
sid: randID
});
}
if (!req.session.user_id)
setLogin("Login required");
else {
DB.query("SELECT session_id, session_time FROM Sessions WHERE floID=?", [req.session.user_id]).then(result => {
if (result.length < 1) {
let data = req.body;
validateRequestFromFloID({
type: "get_account",
timestamp: data.timestamp
}, data.sign, data.floID).then(req_str => {
DB.query("SELECT session_time FROM Sessions WHERE floID=?", [data.floID]).then(result => {
if (result.length < 1)
res.status(INVALID.e_code).send("floID not registered");
return;
}
let {
session_id,
session_time
} = result.pop();
if (!session_id || session_id != req.sessionID || session_time + maxSessionTimeout < Date.now())
setLogin("Session Expired! Re-login required");
else {
let floID = req.session.user_id;
market.getAccountDetails(floID).then(result => {
if (trustedIDs.includes(floID))
else if (result[0].session_time + maxSessionTimeout < Date.now())
res.status(INVALID.e_code).send("Session Expired! Re-login required");
else
market.getAccountDetails(data.floID).then(result => {
if (trustedIDs.includes(data.floID))
result.subAdmin = true;
res.send(result)
res.send(result);
});
}
}).catch(_ => res.status(INTERNAL.e_code).send("Try again later!"));
}
}).catch(error => {
if (error instanceof INVALID)
res.status(INVALID.e_code).send(error.message);
else {
console.error(error);
res.status(INTERNAL.e_code).send("Request processing failed! Try again later!");
}
});
}
function DepositFLO(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "deposit_FLO",
txid: data.txid,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.depositFLO(session.user_id, data.txid).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.depositFLO(data.floID, data.txid).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -331,17 +325,14 @@ function DepositFLO(req, res) {
}
function WithdrawFLO(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "withdraw_FLO",
amount: data.amount,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.withdrawFLO(session.user_id, data.amount).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.withdrawFLO(data.floID, data.amount).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -362,17 +353,14 @@ function WithdrawFLO(req, res) {
}
function DepositRupee(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "deposit_Rupee",
txid: data.txid,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.depositRupee(session.user_id, data.txid).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.depositRupee(data.floID, data.txid).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -393,17 +381,14 @@ function DepositRupee(req, res) {
}
function WithdrawRupee(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "withdraw_Rupee",
amount: data.amount,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.withdrawRupee(session.user_id, data.amount).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.withdrawRupee(data.floID, data.amount).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -424,20 +409,17 @@ function WithdrawRupee(req, res) {
}
function addUserTag(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
else if (!trustedIDs.includes(session.user_id))
let data = req.body;
if (!trustedIDs.includes(data.floID))
return res.status(INVALID.e_code).send("Access Denied");
validateRequestFromFloID({
command: "add_Tag",
user: data.user,
tag: data.tag,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
}, data.sign, data.floID).then(req_str => {
market.group.addTag(data.user, data.tag).then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -458,11 +440,8 @@ function addUserTag(req, res) {
}
function removeUserTag(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
else if (!trustedIDs.includes(session.user_id))
let data = req.body;
if (!trustedIDs.includes(data.floID))
return res.status(INVALID.e_code).send("Access Denied");
else
validateRequestFromFloID({
@ -470,9 +449,9 @@ function removeUserTag(req, res) {
user: data.user,
tag: data.tag,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
}, data.sign, data.floID).then(req_str => {
market.group.removeTag(data.user, data.tag).then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -493,6 +472,7 @@ function removeUserTag(req, res) {
}
module.exports = {
getLoginCode,
SignUp,
Login,
Logout,
@ -518,6 +498,9 @@ module.exports = {
DB = db;
market.DB = db;
},
set secret(s) {
secret = s;
},
pause() {
serving = false;
},