Skip to content

JWT authentication support #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
eljasala wants to merge 5 commits into
base: master
Choose a base branch
from
Open

JWT authentication support #2

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bae60f2
JWT authentication
eljasala Jun 7, 2016
9d262f2
Merge branch 'docker' into jwt_auth
eljasala Jun 8, 2016
6757899
Merge conflict resolved
eljasala Jun 8, 2016
59654ee
Fix ECDSA authentication
eljasala Aug 17, 2016
48d35e5
add detectBrowserInfo function
lennart-csio Mar 2, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,14 @@ FROM node:4.3.1
WORKDIR /usr/src/app

COPY package.json /usr/src/app/
RUN npm install; mkdir ssl; openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout ssl/server.key -out ssl/server.crt -passin pass:v2ZIZj2jKUap -subj '/CN=localhost/O=Local/C=FI'; cp ssl/server.crt ssl/ca.crt
RUN npm install; \
mkdir ssl; \
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout ssl/server.key -out ssl/server.crt -passin pass:v2ZIZj2jKUap -subj '/CN=localhost/O=Local/C=FI'; \
cp ssl/server.crt ssl/ca.crt; \
if [ ! -f ssl/ecprivate.key ]; \
then openssl ecparam -out ssl/ecprivate.key -name secp256k1 -genkey; \
openssl ec -in ssl/ecprivate.key -pubout -out ssl/ecpub.key; \
fi
COPY . /usr/src/app

CMD [ "npm", "start" ]
Expand Down
32 changes: 28 additions & 4 deletions app/webrtc_app.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ var inBoundRemoteStatsKeys;
var outBoundRemoteStatsKeys;
var pcKeys;

var room = 'foo';
var room = "'><img src='' onerror=alert('foo') />";
Copy link
Contributor

@marcinag marcinag Jun 9, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why such a room name?

Copy link
Contributor

@vr000m vr000m Jun 10, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was this to test an XSS attack vector?

console.log("Room is " + room);

var temp = Math.floor(Math.random()*10000);
Expand Down Expand Up @@ -74,14 +74,13 @@ if (room !== ''){
//socket.emit('participant', room,myUserId);
doGetUserMedia(function(status){
if (status === true) {
socket.emit('participant', room,myUserId);
socket.emit('participant', room, myUserId);
}
});
}

var appConfig = AppConfiguration();
var appId = appConfig.appId;
var appSecret = appConfig.appSecret;

var callStats = new callstats($,io,jsSHA);
Copy link
Contributor

@marcinag marcinag Jun 9, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$ should be replaced with 'null'. According to the latest dependencies schema.


Expand Down Expand Up @@ -488,8 +487,33 @@ function csReportErrorCallback (err, msg){
var params = {
//disableBeforeUnloadHandler: false
};
var createTokenGeneratorTimer;

var tokenGenerator = (function () {
var cached = null;
return function(forcenew, callback) {
if (!forcenew && cached !== null) {
return callback(null, cached);
}
socket.emit('generateToken', "foobar", function (err, token) {
if (err) {
console.log('Token generation failed');
console.log("try again");
return createTokenGeneratorTimer(forcenew, callback);
}
console.log("got token");
callback(null, token);
});
};
})();

createTokenGeneratorTimer = function (forcenew, callback) {
return setTimeout(function () { console.log("calling tokenGenerator"); tokenGenerator(forcenew, callback);}, 100);
};


callStats.initialize(appId, tokenGenerator, myUserId, csInitCallback,statsCallback);

callStats.initialize(appId, appSecret, myUserId, csInitCallback,statsCallback);

document.getElementById("switchBtn").onclick = switchScreen;

Expand Down
41 changes: 40 additions & 1 deletion index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ var http = require('http');
var https = require('https');
var fs = require('fs');
var path = require('path');
var jwt = require('jsonwebtoken');
var crypto = require('crypto');
var config = require('./config.js');
var numClients = 0;

var usernames = [];
Expand All @@ -13,6 +16,9 @@ var ids = {};

var server = http.createServer(app);
fs.exists = fs.exists || require('path').exists;
var privKey = null;

privKey = fs.readFileSync('ssl/ecprivate.key');

//app.listen(8080);
app.root = __dirname;
Expand All @@ -22,7 +28,7 @@ server.listen(8080);
app.use("/", express.static(__dirname + '/app'));
app.get('/', function (req, res) {
console.log("Req ",req);
res.sendFile('/app/index.html',{root: __dirname})
res.sendFile('/app/index.html',{root: __dirname});
});

app.get('/dailystatstest', function (req, res) {
Expand Down Expand Up @@ -97,6 +103,39 @@ io.sockets.on('connection', function (socket){

});

socket.on('generateToken', function (data, callback) {
if (socket.username === undefined || socket.username === null) {
return callback('userNotJoined');
}
// First generate the JWTID
crypto.randomBytes(48, function(err, buffer) {
if (err) {
return callback(err);
}
var tokenid = buffer.toString('hex');
var token = null;
try {
// Try to sign teh token
token = jwt.sign(
{
userID: socket.username,
appID: config.appID
}, privKey,
{
algorithm: "ES256",
jwtid: tokenid,
expiresIn: 300, //5 minutes
notBefore: -300 //-5 minutes
});
} catch (error) {
console.log(error);
return callback(error);
}
console.log({action: "GrantToken", user: socket.username, tokenid: tokenid});
Copy link
Contributor

@marcinag marcinag Jun 9, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's happening with tokenid?

Copy link
Contributor Author

@eljasala eljasala Jun 10, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In real system, for audit purposes you should log the generated tokens. As this is a sample implementation, we will just log the fact that the token was granted.

callback(null, token);
});
});

socket.on('disconnect', function () {
var room = socket.roomId;
console.log('User disconnected ',socket.username,room);
Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
"license": "ISC",
"dependencies": {
"express": "^4.13.3",
"socket.io": "1.3.7"
"socket.io": "1.3.7",
"jsonwebtoken": "7.0.0"
},
"private": true,
"scripts": {
Expand Down