Login - closes #64

Author: benfrancis

.gitignore

@@ -1,3 +1,4 @@
 node_modules/
+db/
 *.snap
 krellian-kiosk_*.txt

chrome/js/kiosk.js

@@ -3,7 +3,7 @@ const ipcRenderer = electron.ipcRenderer;
 const parseArgs = require('minimist');
 const DEFAULT_HOST = 'http://localhost';
 const DEFAULT_PORT = '8080';
-const DEFAULT_PAGE = '/placeholder.html';
+const DEFAULT_PAGE = '/display';
 
 /**
  * System chrome loaded inside the top level window.

package-lock.json

@@ -22,6 +22,7 @@
     "dbus": "^1.0.7",
     "dompurify": "^2.0.12",
     "express": "^4.17.1",
+    "jsonwebtoken": "^8.5.1",
     "level": "^6.0.1",
     "minimist": "^1.2.5"
   }

package.json

@@ -1,7 +1,8 @@
 const express = require('express');
 const router = require('./services/router');
 const database = require('./services/database');
-const networkManager = require('./services/models/network-manager');
+const credentials = require('./services/models/credentials');
+const network = require('./services/models/network');
 
 /**
  * Services expose kiosk features over HTTP, both locally and via the
@@ -15,11 +16,13 @@ var Services = {
    * @param {integer} port HTTP port.
    */
   start: function(port) {
-    // Start database;
-    database.start();
+    // Start database and credential manager
+    database.start()
+    .then(() => credentials.start())
+    .catch((error) => {console.log(error)});
 
     // Start network manager
-    networkManager.start();
+    network.start();
 
     // Start HTTP server
     this.server = express();

services.js

@@ -0,0 +1,49 @@
+/**
+ * Authenticate user.
+ */
+
+'use strict';
+
+const jwt = require('jsonwebtoken');
+const credentials = require('./models/credentials');
+const DEFAULT_USER = 'admin';
+
+const Authentication = {
+  /**
+   * Authenticate user based on username and password.
+   *
+   * @param {String} username Username provided by user.
+   * @param {String} password Password provided by user.
+   * @return {Promise<Object>} false if invalid, if valid object of the form:
+   *   {
+   *     user: { username: 'admin' },
+   *     jwt: 'fmkdalfmkadl.hfidoafhiado.hifoadhfidao'
+   *   }
+   *
+   */
+  authenticate: async function(username, password) {
+    // Check username (currently hard coded)
+    if (username != DEFAULT_USER) {
+      return false;
+    }
+
+    // Check Password
+    return credentials.checkPassword(password).then((match) => {
+      if (!match) {
+        return false;
+      }
+      const user = { 'username': DEFAULT_USER };
+      // Get private keys
+      let privateKey = credentials.getPrivateKey();
+      // Generate a JWT (JSON Web Token)
+      // TODO: Send public key with response
+      const token = jwt.sign(user, privateKey, { algorithm: 'RS256' });
+      return { user: user, jwt: token };
+    }).catch((error) => {
+      console.error('Error checking password: ' + error);
+      return false;
+    });
+  }
+};
+
+module.exports = Authentication;

services/authentication.js

@@ -0,0 +1,61 @@
+'use strict';
+
+const jwt = require('jsonwebtoken');
+const credentials = require('./models/credentials');
+
+/**
+ * Authorisation middleware.
+ *
+ * Checks incoming requests for a valid JSON Web Token.
+ *
+ * Note: So far just JWT-based authentication with blanket authorization for
+ * all requests with a verified JWT which go through this middleware.
+ *
+ * @param {Object} request HTTP request object.
+ * @param {Object} response HTTP response object.
+ * @param {Object} next Callback.
+ */
+function middleware(request, response, next) {
+  let authorized = authorize(request);
+  if (authorized) {
+    next();
+  } else {
+    response.status(401).send('No valid JWT provided.');
+  }
+}
+
+/**
+ * Authorisation middleware.
+ *
+ * Authorizes a request based on its JWT (JSON Web Token).
+ *
+ * @param {Object} request HTTP request object.
+ */
+function authorize(request) {
+  const authorization = request.headers.authorization;
+  // Check for authorization header
+  if (!authorization) {
+    return false;
+  }
+  const [type, token] = authorization.split(' ');
+  if (type !== 'Bearer') {
+    return false;
+  }
+
+  // Get public key to verify JWT
+  let publicKey = credentials.getPublicKey();
+
+  // Try to verify JWT
+  try {
+    var decoded = jwt.verify(token, publicKey);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+
+module.exports = {
+  middleware,
+  authorize
+};

services/authorization.js

@@ -17,7 +17,7 @@ router.post('/load_url', function(request, response) {
   if (request.body) {
     var url = request.body;
     userAgent.loadURL(url);
-    response.status(201).send(url);
+    response.status(201).json(url);
   } else {
     response.status(400).send();
   }

services/controllers/actions-controller.js

@@ -0,0 +1,28 @@
+/*
+ * Login Controller
+ *
+ * Serves requests to /login
+ */
+
+'use strict';
+
+const express = require('express');
+const router = express.Router();
+const authentication = require('../authentication');
+
+router.post('/', (request, response) => {
+  const username = request.body.username;
+  const password = request.body.password;
+  if (!username || !password) {
+    response.status(400).send('Username or password not provided.');
+  }
+  authentication.authenticate(username, password).then((result) => {
+    if (result == false) {
+      response.status(401).send('Invalid username or password.');
+    } else {
+      response.status(200).json(result);
+    }
+  });
+});
+
+module.exports = router;