that.db.getWalletRecord(req.query.serverKey, function(err, payload) {
if(err) {
console.log('Wallet Get Error: '+err);
return res.send({result: 'error', message: 'Error retreiving wallet'});
}
if(!payload || !payload.wallet)
return res.send({result: 'error', message: 'Invalid login information'});
if(typeof req.query.authCode == 'undefined' && payload.authKey)
return res.send({result: 'authCodeNeeded', message: 'Two factor authentication code needed'});
if(payload.authKey) {
var code = speakeasy.time({key: payload.authKey, encoding: 'base32'});
if(req.query.authCode != code)
return res.send({result: 'error', message: 'Two factor authentication code was invalid'});
}
that.db.generateSessionKey(req.query.serverKey, function(err, key) {
if(err)
return res.send({result: 'error', message: 'Error generating session key, please try again later'});
res.send({wallet: payload.wallet, sessionKey: key});
});
});
db.getWalletRecord(req.query.serverKey, function(err, payload) {
if(err) {
console.log('Wallet Get Error: '+err);
return res.send({result: 'error', message: 'Error retreiving wallet'});
}
if(!payload || !payload.wallet)
return res.send({result: 'error', message: 'Wallet not found or invalid password'});
if(!(req.signedCookies.authCode &&
req.signedCookies.authCode.user == payload.email &&
req.signedCookies.authCode.time > Date.now())){
if(typeof req.query.authCode == 'undefined' && payload.authKey)
return res.send({result: 'authCodeNeeded', message: 'Two factor authentication code needed'});
if(payload.authKey) {
var code = speakeasy.time({key: payload.authKey, encoding: 'base32'});
if(req.query.authCode != code)
return res.send({result: 'error', message: 'Two factor authentication code was invalid'});
res.cookie('authCode', {user: payload.email, time: Date.now() + 7200000}, {maxAge: 7200000, signed: true});
}
}
var usingAuthKey = false;
if(payload.authKey){
usingAuthKey = true;
}
return res.send({wallet: payload.wallet, usingAuthKey: usingAuthKey});
});
.then(function (users) {
var user = users.length && users[0];
if (!user) {
defer.resolve(false);
return;
}
var correct = speakeasy.time({ key: user['otp_key'], encoding: 'base32' });
defer.resolve(correct == otp);
})
app.get('redis').set(mac, key.hex, function(err,result){
if(err || result !== 'OK'){
return res.jsonp(500, {code:500, error:{errorcode: 1, desc: "数据库操作失败"}});
}
var r = {code:200, time: time, seed: key.base32}
if ('development' == app.get('env')) {
r['dynamic'] = speakeasy.time({key: key.base32 , encoding: 'base32'}) //speakeasy.totp({key: key.base32 , time: time})
}
res.jsonp(r);
});
server.post('/wallet/api/setAuthKey', function(req, res) {
var code = speakeasy.time({key: req.body.key, encoding: 'base32'});
if(code != req.body.code)
return res.send({set: false});
db.setAuthKey(req.body.serverKey, req.body.key, function(err, success) {
if(err)
return res.send({set: false});
res.send({set: true});
});
});
ntp.getNetworkTime(ewdChild.ntp.host, ewdChild.ntp.port, function(err, date) {
if (err) {
if (callback) callback({error: err});
}
else {
var code = se.time({
key: key,
time: date.getTime()/1000,
encoding: 'base32'
});
var match = false;
if (code.toString() === enteredCode.toString()) match = true;
if (callback) callback({match: match});
}
});
exports.consume = function(key, guess) {
var answer = speakeasy.time({ key: key, encoding: 'base32' })
assert(answer)
if (~usedOtp.indexOf(key + answer)) {
return null
}
usedOtp.push(key + answer)
if (usedOtp.length > 10000) {
usedOtp.shift()
}
debug('expected otp %s, received %s', answer, guess)
return guess == answer
}
db.getWalletRecord(req.body.serverKey, function(err, payload) {
if(err)
console.log('Wallet Get Error: '+err);
if(!payload || !payload.authKey)
return res.send({result: 'error', message: 'no auth key found for this wallet'});
var code = speakeasy.time({key: payload.authKey, encoding: 'base32'});
if(code != req.body.authCode)
return res.send({result: 'error', message: 'invalid auth code'});
db.disableAuthKey(req.body.serverKey, function(err, result) {
if(err)
return res.send({result: 'error', message: 'could not update database, please try again later'});
res.send({result: 'success'});
});
});
db.getWalletRecord(req.query.serverKey, function(err, payload) {
if(err) {
console.log('Wallet Get Error: '+err);
return res.send({result: 'error', message: 'Error retreiving wallet'});
}
if(!payload || !payload.wallet)
return res.send({result: 'error', message: 'Wallet not found'});
if(typeof req.query.authCode == 'undefined' && payload.authKey)
return res.send({result: 'authCodeNeeded', message: 'Two factor authentication code needed'});
if(payload.authKey) {
var code = speakeasy.time({key: payload.authKey, encoding: 'base32'});
if(req.query.authCode != code)
return res.send({result: 'error', message: 'Two factor authentication code was invalid'});
}
return res.send({wallet: payload.wallet});
});
function getToken(secret) {
return speakeasy.time({secret: secret, encoding: 'base32'})
}
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error before anything else
if (err)
return done(err);
// if no user is found, return the message
if (!user)
return done(null, false, req.flash('loginMessage', 'Invalid username or password, please try again.')); // req.flash is the way to set flashdata using connect-flash
if(user.local.verifiedEmail == false){
return done(null, false, req.flash('loginMessage', 'Please contact the admin to activate your beta account (josh@cannacoin.cc).')); // req.flash is the way to set flashdata using connect-flash
}
// if the user is found but the password is wrong
if (!user.validPassword(password)) {
User.update( { _id: user }, {$inc: {"local.failedAttempts" : 1 }}, function(err, result) {});
return done(null, false, req.flash('loginMessage', 'Invalid username or password, please try again.')); // create the loginMessage and save it to session as flashdata
}
//If we have 2FA enabled, check that it's legit
if(user.apiKeys.google2fa.enabled == true){
var google2faCode = speakeasy.time({key: user.apiKeys.google2fa.base32, encoding: 'base32'});
var google2faForm = req.body.google2faCode
if(google2faCode == google2faForm) {
// all is well, return successful user
return done(null, user);
} else {
//Invalid 2FA Code
return done(null, false, req.flash('loginMessage', 'Invalid 2FA Code, please try again.')); // create the loginMessage and save it to session as flashdata
}
}
if(user.apiKeys.yubiKey.enabled == true){
var uuid;
//Hook into request for yubikey code.
//HMAC
var OTP = req.body.yubiKeyOtp;
if(OTP == null || OTP == undefined || OTP == ''){
OTP = 'blank request'
}
var UUID = user.apiKeys.yubiKey.uuid;
var apiKey = process.env.FOBFUSCATE_API_KEY;
var apiUrl = process.env.FOBFUSCATE_API_URL;
//HMAC Hash output
var hash = crypto.createHash('sha256');
hash.update(OTP+UUID+apiKey);
MAC = hash.digest('hex');
// Create HTTP Request to send to Bittrex
request.post(apiUrl, {
form: {OTP: OTP, MAC: MAC}
}, function(error, response, body) {
console.log(body)
body = JSON.parse(body);
if(body.IsSuccess){
return done(null, user);
}
if(!body.IsSuccess) {
return done(null, false, req.flash('loginMessage', 'Error: ' + body.LastError)); // create the loginMessage and save it to session as flashdata
}
});
} else {
// all is well, return successful user
return done(null, user);
}
});
.then(function (users) {
var user = users.length && users[0];
var correct = speakeasy.time({ key: user['otp_key'], encoding: 'base32' });
req.url = '/secure-proxy/api/otp?action=check&otp=' + correct;
api.otp('http', 'sid', req, res);
});
exports.code = function(req, res){
var code = req.param('code') || 'MZEHSNLBGUYDKKLLFERUWJDIGAXU4ILOEFDSQ3KVGBWE2JS6OE3A'
time = new Date()
var k = speakeasy.time({key: code , encoding: 'base32'})
res.jsonp({key : k , time: time, code : code});
}