113 lines
3.6 KiB
JavaScript
113 lines
3.6 KiB
JavaScript
const fetch = require('node-fetch')
|
|
const secp256k1 = require('secp256k1')
|
|
const bs58 = require('base-x')("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz")
|
|
var mongo = require("./mongoHelp.js")
|
|
|
|
|
|
async function verifyMsg (obj) {
|
|
userLookup = await mongo.get("list","allowedUsers",{user:obj.sender})
|
|
senderProtectionCheck = await mongo.get("list","allowedUsers",{user:obj.user})
|
|
if (userLookup.length == 0 ) {
|
|
return {"Message": "User Not Allowed"}
|
|
} else if (senderProtectionCheck.length != 0) {
|
|
return {"Message": "Can't modify trusted users"}
|
|
} else {
|
|
result = await fetch("https://avalon.d.tube/account/"+obj.sender)
|
|
sender = await result.json()
|
|
|
|
// thanks adrien
|
|
var allowedPubKeys = [sender.pub]
|
|
if (sender.keys)
|
|
for (let i = 0; i < sender.keys.length; i++)
|
|
allowedPubKeys.push(sender.keys[i].pub)
|
|
console.log(allowedPubKeys)
|
|
for (let i = 0; i < allowedPubKeys.length; i++) {
|
|
var bufferHash = Buffer.from(obj.hash, 'hex')
|
|
var b58sign = bs58.decode(obj.signature)
|
|
var b58pub = bs58.decode(allowedPubKeys[i])
|
|
if (secp256k1.ecdsaVerify(b58sign, bufferHash, b58pub)) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
}
|
|
|
|
list = {
|
|
getStatus: async (status) => {
|
|
return await mongo.get("list","list",{"status": status})
|
|
},
|
|
getUser: async (username) => {
|
|
res = await mongo.get("list","list",{"user": username})
|
|
return res[0]
|
|
},
|
|
writeUser: async (obj) => {
|
|
ver = await verifyMsg(obj)
|
|
if (ver == true) {
|
|
console.log(obj)
|
|
limitedObj={
|
|
user: obj.user,
|
|
status: obj.status,
|
|
reason: obj.reason,
|
|
sender: obj.sender,
|
|
ts: obj.ts,
|
|
hash: obj.hash,
|
|
signature: obj.signature,
|
|
}
|
|
res = await mongo.get("list","list",{"user": limitedObj.user})
|
|
if (res.length > 0 ){
|
|
if (limitedObj.sender == res.sender){
|
|
mongo.update("list","list",{"user": limitedObj.user}, limitedObj)
|
|
} else {
|
|
return {"Message": "This user is controlled by "+res.sender+" contact them to modify this entry, in an emergency contant nannal"}
|
|
}
|
|
|
|
} else {
|
|
mongo.put("list","list", limitedObj)
|
|
}
|
|
mongo.update("list","list",{"user": limitedObj.user}, limitedObj)
|
|
return {"Message":"Success"}
|
|
} else {
|
|
return ver
|
|
}
|
|
|
|
},
|
|
approveUser: async (obj) => {
|
|
ver = await verifyMsg(obj)
|
|
if (ver == true) {
|
|
console.log(obj)
|
|
limitedObj={
|
|
user: obj.user,
|
|
sender: obj.sender,
|
|
ts: obj.ts,
|
|
hash: obj.hash,
|
|
signature: obj.signature,
|
|
}
|
|
res = await mongo.get("list","allowedUsers",{"user": limitedObj.user})
|
|
if (res.length > 0 ){
|
|
return {"message":"User already approved by "+res.sender}
|
|
} else {
|
|
mongo.put("list","allowedUsers", limitedObj)
|
|
return {"Message":"Success"}
|
|
}
|
|
|
|
|
|
} else {
|
|
return ver
|
|
}
|
|
|
|
},
|
|
verifyUser: async (obj) => {
|
|
ver = await verifyMsg(obj)
|
|
if (ver == true) {
|
|
limitedObj ={
|
|
|
|
}
|
|
} else {
|
|
return ver
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = list
|