Merge branch 'master' into refactor/email-ts

Author: ethanwu10

package.json

@@ -63,6 +63,7 @@
     "@types/mailgun-js": "0.22.10",
     "@types/mustache": "4.0.1",
     "@types/nodemailer": "6.4.0",
+    "@types/uuid": "8.0.1",
     "@typescript-eslint/eslint-plugin": "3.7.0",
     "@typescript-eslint/parser": "3.8.0",
     "ava": "3.11.1",

server/auth/index.js renamed to server/auth/index.ts

@@ -0,0 +1,37 @@
+import { v4 as uuidv4 } from 'uuid'
+import { makeUser, User } from '../database/users'
+import { getToken, tokenKinds } from './token'
+import { responses } from '../responses'
+import { ValueOf } from 'type-fest'
+
+export const register = async (
+  { division, email, name, ctftimeId }: Pick<User, 'division' | 'email' | 'name' | 'ctftimeId'>
+): Promise<[typeof responses.goodRegister, { authToken: string }] | ValueOf<typeof responses>> => {
+  const userUuid = uuidv4()
+  try {
+    await makeUser({
+      division,
+      email,
+      name,
+      id: userUuid,
+      ctftimeId,
+      perms: 0
+    })
+  } catch (e) {
+    if (e instanceof Object) {
+      const { constraint } = e as { constraint?: string }
+      if (constraint === 'users_ctftime_id_key') {
+        return responses.badKnownCtftimeId
+      }
+      if (constraint === 'users_email_key') {
+        return responses.badKnownEmail
+      }
+      if (constraint === 'users_name_key') {
+        return responses.badKnownName
+      }
+    }
+    throw e
+  }
+  const authToken = await getToken(tokenKinds.auth, userUuid)
+  return [responses.goodRegister, { authToken }]
+}

server/auth/register.js

@@ -0,0 +1,105 @@
+import { promisify } from 'util'
+import crypto from 'crypto'
+import config from '../config/server'
+import { ValueOf } from 'type-fest'
+import { User } from '../database/users'
+
+const randomBytes = promisify(crypto.randomBytes)
+const tokenKey = Buffer.from(config.tokenKey, 'base64')
+
+export enum tokenKinds {
+  auth = 0,
+  team = 1,
+  verify = 2,
+  ctftimeAuth = 4
+}
+
+export enum VerifyTokenKinds {
+  update = 'update',
+  register = 'register'
+}
+
+export type AuthTokenData = string
+export type TeamTokenData = string
+export interface VerifyTokenData {
+  verifyId: string
+  kind: VerifyTokenKinds
+  userId: User['id']
+  email: User['email']
+  division: User['division']
+}
+export type CtftimeAuthTokenData = string
+
+// Internal map of type definitions for typing purposes only -
+// this type does not describe a real data-structure
+type TokenDataTypes = {
+  [tokenKinds.auth]: AuthTokenData;
+  [tokenKinds.team]: TeamTokenData;
+  [tokenKinds.verify]: VerifyTokenData;
+  [tokenKinds.ctftimeAuth]: CtftimeAuthTokenData;
+}
+
+export type Token = string
+
+interface InternalTokenData<Kind extends tokenKinds> {
+  k: Kind
+  t: number
+  d: TokenDataTypes[Kind]
+}
+
+const tokenExpiries: Record<ValueOf<typeof tokenKinds>, number> = {
+  [tokenKinds.auth]: Infinity,
+  [tokenKinds.team]: Infinity,
+  [tokenKinds.verify]: config.loginTimeout,
+  [tokenKinds.ctftimeAuth]: config.loginTimeout
+}
+
+const timeNow = () => Math.floor(Date.now() / 1000)
+
+const encryptToken = async <Kind extends tokenKinds>(content: InternalTokenData<Kind>): Promise<Token> => {
+  const iv = await randomBytes(12)
+  const cipher = crypto.createCipheriv('aes-256-gcm', tokenKey, iv)
+  const cipherText = cipher.update(JSON.stringify(content))
+  cipher.final()
+  const tokenContent = Buffer.concat([iv, cipherText, cipher.getAuthTag()])
+  return tokenContent.toString('base64')
+}
+
+const decryptToken = async <Kind extends tokenKinds>(token: Token): Promise<InternalTokenData<Kind> | null> => {
+  try {
+    const tokenContent = Buffer.from(token, 'base64')
+    const iv = tokenContent.slice(0, 12)
+    const authTag = tokenContent.slice(tokenContent.length - 16)
+    const cipher = crypto.createDecipheriv('aes-256-gcm', tokenKey, iv)
+    cipher.setAuthTag(authTag)
+    const plainText = cipher.update(tokenContent.slice(12, tokenContent.length - 16))
+    cipher.final()
+    return JSON.parse(plainText.toString()) as InternalTokenData<Kind>
+  } catch (e) {
+    return null
+  }
+}
+
+export const getData = async <Kind extends tokenKinds>(expectedTokenKind: Kind, token: Token): Promise<TokenDataTypes[Kind] | null> => {
+  const content = await decryptToken<Kind>(token)
+  if (content === null) {
+    return null
+  }
+  const { k: kind, t: createdAt, d: data } = content
+  if (kind !== expectedTokenKind) {
+    return null
+  }
+  if (createdAt + tokenExpiries[kind] < timeNow()) {
+    return null
+  }
+  return data
+}
+
+export const getToken = async <Kind extends tokenKinds>(tokenKind: Kind, data: TokenDataTypes[Kind]): Promise<Token> => {
+  const token = await encryptToken({
+    k: tokenKind,
+    t: timeNow(),
+    d: data
+  })
+  return token
+}

server/auth/register.ts

@@ -1306,6 +1306,11 @@
   dependencies:
     "@types/node" "*"
 
+"@types/[email protected]":
+  version "8.0.1"
+  resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-8.0.1.tgz#42958a1a880640b139eea97a1640e1a3f61016d2"
+  integrity sha512-2kE8rEFgJpbBAPw5JghccEevQb0XVU0tewF/8h7wPQTeCtoJ6h8qmBIwuzUVm2MutmzC/cpCkwxudixoNYDp1A==
+
 "@typescript-eslint/[email protected]":
   version "3.7.0"
   resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-3.7.0.tgz#0f91aa3c83d019591719e597fbdb73a59595a263"