diff --git a/lib/github-auth.js b/lib/github-auth.js index 63579b2..7827fce 100644 --- a/lib/github-auth.js +++ b/lib/github-auth.js @@ -4,13 +4,16 @@ var querystring = require('querystring'); var request = require('request'); var autosave = require('json-autosave'); -var githubUserTokens = autosave('github-user-tokens.json', {data:[]}); var serverSecrets; try { // Everything that cannot be checked in but is useful server-side // is stored in this JSON data. serverSecrets = require('../secret.json'); } catch(e) {} +var githubUserTokens; +autosave('github-user-tokens.json', {data:[]}).then(function(f) { + githubUserTokens = f; +}).catch(function(e) { console.error('Could not create github-user-tokens.json'); }); function setRoutes(server) { server.route(/^\/github-auth$/, function(data, match, end, ask) { @@ -46,8 +49,7 @@ function setRoutes(server) { }), method: 'POST', }; - console.log(JSON.stringify(options)); - request.post(options, function(err, res, body) { + request(options, function(err, res, body) { if (err != null) { return end('The connection to GitHub failed'); } try { var content = querystring.parse(body); @@ -58,35 +60,52 @@ function setRoutes(server) { } console.log('GitHub OAuth: ' + token); + // FIXME: synchronize things in the background. // Send the token to all of those IPs. var ips = serverSecrets.shieldsIps; Promise.all(ips.map(function(ip) { return new Promise(function(resolve, reject) { var options = { - uri: 'https://' + ip + '/github-auth/add-token', + url: 'https://' + ip + '/github-auth/add-token', method: 'POST', form: { shieldsSecret: serverSecrets.shieldsSecret, token: token, }, + // We target servers by IP, and we use HTTPS. Assuming that + // 1. Internet routers aren't hacked, and + // 2. We don't unknowingly lose our IP to someone else, + // we're not leaking people's and our information. + // (If we did, it would have no impact, as we only ask for a token, + // no GitHub scope. The malicious entity would only be able to use + // our rate limit pool.) + // FIXME: use letsencrypt. + strictSSL: false, }; - request.post(options, function(err, res, body) { - if (err != null) { return reject('Posting the GitHub user token failed'); } + request(options, function(err, res, body) { + if (err != null) { return reject('Posting the GitHub user token failed: ' + err.stack); } resolve(); }); }); })).then(function() { end('Done!'); + }).catch(function(e) { + console.error('GitHub user token transmission failed:', e); + end('Horror! Something went wrong. Please try again.'); }); }); }); server.route(/^\/github-auth\/add-token$/, function(data, match, end, ask) { + console.log('GitHub add token called with', JSON.stringify(data)); if (data.shieldsSecret !== serverSecrets.shieldsSecret) { // An unknown entity tries to connect. Let the connection linger for a minute. return setTimeout(function() { end('Invalid secret'); }, 60000); } - githubUserTokens.data.push(data.token); + // Insert it only if it is not registered yet. + if (githubUserTokens.data.indexOf(data.token) === -1) { + githubUserTokens.data.push(data.token); + } end('Thanks!'); }); }; diff --git a/package.json b/package.json index 9cc4997..eac6544 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "bower": "~1.4.1", "promise": "~7.0.0", "chrome-web-store-item-property": "^1.1.2", - "json-autosave": "~1.1.0" + "json-autosave": "~1.1.1" }, "devDependencies": { "ass": "~0.0.6",