Fixed invitation link encryption key.

This commit is contained in:
Ylian Saint-Hilaire 2019-06-07 17:11:56 -07:00
parent 85ed10abd8
commit 74930c10df
4 changed files with 13 additions and 3 deletions

View File

@ -59,6 +59,7 @@ function CreateMeshCentralServer(config, args) {
obj.currentVer = null; obj.currentVer = null;
obj.serverKey = Buffer.from(obj.crypto.randomBytes(48), 'binary'); obj.serverKey = Buffer.from(obj.crypto.randomBytes(48), 'binary');
obj.loginCookieEncryptionKey = null; obj.loginCookieEncryptionKey = null;
obj.invitationLinkEncryptionKey = null;
obj.serverSelfWriteAllowed = true; obj.serverSelfWriteAllowed = true;
obj.serverStatsCounter = Math.floor(Math.random() * 1000); obj.serverStatsCounter = Math.floor(Math.random() * 1000);
obj.taskLimiter = obj.common.createTaskLimiterQueue(50, 20, 60); // (maxTasks, maxTaskTime, cleaningInterval) This is a task limiter queue to smooth out server work. obj.taskLimiter = obj.common.createTaskLimiterQueue(50, 20, 60); // (maxTasks, maxTaskTime, cleaningInterval) This is a task limiter queue to smooth out server work.
@ -836,6 +837,15 @@ function CreateMeshCentralServer(config, args) {
}); });
} }
// Load the invitation link encryption key from the database
obj.db.Get('InvitationLinkEncryptionKey', function (err, docs) {
if ((docs.length > 0) && (docs[0].key != null) && (docs[0].key.length >= 160)) {
obj.invitationLinkEncryptionKey = Buffer.from(docs[0].key, 'hex');
} else {
obj.invitationLinkEncryptionKey = obj.generateCookieKey(); obj.db.Set({ _id: 'InvitationLinkEncryptionKey', key: obj.invitationLinkEncryptionKey.toString('hex'), time: Date.now() });
}
});
// Start collecting server stats every 5 minutes // Start collecting server stats every 5 minutes
setInterval(function () { setInterval(function () {
obj.serverStatsCounter++; obj.serverStatsCounter++;

View File

@ -2509,7 +2509,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
if (common.validateInt(command.flags, 0, 256) == false) break; // Check the flags if (common.validateInt(command.flags, 0, 256) == false) break; // Check the flags
var mesh = parent.meshes[command.meshid]; var mesh = parent.meshes[command.meshid];
if (mesh == null) break; if (mesh == null) break;
const inviteCookie = parent.parent.encodeCookie({ a: 4, mid: command.meshid, f: command.flags, expire: command.expire * 60 }, parent.parent.loginCookieEncryptionKey); const inviteCookie = parent.parent.encodeCookie({ a: 4, mid: command.meshid, f: command.flags, expire: command.expire * 60 }, parent.parent.invitationLinkEncryptionKey);
if (inviteCookie == null) break; if (inviteCookie == null) break;
ws.send(JSON.stringify({ action: 'createInviteLink', meshid: command.meshid, expire: command.expire, cookie: inviteCookie })); ws.send(JSON.stringify({ action: 'createInviteLink', meshid: command.meshid, expire: command.expire, cookie: inviteCookie }));
break; break;

View File

@ -1,6 +1,6 @@
{ {
"name": "meshcentral", "name": "meshcentral",
"version": "0.3.6-h", "version": "0.3.6-i",
"keywords": [ "keywords": [
"Remote Management", "Remote Management",
"Intel AMT", "Intel AMT",

View File

@ -1070,7 +1070,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if ((domain == null) || ((req.query.m == null) && (req.query.c == null))) { res.sendStatus(404); return; } if ((domain == null) || ((req.query.m == null) && (req.query.c == null))) { res.sendStatus(404); return; }
if (req.query.c != null) { if (req.query.c != null) {
// A cookie is specified in the query string, use that // A cookie is specified in the query string, use that
var cookie = obj.parent.decodeCookie(req.query.c, obj.parent.loginCookieEncryptionKey); var cookie = obj.parent.decodeCookie(req.query.c, obj.parent.invitationLinkEncryptionKey);
if (cookie == null) { res.sendStatus(404); return; } if (cookie == null) { res.sendStatus(404); return; }
var mesh = obj.meshes[cookie.mid]; var mesh = obj.meshes[cookie.mid];
if (mesh == null) { res.sendStatus(404); return; } if (mesh == null) { res.sendStatus(404); return; }