From 34d2046cea1a5bce07b306a729c7f17a333abac7 Mon Sep 17 00:00:00 2001
From: "Dmitriy A. Gerasimov" <dmitriy.gerasimov@demlabs.net>
Date: Sat, 9 Nov 2019 16:12:53 +0700
Subject: [PATCH] [+] cdb user managment script [+] cdb auth domain
---
dist/share/configs/cellframe-node.cfg.tpl | 1 +
scripts/dap_domain_create | 24 +++++++
scripts/dap_domain_list | 3 +
scripts/dap_user_change_password | 37 +++++++++++
scripts/dap_user_create | 77 +++++++++++++++++++++++
scripts/dap_user_update | 22 +++++++
scripts/set_subscription_for_client | 38 +++++++++++
7 files changed, 202 insertions(+)
create mode 100755 scripts/dap_domain_create
create mode 100755 scripts/dap_domain_list
create mode 100644 scripts/dap_user_change_password
create mode 100755 scripts/dap_user_create
create mode 100755 scripts/dap_user_update
create mode 100644 scripts/set_subscription_for_client
diff --git a/dist/share/configs/cellframe-node.cfg.tpl b/dist/share/configs/cellframe-node.cfg.tpl
index 10f67c556..57f30cd4b 100644
--- a/dist/share/configs/cellframe-node.cfg.tpl
+++ b/dist/share/configs/cellframe-node.cfg.tpl
@@ -31,6 +31,7 @@ networks=[kelvin-testnet,private]
[cdb_auth]
enabled=false
collection_name=mycollection
+domain=mydomain
# VPN stream channel processing module
diff --git a/scripts/dap_domain_create b/scripts/dap_domain_create
new file mode 100755
index 000000000..eb791c245
--- /dev/null
+++ b/scripts/dap_domain_create
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+echo "Creating the new user for dapserver authorization"
+
+if [ $# -eq 1 ]; then
+ domain=$1
+else
+ read -p "Enter domain name: " domain
+ if [ -z "$domain" ]; then
+ echo "[CRITICAL] Need domain name to create new record in the database"
+ exit 1
+ fi
+
+fi
+
+mongodomain=`mongo dapDb --eval "db.dap_domains.distinct( \"_id\", { domain : \"$domain\" })"`
+mongodomain=`echo "$mongodomain" | tail -1 | tr -d "[] "`
+
+if [ -z $mongodomain ]; then
+ mongo dapDb --eval "db.dap_domains.insert( {domain:\"$domain\" } )"
+else
+ echo "[CRITICAL] Domain name $domain is already present"
+fi
+
diff --git a/scripts/dap_domain_list b/scripts/dap_domain_list
new file mode 100755
index 000000000..f54f2ad2b
--- /dev/null
+++ b/scripts/dap_domain_list
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+mongo dapDb --eval "db.dap_domains.find()"
diff --git a/scripts/dap_user_change_password b/scripts/dap_user_change_password
new file mode 100644
index 000000000..9325bcb98
--- /dev/null
+++ b/scripts/dap_user_change_password
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+echo "Creating the new user for dapserver authorization"
+
+read -p "Enter login: " login
+if [ -z "$login" ]; then
+ echo "[CRITICAL] Need username to create new login record in the database"
+ exit 1
+fi
+
+result=$(mongo dapDb --eval "db.dap_users.find( { login : \"${login}\" } )" | wc -l)
+
+if [ $result -eq 2 ]; then
+ echo "Login not found in DataBase"
+ exit 2
+fi
+
+read -p "Enter new password: " password
+if [ -z "$password" ]; then
+ echo "[CRITICAL] Need secure password to create new login record in the database"
+ exit 3
+fi
+
+salt=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8; echo '')
+
+echo -n "${password}${salt}" | openssl dgst -sha512 -binary > temp.txt
+echo -n "${salt}" | openssl dgst -sha512 -binary >> temp.txt
+b64=$(cat temp.txt | base64)
+b64urlstring=$(echo $b64 | tr "+/" "-_" | tr -d ' =')
+b64salt=$(echo -n ${salt} | base64 | tr "+/" "-_" | tr -d ' =')
+rm temp.txt
+
+mongo dapDb --eval "db.dap_users.update( { login : \"${login}\"}, { \$set: { passwordHash : \"${b64urlstring}\", salt : \"${b64salt}\" } } )"
+
+
+
+
diff --git a/scripts/dap_user_create b/scripts/dap_user_create
new file mode 100755
index 000000000..4e73bfaa8
--- /dev/null
+++ b/scripts/dap_user_create
@@ -0,0 +1,77 @@
+#!/bin/sh
+
+echo "Creating the new user for dapserver authorization"
+
+if [ $# -eq 1 ]; then
+ echo "Need two parametrs ( email and password )"
+ exit 5
+fi
+
+if [ $# -eq 2 ]; then
+
+ email=$1
+ password=$2
+
+ is_correct_email=$(echo $email | grep -E "^.+@.+[.].+$")
+ if [ -z $is_correct_email ]; then
+ echo Error! Bad email address. Use first parametr email, second - password
+ exit 4
+ fi
+else
+
+ read -p "Enter login: " login
+ if [ -z "$login" ]; then
+ echo "[CRITICAL] Need username to create new login record in the database"
+ exit 1
+ fi
+
+ read -p "Enter password: " password
+ if [ -z "$password" ]; then
+ echo "[CRITICAL] Need secure password to create new login record in the database"
+ exit 2
+ fi
+
+ read -p "Enter email: " email
+
+ if [ -n "$email" ]; then
+ is_correct_email=$(echo $email | grep -E "^.+@.+[.].+$")
+ if [ -z $is_correct_email ]; then
+ echo Error! Bad email address.
+ exit 4
+ fi
+ fi
+
+ read -p "Enter first_name ( can skip ): " first_name
+ read -p "Enter last_name ( can skip ): " last_name
+
+fi
+
+domain=klvn.io
+
+mongodomain=`mongo dapDb --eval "db.dap_domains.distinct( \"_id\", { domain : \"$domain\" })" `
+mongodomain=`echo "$mongodomain" | tail -1 | tr -d "[] "`
+
+if [ -z $mongodomain ]; then
+ echo "domain not find in database"
+ exit 3
+else
+
+fi
+
+password_hash=$(/opt/cellframe-node/bin/dap_server_http_db_auth_tool password_hash ${password})
+echo "Password hash $password_hash"
+if [ -z "$login" ]; then
+ login=$email
+fi
+
+if [ -z "$email" ]; then
+ email=$login
+fi
+
+registration_date=$(date -u "+%Y-%m-%d %T")
+expired_date=$(date -u -d '+ 3 day' '+%Y-%m-%d %T')
+
+mongo dapDb --eval "db.dap_users.insert( { login : \"${login}\", email : \"${email}\", passwordHash : \"${password_hash}\",\
+domainId : ${mongodomain}, profile: { first_name : \"${first_name}\",\
+last_name : \"${last_name}\" }, registration_date : ISODate(\"${registration_date}\"), expire_date : ISODate(\"${expired_date}\"), contacts: [] } )"
+
diff --git a/scripts/dap_user_update b/scripts/dap_user_update
new file mode 100755
index 000000000..fafb295c9
--- /dev/null
+++ b/scripts/dap_user_update
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+echo "Update user for dapserver authorization"
+
+if [ $# -lt 3 ] || [ $# -gt 4 ]; then
+ echo "Need three or four parametrs ( login, first_name, last_name, password ( if want change) )."
+ exit 1
+fi
+
+if [ $# -eq 3 ]; then
+ mongo dapDb --eval "db.dap_users.update( { login : \"${1}\"}, { \$set: { \"profile.first_name\" : \"${2}\", \"profile.last_name\" : \"${3}\" } } )"
+ exit 0
+fi
+
+password=${4}
+
+password_hash=$(/opt/cellframe-node/bin/dap_server_http_db_auth_tool password_hash ${password})
+echo "Password hash $password_hash"
+
+
+mongo dapDb --eval "db.dap_users.update( { login : \"${1}\"}, { \$set: { passwordHash : \"${password_hash}\", \"profile.first_name\" : \"${2}\", \"profile.last_name\" : \"${3}\" } } )"
+
diff --git a/scripts/set_subscription_for_client b/scripts/set_subscription_for_client
new file mode 100644
index 000000000..8be3eb722
--- /dev/null
+++ b/scripts/set_subscription_for_client
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+: 'Выдача подпиÑки клиенту. Входные данные: логин и количеÑтво дней на которое
+выпиÑываетÑÑ/продлÑетÑÑ Ð¿Ð¾Ð´Ð¿Ð¸Ñка, ( отÑчет идет от момента иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ñкрипта, еÑли
+подпиÑка еще Ð°ÐºÑ‚Ð¸Ð²Ð½Ð°Ñ Ñ‚Ð¾ продлÑетÑÑ Ð½Ð° N дней )'
+
+echo "Set user subscription"
+
+if [ $# -ne "2" ]; then
+ echo "Error! Need two parametrs login(email?) and count day's subscribtion"
+ exit 1
+fi
+
+result=$(mongo dapDb --eval "db.dap_users.find( { login : \"${1}\" } )" | wc -l)
+
+if [ $result -eq 2 ]; then
+ echo "Login not found in DataBase"
+ exit 2
+fi
+
+iso_date_expire=$(mongo dapDb --eval "db.dap_users.find( { login: \"${1}\" }, { expire_date : 1, _id : 0 } )" )
+iso_date_expire=$(echo $iso_date_expire | grep -E -o "ISODate.+)" | grep -E -o "[0-9]+.+Z")
+
+iso_date_expire_in_sec=$(date -d $iso_date_expire "+%s")
+now_date_in_sec=$(date "+%s")
+
+date_diff=`expr $iso_date_expire_in_sec - $now_date_in_sec`
+
+if [ $date_diff -lt 0 ]; then
+ result_date=$(date -u -d '+ '${2}' day' '+%Y-%m-%d %T')
+else
+ result_date=$(date -u -d "$iso_date_expire + ${2} day" "+%Y-%m-%d %T")
+fi
+
+mongo dapDb --eval "db.dap_users.update( { login : \"${1}\"}, { \$set: { expire_date : ISODate(\"${result_date}\") }} )"
+
+echo "Subscription update for client to: " $result_date
+
--
GitLab