From 3747b3081f16e462b00df8db511103b3c9037d33 Mon Sep 17 00:00:00 2001 From: Marc Stirner Date: Thu, 27 Mar 2025 13:47:34 +0100 Subject: [PATCH 1/5] fix #522 --- components/mdns/message-handler.js | 27 ++++++++++++++++++++++++++- components/ssdp/message-handler.js | 24 +++++++++++++++++++++++- 2 files changed, 49 insertions(+), 2 deletions(-) diff --git a/components/mdns/message-handler.js b/components/mdns/message-handler.js index 20d3dcc..3591958 100644 --- a/components/mdns/message-handler.js +++ b/components/mdns/message-handler.js @@ -14,8 +14,11 @@ module.exports = (scope) => { }); + console.log("match", matchCallbacks, matchCallbacks.indexOf()); + + // listen for newly added items - scope.events.on("added", ({ name, type, _matches }) => { + scope.events.on("add", ({ name, type, _matches }) => { matchCallbacks.push({ name, type, @@ -24,6 +27,28 @@ module.exports = (scope) => { }); + // liste for removed items + scope.events.on("remove", ({ name, type }) => { + try { + + let item = matchCallbacks.find((item) => { + return item.name === name && item.type === type; + }); + + let index = matchCallbacks.indexOf(item); + + if (index !== -1) { + matchCallbacks.splice(index, 1); + } + + } catch (err) { + + logger.error(err, "Could not remove matchCallback"); + + } + }); + + scope.events.on("connected", (ws) => { let questions = scope.items.map(({ type, name }) => { diff --git a/components/ssdp/message-handler.js b/components/ssdp/message-handler.js index 2287895..64bf4e4 100644 --- a/components/ssdp/message-handler.js +++ b/components/ssdp/message-handler.js @@ -24,7 +24,7 @@ module.exports = (scope) => { // listen for newly added items //scope.events.on("added", ({ nt, usn, _matches, headers }) => { - scope.events.on("added", ({ nt, usn, _matches }) => { + scope.events.on("add", ({ nt, usn, _matches }) => { matchCallbacks.push({ nt, usn, @@ -37,6 +37,28 @@ module.exports = (scope) => { }); + // liste for removed items + scope.events.on("remove", ({ name, type }) => { + try { + + let item = matchCallbacks.find((item) => { + return item.name === name && item.type === type; + }); + + let index = matchCallbacks.indexOf(item); + + if (index !== -1) { + matchCallbacks.splice(index, 1); + } + + } catch (err) { + + logger.error(err, "Could not remove matchCallback"); + + } + }); + + scope.events.on("message", (type, headers, description) => { // feedback From fd74e99f7684628b98845969ac40a34aeee93299 Mon Sep 17 00:00:00 2001 From: Marc Stirner Date: Thu, 27 Mar 2025 14:26:00 +0100 Subject: [PATCH 2/5] fix #523 --- components/scenes/index.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/components/scenes/index.js b/components/scenes/index.js index ebe5676..9602b6b 100644 --- a/components/scenes/index.js +++ b/components/scenes/index.js @@ -39,7 +39,15 @@ class C_SCENES extends COMPONENT { // fix #390 data.triggers.forEach((trigger, i, arr) => { if (!(trigger instanceof Trigger)) { + arr[i] = new Trigger(trigger); + + // data = scene item instance + // same handling as in class.scene.js + arr[i].signal.on("fire", () => { + data.trigger(); + }); + } }); From db7e754ff48e7f57c84b4a5b98305d42280df11d Mon Sep 17 00:00:00 2001 From: Marc Stirner Date: Thu, 27 Mar 2025 15:16:36 +0100 Subject: [PATCH 3/5] `console.log` removed --- components/mdns/message-handler.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/components/mdns/message-handler.js b/components/mdns/message-handler.js index 3591958..9dcf480 100644 --- a/components/mdns/message-handler.js +++ b/components/mdns/message-handler.js @@ -14,9 +14,6 @@ module.exports = (scope) => { }); - console.log("match", matchCallbacks, matchCallbacks.indexOf()); - - // listen for newly added items scope.events.on("add", ({ name, type, _matches }) => { matchCallbacks.push({ From 9ef8cd84226c4a5e047c8f1c7fedeb39f8130ddb Mon Sep 17 00:00:00 2001 From: Marc Stirner Date: Fri, 28 Mar 2025 13:39:24 +0100 Subject: [PATCH 4/5] logging improved --- routes/auth-handler.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/routes/auth-handler.js b/routes/auth-handler.js index 449799f..7e89741 100644 --- a/routes/auth-handler.js +++ b/routes/auth-handler.js @@ -2,6 +2,8 @@ const jwt = require("jsonwebtoken"); module.exports = (C_USERS, router) => { + const { logger } = C_USERS; + // check if the request came from the same machine // either via reverse proxy or socket // if it came via unix socket, handle the request as authentciated @@ -57,6 +59,7 @@ module.exports = (C_USERS, router) => { }, (err, decoded) => { if (err) { + logger.error(err); res.status(401).end(); } else { From 3d3925ac45e82fec97cb318421ac035649894685 Mon Sep 17 00:00:00 2001 From: Marc Stirner Date: Fri, 28 Mar 2025 13:39:55 +0100 Subject: [PATCH 5/5] fix #541 --- routes/router.auth.js | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/routes/router.auth.js b/routes/router.auth.js index 6c3f485..e66a6aa 100644 --- a/routes/router.auth.js +++ b/routes/router.auth.js @@ -1,9 +1,10 @@ const jwt = require("jsonwebtoken"); const C_USERS = require("../components/users"); +const { logger } = C_USERS; module.exports = (app, router) => { - router.get("/", (req, res) => { + router.get("/check", (req, res) => { if (process.env.API_AUTH_ENABLED === "true") { // override header header token with query token @@ -79,32 +80,45 @@ module.exports = (app, router) => { router.post("/logout", (req, res) => { if (req.headers["x-auth-token"]) { - let decoded = jwt.decode(req.headers["x-auth-token"]); - - if (!decoded.uuid || decoded.uuid !== process.env.UUID) { - res.status(401).end(); - return; - } - - C_USERS.logout(decoded.email, (err, user, success) => { + // TODO: use jwt.verify() instead, otherwise you could trigger a logout for any other user + //let decoded = jwt.decode(req.headers["x-auth-token"]); + jwt.verify(req.headers["x-auth-token"], process.env.USERS_JWT_SECRET, { + algorithms: [process.env.USERS_JWT_ALGORITHM] + }, (err, decoded) => { if (err) { + logger.error(err); res.status(401).end(); } else { - if (!user) { + if (!decoded.uuid || decoded.uuid !== process.env.UUID) { res.status(401).end(); return; } - res.status(200).json({ - success + // NOTE: could this a security risk? + C_USERS.logout(decoded.email, (err, user, success) => { + if (err) { + + res.status(401).end(); + + } else { + + if (!user) { + res.status(401).end(); + return; + } + + res.status(200).json({ + success + }); + + } }); } }); - } else { res.status(401).end();