PG: also tracelog error (if any)

author: Michael Krelin <hacker@klever.net> 2013-11-25 20:52:56 (UTC)
committer: Michael Krelin <hacker@klever.net> 2013-11-25 20:52:56 (UTC)
commit: fab898af773b3bbf28ed6c67c89b032d740d19f1 (patch) (unidiff)
tree: 0e7f59253d11556dcb29dc5372f7a77e91de086d
parent: 352f2216eec032efce4bdeddd2ffe5a9e326a99d (diff)
download: clipperz-fab898af773b3bbf28ed6c67c89b032d740d19f1.zip
clipperz-fab898af773b3bbf28ed6c67c89b032d740d19f1.tar.gz
clipperz-fab898af773b3bbf28ed6c67c89b032d740d19f1.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js
index 73af0a0..b98c00e 100644
--- a/backend/node/src/clipperz.js
+++ b/backend/node/src/clipperz.js
@@ -1,277 +1,277 @@
 var FS = require('fs');
 var CRYPTO = require('crypto');
 var BIGNUM = require('bignum');
 var ASYNC = require('async');
 var express_store = require('express').session.Store;
 function clipperz_hash(v) {
 return CRYPTO.createHash('sha256').update(
  CRYPTO.createHash('sha256').update(v).digest('binary')
 ).digest('hex');
 };
 function clipperz_random() {
 for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16));
 return r.substr(0,64);
 };
 function clipperz_store(PG) {
 var rv = function(o) { express_store.call(this,o); }
 rv.prototype.get = function(sid,cb) { PG.Q(
  "SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid],
  function(e,r) { cb(e,(e||!r.rowCount)?null:r.rows[0].s_data); }
 ) };
 rv.prototype.set = function(sid,data,cb) { PG.Q(
   "UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp"
  +" WHERE s_id=$2",[data,sid], function(e,r) {
   if(e) return cb(e);
   if(r.rowCount) return cb();
   PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,data],cb);
  }
 ) };
 rv.prototype.destroy = function(sid,cb) { PG.Q(
  "DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb
 ) };
 rv.prototype.length = function(cb) { PG.Q(
  "SELECT count(*) AS c FROM clipperz.thesession", function(e,r) {
     cb(e,e?null:r.rows[0].c);
  }
 ) };
 rv.prototype.length = function(cb) { PQ.Q(
  "DELETE FROM clipperz.thesession", cb
 ) };
 rv.prototype.__proto__ = express_store.prototype;
 return rv;
 }
 var srp_g = BIGNUM(2);
 var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16);
 var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00';
 var CLIPPERZ = module.exports = function(CONFIG) {
 var LOGGER = CONFIG.logger||{trace:function(){}};
 var PG = {
  url: CONFIG.psql,
  PG: require('pg').native,
  Q: function(q,a,cb) {
   if('function'===typeof a) cb=a,a=[];
   LOGGER.trace({query:q,args:a},'SQL: %s',q);
   PG.PG.connect(PG.url,function(e,C,D) {
        if(e) return cb(e);
        var t0=new Date();
        C.query(q,a,function(e,r) {
         var t1=new Date(), dt=t1-t0;
         D();
-         LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount},"SQL query '%s' took %dms",q,dt);
+         LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt);
         cb(e,r);
        });
   });
  },
  T: function(cb) {
   PG.PG.connect(PG.url,function(e,C,D) {
        if(e) return cb(e);
        C.query('BEGIN',function(e){
         if(e) return D(),cb(e);
         cb(null,{
          Q: function(q,a,cb) {
           LOGGER.trace({query:q,args:a},'SQL: %s',q);
           if(this.over) return cb(new Error('game over'));
           if('function'===typeof a) cb=a,a=[];
           var t0=new Date();
           C.query(q,a,function(e,r) {
                var t1=new Date(), dt=t1-t0;
-                LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount},"SQL query '%s' took %dms",q,dt);
+                LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt);
                cb(e,r);
           });
          },
          commit: function(cb) {
           LOGGER.trace('SQL: commit');
           if(this.over) return cb(new Error('game over'));
           return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)});
          },
          rollback: function(cb) {
           LOGGER.trace('SQL: rollback');
           if(this.over) return cb(new Error('game over'));
           return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)});
          },
          end: function(e,cb) {
           if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb);
           this.commit(cb);
          }
         });
        });
   });
  }
 };
 var rv = {
  json: function clipperz_json(req,res,cb) {
   var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters;
   var message = pp.message;
   var ppp = pp.parameters;
   res.res = function(o) { return res.json({result:o}) };
   LOGGER.trace({method:method,parameters:pp},"JSON request");
   switch(method) {
    case 'registration':
     switch(message) {
      case 'completeRegistration': return PG.Q(
        "INSERT INTO clipperz.theuser"
       +" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)"
       +" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)",
       [pp.credentials.C, pp.credentials.s, pp.credentials.v,
        pp.credentials.version,pp.user.header, pp.user.statistics,
        pp.user.version, pp.user.lock], function(e,r) {
        if(e) return cb(e);
        res.res({lock:pp.user.lock,result:'done'});
       });
     }
    break;
    case 'handshake':
     switch(message) {
      case 'connect': return ASYNC.auto({
       u: function(cb) { PG.Q(
        "SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1",
        [ppp.C], function(e,r) {
        if(e) return cb(e);
        if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123});
        cb(null,r.rows[0]);
       }) },
       otp: ['u',function(cb,r) {
        if(!req.session.otp) return cb();
        if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch'));
        PG.Q(
          "UPDATE clipperz.theotp AS otp"
         +" SET"
         +"  otps_id=CASE WHEN s.otps_code='REQUESTED' THEN ("
         +"   SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'"
         +"  ) ELSE otp.otps_id END,"
         +"  otp_utime=current_timestamp"
         +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
         +" WHERE"
         +"  o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id"
         +"  AND otp.otp_id=$1 AND otp.u_id=$2"
         +" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref",
         [ req.session.otp, req.session.u ],
         function(e,r) {
         if(e) return cb(e);
         if(!r.rowCount) return cb(new Error('no OTP found'));
         r=r.rows[0];
         if(!r.yes) return cb(new Error('OTP is in a sorry state'));
         cb(null,{ref:r.otp_ref});
        });
       }]
      },function(e,r) {
       if(e) return cb(e);
       req.session.C = ppp.C; req.session.A = ppp.A;
       req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v;
       req.session.u = r.u.u_id;
       req.session.b = clipperz_random();
       req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16);
       var rv = {s:req.session.s,B:req.session.B}
       if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref;
       res.res(rv);
      });
 
      case 'credentialCheck':
       var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10));
       var A = BIGNUM(req.session.A,16);
       var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(
                BIGNUM(req.session.b,16), srp_n);
       var K = clipperz_hash(S.toString(10));
       var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16));
       if(M1!=ppp.M1) return res.res({error:'?'});
       req.session.K = K;
       var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16));
       return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'});
      case 'oneTimePassword': return PG.Q(
        "UPDATE clipperz.theotp AS otp"
       +" SET"
       +"  otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE ("
       +"   SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE"
       +"    WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'"
       +"    ELSE 'DISABLED' END"
       +"  ) END,"
       +"  otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END,"
       +"  otp_utime = current_timestamp,"
       +"  otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END"
       +" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
       +" WHERE"
       +"  o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1"
       +" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version",
       [ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ],
       function(e,r) {
       if(e) return cb(e);
       if(!r.rowCount) return cb(new Error('OTP not found'));
       r=r.rows[0];
       if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum)
        return cb(new Error('OTP was disabled because of checksum mismatch'));
       if(r.otps_code!='ACTIVE')
        return cb(new Error("OTP wasn't active, sorry"));
       req.session.u=r.u_id; req.session.otp=r.otp_id;
       res.res({data:r.otp_data,version:r.otp_version});
      });
     }
    break;
    case 'message':
     if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"});
     if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'});
     switch(message) {
      case 'getUserDetails': return ASYNC.parallel({
       u: function(cb) {
        PG.Q("SELECT u_header::varchar,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1",
         [req.session.u],function(e,r) {
         if(e) return cb(e);
         if(!r.rowCount) return cb(new Error("user's gone AWOL"));
         cb(null,r.rows[0]);
        });
       },
       stats: function(cb) {
        PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1",
         [req.session.u],function(e,r) {
         if(e) return cb(e);
         cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{}));
        });
       }
      },function(e,r) {
       if(e) return cb(e);
       res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats});
      });
      case 'saveChanges': return PG.T(function(e,T) {
       if(e) return cb(e);
       ASYNC.auto({
        user: function(cb) {
         T.Q(
           "UPDATE clipperz.theuser"
          +" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)"
          +" WHERE u_id=$5"
          +" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock||null,req.session.u],
          function(e,r) {
          if(e) return cb(e);
          if(!r.rowCount) return cb(new Error("user's gone AWOL"));
          cb(null,r.rows[0]);
         });
        },
        updaterecords: function(cb) {
         if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb();
         ASYNC.each(ppp.records.updated,function(r,cb) {
          ASYNC.auto({
           updater: function(cb) {
            T.Q(
              "UPDATE clipperz.therecord"
             +" SET r_data=$2, r_version=$3, r_mtime=current_timestamp"
             +" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id",
             [r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) {
             if(e) return cb(e);
             return cb(null,r.rows.length?r.rows[0]:null);
            });
           },
           insertr: ['updater',function(cb,rr) {
author	Michael Krelin <hacker@klever.net>	2013-11-25 20:52:56 (UTC)
committer	Michael Krelin <hacker@klever.net>	2013-11-25 20:52:56 (UTC)
commit	fab898af773b3bbf28ed6c67c89b032d740d19f1 (patch) (unidiff)
tree	0e7f59253d11556dcb29dc5372f7a77e91de086d
parent	352f2216eec032efce4bdeddd2ffe5a9e326a99d (diff)
download	clipperz-fab898af773b3bbf28ed6c67c89b032d740d19f1.zip clipperz-fab898af773b3bbf28ed6c67c89b032d740d19f1.tar.gz clipperz-fab898af773b3bbf28ed6c67c89b032d740d19f1.tar.bz2

diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js index 73af0a0..b98c00e 100644 --- a/backend/node/src/clipperz.js +++ b/backend/node/src/clipperz.js
@@ -1,277 +1,277 @@
1	var FS = require('fs');	1	var FS = require('fs');
2	var CRYPTO = require('crypto');	2	var CRYPTO = require('crypto');
3	var BIGNUM = require('bignum');	3	var BIGNUM = require('bignum');
4	var ASYNC = require('async');	4	var ASYNC = require('async');
5		5
6	var express_store = require('express').session.Store;	6	var express_store = require('express').session.Store;
7		7
8	function clipperz_hash(v) {	8	function clipperz_hash(v) {
9	return CRYPTO.createHash('sha256').update(	9	return CRYPTO.createHash('sha256').update(
10	CRYPTO.createHash('sha256').update(v).digest('binary')	10	CRYPTO.createHash('sha256').update(v).digest('binary')
11	).digest('hex');	11	).digest('hex');
12	};	12	};
13	function clipperz_random() {	13	function clipperz_random() {
14	for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16));	14	for(var r = '';r.length<64;r+=''+BIGNUM(Math.floor(Math.random()*1e18)).toString(16));
15	return r.substr(0,64);	15	return r.substr(0,64);
16	};	16	};
17	function clipperz_store(PG) {	17	function clipperz_store(PG) {
18	var rv = function(o) { express_store.call(this,o); }	18	var rv = function(o) { express_store.call(this,o); }
19	rv.prototype.get = function(sid,cb) { PG.Q(	19	rv.prototype.get = function(sid,cb) { PG.Q(
20	"SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid],	20	"SELECT s_data FROM clipperz.thesession WHERE s_id=$1",[sid],
21	function(e,r) { cb(e,(e\|\|!r.rowCount)?null:r.rows[0].s_data); }	21	function(e,r) { cb(e,(e\|\|!r.rowCount)?null:r.rows[0].s_data); }
22	) };	22	) };
23	rv.prototype.set = function(sid,data,cb) { PG.Q(	23	rv.prototype.set = function(sid,data,cb) { PG.Q(
24	"UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp"	24	"UPDATE clipperz.thesession SET s_data=$1, s_mtime=current_timestamp"
25	+" WHERE s_id=$2",[data,sid], function(e,r) {	25	+" WHERE s_id=$2",[data,sid], function(e,r) {
26	if(e) return cb(e);	26	if(e) return cb(e);
27	if(r.rowCount) return cb();	27	if(r.rowCount) return cb();
28	PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,data],cb);	28	PG.Q("INSERT INTO clipperz.thesession (s_id,s_data) VALUES ($1,$2)",[sid,data],cb);
29	}	29	}
30	) };	30	) };
31	rv.prototype.destroy = function(sid,cb) { PG.Q(	31	rv.prototype.destroy = function(sid,cb) { PG.Q(
32	"DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb	32	"DELETE FROM clipperz.thesession WHERE s_id=$1",[sid],cb
33	) };	33	) };
34	rv.prototype.length = function(cb) { PG.Q(	34	rv.prototype.length = function(cb) { PG.Q(
35	"SELECT count(*) AS c FROM clipperz.thesession", function(e,r) {	35	"SELECT count(*) AS c FROM clipperz.thesession", function(e,r) {
36	cb(e,e?null:r.rows[0].c);	36	cb(e,e?null:r.rows[0].c);
37	}	37	}
38	) };	38	) };
39	rv.prototype.length = function(cb) { PQ.Q(	39	rv.prototype.length = function(cb) { PQ.Q(
40	"DELETE FROM clipperz.thesession", cb	40	"DELETE FROM clipperz.thesession", cb
41	) };	41	) };
42	rv.prototype.__proto__ = express_store.prototype;	42	rv.prototype.__proto__ = express_store.prototype;
43	return rv;	43	return rv;
44	}	44	}
45		45
46	var srp_g = BIGNUM(2);	46	var srp_g = BIGNUM(2);
47	var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16);	47	var srp_n = BIGNUM("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3",16);
48	var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00';	48	var n123 = '112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00';
49		49
50		50
51	var CLIPPERZ = module.exports = function(CONFIG) {	51	var CLIPPERZ = module.exports = function(CONFIG) {
52		52
53	var LOGGER = CONFIG.logger\|\|{trace:function(){}};	53	var LOGGER = CONFIG.logger\|\|{trace:function(){}};
54		54
55	var PG = {	55	var PG = {
56	url: CONFIG.psql,	56	url: CONFIG.psql,
57	PG: require('pg').native,	57	PG: require('pg').native,
58	Q: function(q,a,cb) {	58	Q: function(q,a,cb) {
59	if('function'===typeof a) cb=a,a=[];	59	if('function'===typeof a) cb=a,a=[];
60	LOGGER.trace({query:q,args:a},'SQL: %s',q);	60	LOGGER.trace({query:q,args:a},'SQL: %s',q);
61	PG.PG.connect(PG.url,function(e,C,D) {	61	PG.PG.connect(PG.url,function(e,C,D) {
62	if(e) return cb(e);	62	if(e) return cb(e);
63	var t0=new Date();	63	var t0=new Date();
64	C.query(q,a,function(e,r) {	64	C.query(q,a,function(e,r) {
65	var t1=new Date(), dt=t1-t0;	65	var t1=new Date(), dt=t1-t0;
66	D();	66	D();
67	LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount},"SQL query '%s' took %dms",q,dt);	67	LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt);
68	cb(e,r);	68	cb(e,r);
69	});	69	});
70	});	70	});
71	},	71	},
72	T: function(cb) {	72	T: function(cb) {
73	PG.PG.connect(PG.url,function(e,C,D) {	73	PG.PG.connect(PG.url,function(e,C,D) {
74	if(e) return cb(e);	74	if(e) return cb(e);
75	C.query('BEGIN',function(e){	75	C.query('BEGIN',function(e){
76	if(e) return D(),cb(e);	76	if(e) return D(),cb(e);
77	cb(null,{	77	cb(null,{
78	Q: function(q,a,cb) {	78	Q: function(q,a,cb) {
79	LOGGER.trace({query:q,args:a},'SQL: %s',q);	79	LOGGER.trace({query:q,args:a},'SQL: %s',q);
80	if(this.over) return cb(new Error('game over'));	80	if(this.over) return cb(new Error('game over'));
81	if('function'===typeof a) cb=a,a=[];	81	if('function'===typeof a) cb=a,a=[];
82	var t0=new Date();	82	var t0=new Date();
83	C.query(q,a,function(e,r) {	83	C.query(q,a,function(e,r) {
84	var t1=new Date(), dt=t1-t0;	84	var t1=new Date(), dt=t1-t0;
85	LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount},"SQL query '%s' took %dms",q,dt);	85	LOGGER.trace({query:q,args:a,ms:dt,rows:r&&r.rowCount,err:e},"SQL query '%s' took %dms",q,dt);
86	cb(e,r);	86	cb(e,r);
87	});	87	});
88	},	88	},
89	commit: function(cb) {	89	commit: function(cb) {
90	LOGGER.trace('SQL: commit');	90	LOGGER.trace('SQL: commit');
91	if(this.over) return cb(new Error('game over'));	91	if(this.over) return cb(new Error('game over'));
92	return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)});	92	return (this.over=true),C.query('COMMIT',function(e){D();cb&&cb(e)});
93	},	93	},
94	rollback: function(cb) {	94	rollback: function(cb) {
95	LOGGER.trace('SQL: rollback');	95	LOGGER.trace('SQL: rollback');
96	if(this.over) return cb(new Error('game over'));	96	if(this.over) return cb(new Error('game over'));
97	return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)});	97	return (this.over=true),C.query('ROLLBACK',function(e){D();cb&&cb(e)});
98	},	98	},
99	end: function(e,cb) {	99	end: function(e,cb) {
100	if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb);	100	if(e) return LOGGER.trace(e,"rolling back transaction due to an error"),this.rollback(cb);
101	this.commit(cb);	101	this.commit(cb);
102	}	102	}
103	});	103	});
104	});	104	});
105	});	105	});
106	}	106	}
107	};	107	};
108		108
109		109
110	var rv = {	110	var rv = {
111		111
112	json: function clipperz_json(req,res,cb) {	112	json: function clipperz_json(req,res,cb) {
113	var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters;	113	var method = req.body.method, pp = JSON.parse(req.body.parameters).parameters;
114	var message = pp.message;	114	var message = pp.message;
115	var ppp = pp.parameters;	115	var ppp = pp.parameters;
116	res.res = function(o) { return res.json({result:o}) };	116	res.res = function(o) { return res.json({result:o}) };
117	LOGGER.trace({method:method,parameters:pp},"JSON request");	117	LOGGER.trace({method:method,parameters:pp},"JSON request");
118		118
119	switch(method) {	119	switch(method) {
120	case 'registration':	120	case 'registration':
121	switch(message) {	121	switch(message) {
122	case 'completeRegistration': return PG.Q(	122	case 'completeRegistration': return PG.Q(
123	"INSERT INTO clipperz.theuser"	123	"INSERT INTO clipperz.theuser"
124	+" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)"	124	+" (u_name, u_srp_s,u_srp_v, u_authversion,u_header,u_statistics,u_version,u_lock)"
125	+" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)",	125	+" VALUES ($1, $2,$3, $4,$5,$6,$7,$8)",
126	[pp.credentials.C, pp.credentials.s, pp.credentials.v,	126	[pp.credentials.C, pp.credentials.s, pp.credentials.v,
127	pp.credentials.version,pp.user.header, pp.user.statistics,	127	pp.credentials.version,pp.user.header, pp.user.statistics,
128	pp.user.version, pp.user.lock], function(e,r) {	128	pp.user.version, pp.user.lock], function(e,r) {
129	if(e) return cb(e);	129	if(e) return cb(e);
130	res.res({lock:pp.user.lock,result:'done'});	130	res.res({lock:pp.user.lock,result:'done'});
131	});	131	});
132	}	132	}
133	break;	133	break;
134		134
135	case 'handshake':	135	case 'handshake':
136	switch(message) {	136	switch(message) {
137	case 'connect': return ASYNC.auto({	137	case 'connect': return ASYNC.auto({
138	u: function(cb) { PG.Q(	138	u: function(cb) { PG.Q(
139	"SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1",	139	"SELECT u_id, u_srp_s, u_srp_v FROM clipperz.theuser WHERE u_name=$1",
140	[ppp.C], function(e,r) {	140	[ppp.C], function(e,r) {
141	if(e) return cb(e);	141	if(e) return cb(e);
142	if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123});	142	if(!r.rowCount) return cb(null,{u_id:null,u_srp_s:n123,u_srp_v:n123});
143	cb(null,r.rows[0]);	143	cb(null,r.rows[0]);
144	}) },	144	}) },
145	otp: ['u',function(cb,r) {	145	otp: ['u',function(cb,r) {
146	if(!req.session.otp) return cb();	146	if(!req.session.otp) return cb();
147	if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch'));	147	if(req.session.u!=r.u.u_id) return cb(new Error('user/OTP mismatch'));
148	PG.Q(	148	PG.Q(
149	"UPDATE clipperz.theotp AS otp"	149	"UPDATE clipperz.theotp AS otp"
150	+" SET"	150	+" SET"
151	+" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN ("	151	+" otps_id=CASE WHEN s.otps_code='REQUESTED' THEN ("
152	+" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'"	152	+" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code='USED'"
153	+" ) ELSE otp.otps_id END,"	153	+" ) ELSE otp.otps_id END,"
154	+" otp_utime=current_timestamp"	154	+" otp_utime=current_timestamp"
155	+" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"	155	+" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
156	+" WHERE"	156	+" WHERE"
157	+" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id"	157	+" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id"
158	+" AND otp.otp_id=$1 AND otp.u_id=$2"	158	+" AND otp.otp_id=$1 AND otp.u_id=$2"
159	+" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref",	159	+" RETURNING o.otps_id!=otp.otps_id AS yes, o.otp_ref",
160	[ req.session.otp, req.session.u ],	160	[ req.session.otp, req.session.u ],
161	function(e,r) {	161	function(e,r) {
162	if(e) return cb(e);	162	if(e) return cb(e);
163	if(!r.rowCount) return cb(new Error('no OTP found'));	163	if(!r.rowCount) return cb(new Error('no OTP found'));
164	r=r.rows[0];	164	r=r.rows[0];
165	if(!r.yes) return cb(new Error('OTP is in a sorry state'));	165	if(!r.yes) return cb(new Error('OTP is in a sorry state'));
166	cb(null,{ref:r.otp_ref});	166	cb(null,{ref:r.otp_ref});
167	});	167	});
168	}]	168	}]
169	},function(e,r) {	169	},function(e,r) {
170	if(e) return cb(e);	170	if(e) return cb(e);
171	req.session.C = ppp.C; req.session.A = ppp.A;	171	req.session.C = ppp.C; req.session.A = ppp.A;
172	req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v;	172	req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v;
173	req.session.u = r.u.u_id;	173	req.session.u = r.u.u_id;
174	req.session.b = clipperz_random();	174	req.session.b = clipperz_random();
175	req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16);	175	req.session.B = BIGNUM(req.session.v,16).add(srp_g.powm(BIGNUM(req.session.b,16),srp_n)).toString(16);
176	var rv = {s:req.session.s,B:req.session.B}	176	var rv = {s:req.session.s,B:req.session.B}
177	if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref;	177	if(r.otp && r.otp.otp_ref) rv.oneTimePassword=r.otp.otp_ref;
178	res.res(rv);	178	res.res(rv);
179	});	179	});
180		180
181	case 'credentialCheck':	181	case 'credentialCheck':
182	var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10));	182	var u = clipperz_hash(BIGNUM(req.session.B,16).toString(10));
183	var A = BIGNUM(req.session.A,16);	183	var A = BIGNUM(req.session.A,16);
184	var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(	184	var S = A.mul(BIGNUM(req.session.v,16).powm(BIGNUM(u,16),srp_n)).powm(
185	BIGNUM(req.session.b,16), srp_n);	185	BIGNUM(req.session.b,16), srp_n);
186	var K = clipperz_hash(S.toString(10));	186	var K = clipperz_hash(S.toString(10));
187	var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16));	187	var M1 = clipperz_hash(A.toString(10)+BIGNUM(req.session.B,16).toString(10)+K.toString(16));
188	if(M1!=ppp.M1) return res.res({error:'?'});	188	if(M1!=ppp.M1) return res.res({error:'?'});
189	req.session.K = K;	189	req.session.K = K;
190	var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16));	190	var M2 = clipperz_hash(A.toString(10)+M1+K.toString(16));
191	return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'});	191	return res.res({M2:M2,connectionId:'',loginInfo:{latest:{},current:{}},offlineCopyNeeded:false,lock:'----'});
192		192
193	case 'oneTimePassword': return PG.Q(	193	case 'oneTimePassword': return PG.Q(
194	"UPDATE clipperz.theotp AS otp"	194	"UPDATE clipperz.theotp AS otp"
195	+" SET"	195	+" SET"
196	+" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE ("	196	+" otps_id = CASE WHEN s.otps_code!='ACTIVE' THEN s.otps_id ELSE ("
197	+" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE"	197	+" SELECT ss.otps_id FROM clipperz.otpstatus AS ss WHERE ss.otps_code=CASE"
198	+" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'"	198	+" WHEN otp.otp_key_checksum=$2 THEN 'REQUESTED'"
199	+" ELSE 'DISABLED' END"	199	+" ELSE 'DISABLED' END"
200	+" ) END,"	200	+" ) END,"
201	+" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END,"	201	+" otp_data = CASE WHEN s.otps_code='ACTIVE' THEN '' ELSE otp.otp_data END,"
202	+" otp_utime = current_timestamp,"	202	+" otp_utime = current_timestamp,"
203	+" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END"	203	+" otp_rtime = CASE WHEN otp.otp_key_checksum=$2 THEN current_timestamp ELSE otp.otp_rtime END"
204	+" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"	204	+" FROM clipperz.otpstatus AS s, clipperz.theotp AS o"
205	+" WHERE"	205	+" WHERE"
206	+" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1"	206	+" o.otp_id=otp.otp_id AND otp.otps_id=s.otps_id AND otp.otp_key=$1"
207	+" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version",	207	+" RETURNING otp.u_id, s.otps_code, otp.otp_id, otp.otp_key_checksum, o.otp_data, otp.otp_version",
208	[ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ],	208	[ ppp.oneTimePasswordKey, ppp.oneTimePasswordKeyChecksum ],
209	function(e,r) {	209	function(e,r) {
210	if(e) return cb(e);	210	if(e) return cb(e);
211	if(!r.rowCount) return cb(new Error('OTP not found'));	211	if(!r.rowCount) return cb(new Error('OTP not found'));
212	r=r.rows[0];	212	r=r.rows[0];
213	if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum)	213	if(r.otp_key_checksum!=ppp.oneTimePasswordKeyChecksum)
214	return cb(new Error('OTP was disabled because of checksum mismatch'));	214	return cb(new Error('OTP was disabled because of checksum mismatch'));
215	if(r.otps_code!='ACTIVE')	215	if(r.otps_code!='ACTIVE')
216	return cb(new Error("OTP wasn't active, sorry"));	216	return cb(new Error("OTP wasn't active, sorry"));
217	req.session.u=r.u_id; req.session.otp=r.otp_id;	217	req.session.u=r.u_id; req.session.otp=r.otp_id;
218	res.res({data:r.otp_data,version:r.otp_version});	218	res.res({data:r.otp_data,version:r.otp_version});
219	});	219	});
220	}	220	}
221	break;	221	break;
222		222
223	case 'message':	223	case 'message':
224	if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"});	224	if(!req.session.K) return res.res({result:'EXCEPTION',message:"effectively, we're missing a aconnection"});
225	if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'});	225	if(req.session.K!=pp.srpSharedSecret) return res.res({error:'Wrong shared secret!'});
226	switch(message) {	226	switch(message) {
227	case 'getUserDetails': return ASYNC.parallel({	227	case 'getUserDetails': return ASYNC.parallel({
228	u: function(cb) {	228	u: function(cb) {
229	PG.Q("SELECT u_header::varchar,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1",	229	PG.Q("SELECT u_header::varchar,u_statistics,u_version FROM clipperz.theuser WHERE u_id=$1",
230	[req.session.u],function(e,r) {	230	[req.session.u],function(e,r) {
231	if(e) return cb(e);	231	if(e) return cb(e);
232	if(!r.rowCount) return cb(new Error("user's gone AWOL"));	232	if(!r.rowCount) return cb(new Error("user's gone AWOL"));
233	cb(null,r.rows[0]);	233	cb(null,r.rows[0]);
234	});	234	});
235	},	235	},
236	stats: function(cb) {	236	stats: function(cb) {
237	PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1",	237	PG.Q("SELECT r_ref,r_mtime FROM clipperz.therecord WHERE u_id=$1",
238	[req.session.u],function(e,r) {	238	[req.session.u],function(e,r) {
239	if(e) return cb(e);	239	if(e) return cb(e);
240	cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{}));	240	cb(null,r.rows.reduce(function(p,r){p[r.r_ref]={updateDate:r.r_mtime};return p},{}));
241	});	241	});
242	}	242	}
243	},function(e,r) {	243	},function(e,r) {
244	if(e) return cb(e);	244	if(e) return cb(e);
245	res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats});	245	res.res({header:r.u.u_header,statistics:r.u.u_statistics,version:r.u.u_version,recordsStats:r.stats});
246	});	246	});
247		247
248	case 'saveChanges': return PG.T(function(e,T) {	248	case 'saveChanges': return PG.T(function(e,T) {
249	if(e) return cb(e);	249	if(e) return cb(e);
250	ASYNC.auto({	250	ASYNC.auto({
251	user: function(cb) {	251	user: function(cb) {
252	T.Q(	252	T.Q(
253	"UPDATE clipperz.theuser"	253	"UPDATE clipperz.theuser"
254	+" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)"	254	+" SET u_header=$1, u_statistics=$2, u_version=$3, u_lock=COALESCE($4,u_lock)"
255	+" WHERE u_id=$5"	255	+" WHERE u_id=$5"
256	+" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock\|\|null,req.session.u],	256	+" RETURNING u_lock",[ppp.user.header,ppp.user.statistics,ppp.user.version,ppp.user.lock\|\|null,req.session.u],
257	function(e,r) {	257	function(e,r) {
258	if(e) return cb(e);	258	if(e) return cb(e);
259	if(!r.rowCount) return cb(new Error("user's gone AWOL"));	259	if(!r.rowCount) return cb(new Error("user's gone AWOL"));
260	cb(null,r.rows[0]);	260	cb(null,r.rows[0]);
261	});	261	});
262	},	262	},
263	updaterecords: function(cb) {	263	updaterecords: function(cb) {
264	if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb();	264	if(!(ppp.records && ppp.records.updated && ppp.records.updated.length)) return cb();
265	ASYNC.each(ppp.records.updated,function(r,cb) {	265	ASYNC.each(ppp.records.updated,function(r,cb) {
266	ASYNC.auto({	266	ASYNC.auto({
267	updater: function(cb) {	267	updater: function(cb) {
268	T.Q(	268	T.Q(
269	"UPDATE clipperz.therecord"	269	"UPDATE clipperz.therecord"
270	+" SET r_data=$2, r_version=$3, r_mtime=current_timestamp"	270	+" SET r_data=$2, r_version=$3, r_mtime=current_timestamp"
271	+" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id",	271	+" WHERE r_ref=$1 AND u_id=$4 RETURNING r_id",
272	[r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) {	272	[r.record.reference,r.record.data,r.record.version,req.session.u], function(e,r) {
273	if(e) return cb(e);	273	if(e) return cb(e);
274	return cb(null,r.rows.length?r.rows[0]:null);	274	return cb(null,r.rows.length?r.rows[0]:null);
275	});	275	});
276	},	276	},
277	insertr: ['updater',function(cb,rr) {	277	insertr: ['updater',function(cb,rr) {