-
Notifications
You must be signed in to change notification settings - Fork 531
Expand file tree
/
Copy pathscramUtils.ts
More file actions
60 lines (51 loc) · 1.76 KB
/
scramUtils.ts
File metadata and controls
60 lines (51 loc) · 1.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import { MqttClient, IClientOptions } from 'mqtt'
import { ScramAuth, ScramAlgorithm } from '@/utils/scramAuth'
export const setupScramAuth = async (
record: ConnectionModel,
options: IClientOptions,
): Promise<ScramAuth | undefined> => {
// Only work with MQTT 5.0
if (record.mqttVersion !== '5.0') {
return undefined
}
const authMethod = record.properties?.authenticationMethod
// Check if it's a supported SCRAM method
if (authMethod !== 'SCRAM-SHA-1' && authMethod !== 'SCRAM-SHA-256' && authMethod !== 'SCRAM-SHA-512') {
return undefined
}
try {
const scramAuth = new ScramAuth(record.username, record.password, authMethod as ScramAlgorithm)
const clientFirstData = scramAuth.clientFirst()
if (!options.properties) {
options.properties = {}
}
options.properties.authenticationMethod = authMethod
options.properties.authenticationData = clientFirstData
return scramAuth
} catch (error) {
return undefined
}
}
export const setupAuthHandler = (client: MqttClient, scramAuth: ScramAuth, authMethod: string): void => {
client.handleAuth = async (packet, callback) => {
try {
const serverAuthData = packet.properties?.authenticationData
if (!serverAuthData) {
callback(new Error('No authentication data from server'))
return
}
const clientFinalData = await scramAuth.clientFinal(serverAuthData)
const authResponse = {
cmd: 'auth' as const,
reasonCode: 0x18,
properties: {
authenticationMethod: authMethod,
authenticationData: clientFinalData,
},
}
callback(undefined, authResponse)
} catch (error) {
callback(error instanceof Error ? error : new Error('SCRAM authentication failed'))
}
}
}