User consent for model training (#4)

* Removed older 2fa/oauth code in favour of reworking * add user settings, add checkbox to share data on /useradmin/overview page * Add settings api, update models
2022-05-01 23:17:00 +01:00 · 2022-05-01 23:17:00 +01:00 · cfa853fd15
parent 6f0b627a61
commit cfa853fd15
20 changed files with 2190 additions and 473 deletions
--- a/copy.sample
+++ b/copy.sample
@ -0,0 +1,50 @@
+NODE_ENV=development
+APP_SALT=RANDOM_SEED
+LOG_LEVEL=debug
+
+DB_NAME=retro-pilot
+DB_USER=root
+DB_PASS=root
+# If using docker compose, this should match the container service name
+DB_HOST=localhost
+DB_PORT=5432
+# Whether or not to DROP all tables and recreate to match the current models
+DB_FORCE_SYNC=false
+
+ALLOW_REGISTRATION=true
+AUTH_2FA_ISSUER=RetroPilot
+
+HTTP_INTERFACE=0.0.0.0
+HTTP_PORT=8080
+
+# Set to false to skip sending mail, all attempted mail is logged under DEBUG
+CAN_SEND_MAIL=false
+# credentials for smtp server to send account registration mails. if not filled in, get the generated tokens from the server.log manually
+SMTP_HOST="localhost"
+SMTP_PORT=25
+SMTP_USER=root
+SMTP_PASS=
+SMTP_FROM="no-reply@retropilot.org"
+
+# base url of the retropilot server
+BASE_URL="http://192.168.1.165:8080/"
+# base url sent to devices for POSTing drives & logs
+BASE_UPLOAD_URL="http://192.168.1.165:8080/backend/post_upload"
+# base download url for drive & log data
+BASE_DRIVE_DOWNLOAD_URL="http://192.168.1.165:8080/realdata/"
+# path mapping of above download url for expressjs, prefix with "/"
+BASE_DRIVE_DOWNLOAD_PATH_MAPPING="/realdata"
+# relative or absolute ( "/..." for absolute path )
+STORAGE_PATH="realdata/"
+
+CABANA_URL="http://192.168.1.165:8080/cabana/index.html"
+
+DEVICE_STORAGE_QUOTA_MB=200000
+DEVICE_EXPIRATION_DAYS=30
+
+WELCOME_MESSAGE="<><><><><><><><><><><><><><><><><><><><><><><br>2022 RetroPilot"
+
+USE_USER_ADMIN_API=0
+
+CLIENT_SOCKET_PORT=81
+CLIENT_SOCKET_HOST="0.0.0.0"
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -49,6 +49,7 @@
    "sanitize": "^2.1.0",
    "sequelize": "^6.17.0",
    "simple-oauth2": "^4.3.0",
+    "spm-agent-nodejs": "^4.1.4",
    "sqlite": "^4.0.25",
    "sqlite3": "^5.0.2",
    "supertest": "^6.2.2",
--- a/src/models/accounts.model.js
+++ b/src/models/accounts.model.js
@ -45,6 +45,11 @@ const Accounts = sequelize.define('accounts', {
    allowNull: true,
    type: DataTypes.BOOLEAN,
  },
+  research_enabled: {
+    allowNull: false,
+    type: DataTypes.BOOLEAN,
+    defaultValue: false,
+  },
 }, {
  timestamps: false,
 });
--- a/src/models/athena_action_log.model.js
+++ b/src/models/athena_action_log.model.js
@ -1,48 +0,0 @@
-import { DataTypes } from 'sequelize';
-
-import sequelize from './orm';
-
-const AthenaActionLog = sequelize.define('athena_action_log', {
-  id: {
-    allowNull: false,
-    autoIncrement: true,
-    primaryKey: true,
-    type: DataTypes.INTEGER,
-  },
-  account_id: {
-    allowNull: true,
-    type: DataTypes.INTEGER,
-  },
-  device_id: {
-    allowNull: true,
-    type: DataTypes.INTEGER,
-  },
-  action: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  user_ip: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  device_ip: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  meta: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  created_at: {
-    allowNull: true,
-    type: DataTypes.BIGINT,
-  },
-  dongle_id: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-}, {
-  timestamps: false,
-});
-
-export default AthenaActionLog;
--- a/src/models/athena_returned_data.model.js
+++ b/src/models/athena_returned_data.model.js
@ -1,40 +0,0 @@
-import { DataTypes } from 'sequelize';
-
-import sequelize from './orm';
-
-const AthenaReturnedData = sequelize.define('athena_returned_data', {
-  id: {
-    allowNull: false,
-    autoIncrement: true,
-    primaryKey: true,
-    type: DataTypes.INTEGER,
-  },
-  device_id: {
-    allowNull: true,
-    type: DataTypes.INTEGER,
-  },
-  type: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  data: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  created_at: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  uuid: {
-    allowNull: false,
-    type: DataTypes.TEXT,
-  },
-  resolved_at: {
-    allowNull: true,
-    type: DataTypes.INTEGER,
-  },
-}, {
-  timestamps: false,
-});
-
-export default AthenaReturnedData;
--- a/src/models/device_authorised_users.model.js
+++ b/src/models/device_authorised_users.model.js
@ -1,40 +0,0 @@
-import { DataTypes } from 'sequelize';
-
-import sequelize from './orm';
-
-const DeviceAuthorisedUsers = sequelize.define('device_authorised_users', {
-  id: {
-    allowNull: false,
-    autoIncrement: true,
-    primaryKey: true,
-    type: DataTypes.INTEGER,
-  },
-  account_id: {
-    allowNull: false,
-    type: DataTypes.INTEGER,
-  },
-  device_id: {
-    allowNull: true,
-    type: DataTypes.INTEGER,
-  },
-  athena: {
-    allowNull: true,
-    type: DataTypes.BOOLEAN,
-  },
-  unpair: {
-    allowNull: true,
-    type: DataTypes.BOOLEAN,
-  },
-  view_drives: {
-    allowNull: true,
-    type: DataTypes.BOOLEAN,
-  },
-  created_at: {
-    allowNull: true,
-    type: DataTypes.BIGINT,
-  },
-}, {
-  timestamps: false,
-});
-
-export default DeviceAuthorisedUsers;
--- a/src/models/index.js
+++ b/src/models/index.js
@ -1,23 +1,15 @@
 import Accounts from './accounts.model';
-import AthenaActionLog from './athena_action_log.model';
-import AthenaReturnedData from './athena_returned_data.model';
-import DeviceAuthorisedUsers from './device_authorised_users.model';
 import Devices from './devices.model';
 import DriveSegments from './drive_segments.model';
 import Drives from './drives.model';
-import OAuthAccounts from './oauth_accounts.model';

 import orm from './orm';

 export {
  Accounts,
-  AthenaActionLog,
-  AthenaReturnedData,
-  DeviceAuthorisedUsers,
  Devices,
  DriveSegments,
  Drives,
-  OAuthAccounts,
 };

 export default orm;
--- a/src/models/oauth_accounts.model.js
+++ b/src/models/oauth_accounts.model.js
@ -1,40 +0,0 @@
-import { DataTypes } from 'sequelize';
-
-import sequelize from './orm';
-
-const OAuthAccounts = sequelize.define('oauth_accounts', {
-  id: {
-    id: false,
-    autoIncrement: true,
-    primaryKey: true,
-    type: DataTypes.INTEGER,
-  },
-  account_id: {
-    allowNull: false,
-    type: DataTypes.INTEGER,
-  },
-  email: {
-    allowNull: false,
-    type: DataTypes.TEXT,
-  },
-  created: {
-    allowNull: true,
-    type: DataTypes.TIME,
-  },
-  last_used: {
-    allowNull: true,
-    type: DataTypes.CHAR,
-  },
-  refresh: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-  provider: {
-    allowNull: true,
-    type: DataTypes.TEXT,
-  },
-}, {
-  timestamps: false,
-});
-
-export default OAuthAccounts;
--- a/src/server/controllers/admin.js
+++ b/src/server/controllers/admin.js
@ -1,4 +1,3 @@
-// TODO move everythijng away from this dumb intertwined style

 import authentication from './authentication';
 import { Accounts } from '../../models';
--- a/src/server/controllers/authentication/index.js
+++ b/src/server/controllers/authentication/index.js
@ -67,6 +67,8 @@ async function changePassword(account, newPassword, oldPassword) {
 async function getAuthenticatedAccount(req) {
  const sessionJWT = req.cookies.jwt;
  if ((!sessionJWT || sessionJWT.expires <= Date.now())) {
+    console.log('Authentication - expired JWT session provided', sessionJWT);
+
    return null;
  }

@ -75,14 +77,18 @@ async function getAuthenticatedAccount(req) {

 async function getAccountFromJWT(jwt, limitData = true) {
  let token;
+  console.log(jwt);

  try {
    token = jsonwebtoken.verify(jwt, process.env.APP_SALT);
  } catch (err) {
+    console.log(jwt, 'bad jwt');
    return null;// {success: false, msg: 'BAD_JWT'}
  }

  if (!token || !token.accountId) {
+    console.log(jwt, 'bad token');
+
    return null; // {success: false, badToken: true}
  }

@ -97,6 +103,8 @@ async function getAccountFromJWT(jwt, limitData = true) {

  const account = await Accounts.findOne(query);
  if (!account || !account.dataValues) {
+    console.log(jwt, 'invalid');
+
    return null; // {success: false, isInvalid: true}
  }

@ -110,6 +118,8 @@ async function getAccountFromJWT(jwt, limitData = true) {
  }

  if (!account || account.banned) {
+    console.log(jwt, 'banned');
+
    return null; // {success: false, isBanned: true}
  }
  return account;
--- a/src/server/controllers/authentication/oauth/google.js
+++ b/src/server/controllers/authentication/oauth/google.js
@ -1,70 +0,0 @@
-import jsonwebtoken from 'jsonwebtoken';
-import { AuthorizationCode } from 'simple-oauth2';
-import log4js from 'log4js';
-import { AUTH_OAUTH_ERR_GOOGLE, AUTH_OAUTH_ERR_GOOGLE_FAILED_TOKEN_FETCH } from '../../../consistency/terms';
-
-const logger = log4js.getLogger();
-
-const keys = {
-  web: {
-    client_id: '816666184056-n2cpdtsf2v9iiv81ro80cckl5f4oi4p8.apps.googleusercontent.com', project_id: 'glassy-tube-338505', auth_uri: 'https://accounts.google.com/o/oauth2/auth', token_uri: 'https://oauth2.googleapis.com/token', auth_provider_x509_cert_url: 'https://www.googleapis.com/oauth2/v1/certs', client_secret: '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', redirect_uris: ['http://localhost/authentication/oauth/callback'], javascript_origins: ['http://localhost'],
-  },
-};
-
-const config = {
-  client: {
-    id: keys.web.client_id,
-    secret: keys.web.client_secret,
-  },
-  auth: {
-    // token server
-    tokenHost: 'https://oauth2.googleapis.com',
-    tokenPath: '/token',
-
-    // authorization server
-    authorizeHost: 'https://accounts.google.com',
-    authorizePath: '/o/oauth2/v2/auth',
-  },
-};
-
-export async function getToken(code, scope) {
-  const client = new AuthorizationCode(config);
-
-  const tokenParams = {
-    code,
-    redirect_uri: 'http://localhost/authentication/oauth/callback',
-    scope,
-  };
-
-  let accessToken;
-
-  try {
-    accessToken = await client.getToken(tokenParams);
-  } catch (error) {
-    logger.warn(AUTH_OAUTH_ERR_GOOGLE, AUTH_OAUTH_ERR_GOOGLE_FAILED_TOKEN_FETCH, error);
-    return { error: true, ...AUTH_OAUTH_ERR_GOOGLE_FAILED_TOKEN_FETCH };
-  }
-
-  logger.info(`accessToken: ${accessToken}`);
-
-  const id = jsonwebtoken.decode(accessToken.token.id_token);
-
-  logger.info(`jsonwebtoken.${id}`);
-
-  return id;
-}
-
-export async function getURL() {
-  const client = new AuthorizationCode(config);
-
-  return client.authorizeURL({
-    redirect_uri: 'http://localhost/authentication/oauth/callback',
-    scope: 'https://www.googleapis.com/auth/userinfo.email',
-    state: 'ada',
-  });
-}
-
-export default {
-  getToken,
-  getURL,
-};
--- a/src/server/controllers/authentication/oauth/index.js
+++ b/src/server/controllers/authentication/oauth/index.js
@ -1 +0,0 @@
-// empty
--- a/src/server/controllers/user/settings.js
+++ b/src/server/controllers/user/settings.js
@ -0,0 +1,14 @@
+import { Accounts } from '../../../models';
+
+export async function SetResearchStatus(userId, status) {
+  if (typeof (status) !== 'boolean') { return { success: false, notBoolean: true }; }
+
+  Accounts.update({ research_enabled: status }, { where: { id: userId } });
+}
+
+export async function GetResearchStatus(userId) {
+    return Accounts.findOne({where: {id: userId}, attributes: ['research_enabled']})
+}
+
+
+export default null;
--- a/src/server/middlewares/authentication.js
+++ b/src/server/middlewares/authentication.js
@ -7,6 +7,7 @@ export const getAccount = async (req, res, next) => {

 export const requireAuthenticated = async (req, res, next) => {
  const account = await authenticationController.getAuthenticatedAccount(req);
+  console.log(account);
  if (!account) {
    res.status(401).json({
      success: false,
--- a/src/server/router/api/auth/oauth.js
+++ b/src/server/router/api/auth/oauth.js
@ -1,39 +0,0 @@
-import express from 'express';
-import log4js from 'log4js';
-
-import { getURL, getToken } from '../../../controllers/authentication/oauth/google';
-import { requireAuthenticated } from '../../../middlewares/authentication';
-
-const router = express.Router();
-const logger = log4js.getLogger();
-
-router.get('/authentication/oauth/callback', async (req, res) => {
-  logger.info(req.query);
-  res.json(await getToken(req.query.code, req.query.scope));
-});
-
-router.get('/authentication/oauth/:provider', async (req, res) => {
-  const { provider } = req.params;
-  logger.info('provider', provider);
-  let url;
-  switch (provider) {
-    case 'google':
-      url = await getURL();
-      break;
-    default:
-      url = false;
-      break;
-  }
-
-  if (url) {
-    res.redirect(url);
-  } else {
-    res.json({ error: true, msg: 'Invalid provider' });
-  }
-});
-
-router.get('/authentication/oauth/pair/:provider', requireAuthenticated, async (req, res) => {
-  res.status(200);
-});
-
-export default router;
--- a/src/server/router/api/auth/twofactor.js
+++ b/src/server/router/api/auth/twofactor.js
@ -1,11 +0,0 @@
-import express from 'express';
-
-import { requireAuthenticated } from '../../../middlewares/authentication';
-
-const router = express.Router();
-
-router.get('/authentication/twofactor/enrol', requireAuthenticated, async () => {
-  // TODO: implementation
-});
-
-export default router;
--- a/src/server/router/api/index.js
+++ b/src/server/router/api/index.js
@ -5,6 +5,7 @@ import admin from './admin';
 import auth from './auth';
 import devices from './devices';
 import useradmin from './useradmin';
+import userSettings from './user/settings';

 // /api
 const router = express.Router();
@ -13,6 +14,9 @@ router.use('/admin', admin);
 router.use('/auth', auth);
 router.use('/devices', devices);
 router.use('/useradmin', useradmin);
+router.use('/user/settings', userSettings);
+
+console.log(userSettings);

 // TODO: setup oauth and twofactor endpoints
 // app.use(routers.oauthAuthenticator);
--- a/src/server/router/api/user/settings.js
+++ b/src/server/router/api/user/settings.js
@ -0,0 +1,34 @@
+import bodyParser from 'body-parser';
+import crypto from 'crypto';
+import dirTree from 'directory-tree';
+import express from 'express';
+import log4js from 'log4js';
+
+import { requireAuthenticated } from '../../../middlewares/authentication';
+import { SetResearchStatus, GetResearchStatus } from '../../../controllers/user/settings';
+
+const logger = log4js.getLogger();
+
+// /api/devices
+const router = express.Router();
+
+router.patch('/research/:enabled', requireAuthenticated, async (req, res) => {
+    const { enabled } = req.params;
+    if (!enabled) { res.json({ bad: true }); }
+    const doEnable = enabled === 'true';
+    const accountId = req.account.id;
+  
+    const update = await SetResearchStatus(req.account.id, doEnable);
+  
+    return res.json({ success: true, data: req.account });
+  });
+
+  router.get('/research/', requireAuthenticated, async (req, res) => {
+    const accountId = req.account.id;
+  
+    const update = await GetResearchStatus(req.account.id);
+  
+    return res.json({ success: true, data: update });
+  });
+
+export default router;
--- a/src/server/router/useradmin.js
+++ b/src/server/router/useradmin.js
@ -214,7 +214,30 @@ router.get('/overview', requireAuthenticated, runAsyncWrapper(async (req, res) =
    <b>Account:</b> #${account.id}<br>
    <b>Email:</b> ${account.email}<br>
    <b>Created:</b> ${helperController.formatDate(account.created)}<br><br>
+    <b>User Settings</b>
+    <br>
+    <input type="checkbox" id="share-data" name="sharedata"
+    checked>
+<label for="scales">Share drives for community model development</label><br>
+      <script>
+      const selectElement = document.querySelector('#share-data');
+          fetch('/api/user/settings/research')
+    .then(response => response.json())
+    .then((data) => {
+      if (data.success) {
+        selectElement.checked = data.data.research_enabled
+      }
+    });
+selectElement.addEventListener('change', (event) => {
+  fetch('/api/user/settings/research/'+event.target.checked, {
+  method: 'PATCH'})
+});
+          </script>
+          <br><br>
+
    <b>Devices:</b><br>
+
+
    <table border=1 cellpadding=2 cellspacing=2>
        <tr><th>dongle_id</th><th>device_type</th><th>created</th><th>last_ping</th><th>storage_used</th></tr>
 `;
@ -230,6 +253,8 @@ router.get('/overview', requireAuthenticated, runAsyncWrapper(async (req, res) =
 </tr>`;
  });

+
+
  response += `</table>
 <br>
 <hr/>