Untitled

var radius = require('radius');
var dgram = require('dgram');
var md5 = require('md5');
var config = require('/etc/radiusd.json');

var logger = require('./libs/logger')({
  config: config.log
});

var client = require('./libs/redis')({
  logger: logger,
  config: config.redis
});

var mysqlCluster = require('./libs/mysql')({
  logger: logger,
  config: config.mysql
});

var secret = config.radiusd.secret;

// ÂàõÂª∫ socket server
var server = dgram.createSocket('udp4');

// Êî∂Âà∞ËØ∑Ê±Ç
server.on('message', (msg, rinfo) => {
  // Ëß£ÂåÖ
  var packet = radius.decode({packet: msg, secret: secret});

  var username = packet.attributes['User-Name'];
  var password = packet.attributes['User-Password'];

  logger.debug(`Access-Request: ${username}/${password}`);

  // Â∑≤Ë¢´ÁºìÂ≠ò (ÈªòËÆ§Â∑≤Ë¢´ÁºìÂ≠ò, ÂΩìÈÄöËøá MySQL ËØªÂèñÁöÑÊó∂ÂÄô, ‰ºö‰øÆÊîπ cached)
  var cached = true;

  (new Promise((resolve, reject) => {
    // ËøõË°å code Á±ªÂûãÂà§Êñ≠
    if (packet.code != 'Access-Request') {
      logger.error('unknown packet type: ', packet.code);
      throw new Error(`unknown packet type: ${packet.code}`);
    }
    // Â¶ÇÊûú redis Ê≠ªÊéâ‰∫Ü, client.connected ‰∏∫ false
    if (client.connected) {
      client.hgetall(username, (err, res) => {
        if (res) {
          logger.debug(`redis hit ${username}`)
          resolve(res);
        } else {
          reject();
        }
      });
    } else {
        reject();
    }
  }))
  .then((result) => {
    // ÂèØ‰ª•Ëé∑ÂèñÂà∞ÁºìÂ≠òÊï∞ÊçÆ
    // Ëé∑ÂèñÂà∞ÁºìÂ≠òÊï∞ÊçÆ
    return result;
  }, () => {
    cached = false;
    // Ëé∑Âèñ‰∏çÂà∞ÁºìÂ≠òÊï∞ÊçÆ
    return new Promise((resolve, reject) => {
      mysqlCluster.of('*').query('SELECT `password` FROM `users` WHERE `username` = ? LIMIT 1', [username], (err, results, fields) => {
        if (err || results[0] === undefined) {
          reject(err || new Error(`Cannot Find ${username} Info`));
        } else {
          resolve(JSON.parse(JSON.stringify(results[0])));
        }
      });
    });
  })
  .then((result) => {
    // Â¶ÇÊûú redis Â§Ñ‰∫é connected Áä∂ÊÄÅ, Âπ∂‰∏îÊ≤°ÊúâË¢´ÁºìÂ≠ò
    if (client.connected && !cached)  {
      logger.debug(`Cache save ${username}}`);
      client.hmset(username, result);
    }

    return result;
  })
  .then((result) => {
    return new Promise((resolve, reject) => {
      if (md5(password) == result.password) {
        logger.debug(`password compare success! ${username}/${password}`);
        resolve()
      } else {
        reject(new Error('Wrong Password'));
      }
    });
  })
  .then((result) => {
    var response = radius.encode_response({
      packet: packet,
      code: 'Access-Accept',
      secret: secret
    });

    logger.debug(`Sending Access-Accept for user ${username}`);

    server.send(response, 0, response.length, rinfo.port, rinfo.address, (err, bytes) => {
      if (err) {
        logger.error(`Error sending response to ${err}`);
      }
    });
  })
  .catch((err) => {
    console.log(err);
    var response = radius.encode_response({
      packet: packet,
      code: 'Access-Reject',
      secret: secret
    });

    logger.debug(`Sending Access-Reject for user ${username}`);

    server.send(response, 0, response.length, rinfo.port, rinfo.address, (err, bytes) => {
      if (err) {
        logger.error(`Error sending response to ${err}`);
      }
    });
  });
});

server.on('listening', () => {
  logger.info('Server is running...');
});

server.bind(1812);