From f4c363e36cfa796f354b8dab2fb06a2f08edaa3b Mon Sep 17 00:00:00 2001
From: Matteo Gheza <matteo.gheza07@gmail.com>
Date: Mon, 21 Mar 2022 22:51:51 +0100
Subject: [PATCH 1/4] Log auth errors

---
 src/index.ts | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 810229fc..fafedf3a 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -249,10 +249,9 @@ function initialSetup() {
 
 		socket.on('login', (username: string, password: string) => {
 			authenticate(username, password).then((result) => {
-                socket.emit('login_result', true); //old response, for compatibility with old UI clients
 				socket.emit('login_response', { loginOk: true, message: "", accessToken: result.access_token });
 			}).catch((error) => {
-				logger(`User ${username} (ip addr ${ipAddr}) has attempted a login: wrong username or password.`);
+				logger(`User ${username} (ip addr ${ipAddr}) has attempted a login (${error})`);
                 //wrong credentials
 				Promise.all([
 					limiterConsecutiveFailsByUsernameAndIP.consume(ipAddr),
@@ -264,11 +263,9 @@ function initialSetup() {
 					if(points < 4) {
 						message += " Remaining attemps:"+points;
 					}
-					socket.emit('login_result', false); //old response, for compatibility with old UI clients
 					socket.emit('login_response', { loginOk: false, message: message, access_token: "" });
 				}).catch((error) => {
 					//rate limits exceeded
-                    socket.emit('login_result', false); //old response, for compatibility with old UI clients
                     let retrySecs = 1;
 					try{
 						retrySecs = Math.round(error.msBeforeNext / 1000) || 1;

From b5d96099a4b928f34ed3babc9d72155439cc1e74 Mon Sep 17 00:00:00 2001
From: Matteo Gheza <matteo.gheza07@gmail.com>
Date: Mon, 21 Mar 2022 22:57:27 +0100
Subject: [PATCH 2/4] tmp ui fix

---
 UI/src/app/_services/socket.service.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/UI/src/app/_services/socket.service.ts b/UI/src/app/_services/socket.service.ts
index 08a10f68..4e2e786a 100644
--- a/UI/src/app/_services/socket.service.ts
+++ b/UI/src/app/_services/socket.service.ts
@@ -318,7 +318,8 @@ export class SocketService {
     this.socket.on('error', (message: string) => {
       console.error(message);
       if(message.includes("Access") || message.includes("JWT") || message.includes("jwt")) {
-        alert(message);
+        console.error("JWT requested after server reconnection. This should not happen.");
+        window.location.reload(); //tmp fix while we figure out how to handle server reconnection
       }
     });
 

From f8b49bae5e669263cdbea584d3797437260dcbd8 Mon Sep 17 00:00:00 2001
From: Matteo Gheza <matteo.gheza07@gmail.com>
Date: Mon, 21 Mar 2022 23:46:45 +0100
Subject: [PATCH 3/4] replace currentConfig with loadedConfig

---
 src/_helpers/config.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/_helpers/config.ts b/src/_helpers/config.ts
index bf4e92ea..bb0b229b 100644
--- a/src/_helpers/config.ts
+++ b/src/_helpers/config.ts
@@ -91,13 +91,13 @@ export function readConfig(): void {
 		logger('Migrating user configs to the new format.', 'info-quiet');
 		currentConfig.users = [];
 		addUser({
-			username: currentConfig.security.username_producer || "producer",
-			password: currentConfig.security.password_producer || "12345",
+			username: loadedConfig.security.username_producer || "producer",
+			password: loadedConfig.security.password_producer || "12345",
 			roles: "producer"
 		});
 		addUser({
-			username: currentConfig.security.username_settings || "admin",
-			password: currentConfig.security.password_settings || "12345",
+			username: loadedConfig.security.username_settings || "admin",
+			password: loadedConfig.security.password_settings || "12345",
 			roles: "admin"
 		});
 		delete currentConfig.security.username_producer;

From 5370be8e42d3239c4323d2e2411214af5fd8c65a Mon Sep 17 00:00:00 2001
From: Matteo Gheza <matteo.gheza07@gmail.com>
Date: Tue, 22 Mar 2022 00:00:58 +0100
Subject: [PATCH 4/4] Fix jwt_private_key not added after migration

---
 src/_helpers/config.ts | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/_helpers/config.ts b/src/_helpers/config.ts
index bb0b229b..455ca471 100644
--- a/src/_helpers/config.ts
+++ b/src/_helpers/config.ts
@@ -3,6 +3,7 @@ import { Config } from "../_models/Config";
 import { ConfigTSLClient } from "../_models/ConfigTSLClient";
 import fs from "fs-extra";
 import path from "path";
+import { randomBytes } from "crypto";
 import { clone } from "./clone";
 import { uuidv4 } from "./uuid";
 import { addUser } from "./auth";
@@ -20,7 +21,7 @@ const config_file = getConfigFilePath();
 
 export const ConfigDefaults: Config = {
 	security: {
-		jwt_private_key: require('crypto').randomBytes(256).toString('base64'),
+		jwt_private_key: "",
 	},
 	users: [],
     cloud_destinations: [],
@@ -39,7 +40,7 @@ export const ConfigDefaults: Config = {
     ],
     externalAddress: "http://0.0.0.0:4455/#/tally",
 	remoteErrorReporting: false,
-	uuid: uuidv4()
+	uuid: ""
 }
 
 export let currentConfig: Config = clone(ConfigDefaults);
@@ -87,7 +88,7 @@ export function readConfig(): void {
         ...clone(ConfigDefaults),
         ...loadedConfig,
     };
-	if(!loadedConfig.users || loadedConfig.users.length === 0) {
+	if(!loadedConfig.users || typeof loadedConfig.users !== "object" || loadedConfig.users.length === 0) {
 		logger('Migrating user configs to the new format.', 'info-quiet');
 		currentConfig.users = [];
 		addUser({
@@ -106,12 +107,14 @@ export function readConfig(): void {
 		delete currentConfig.security.password_settings;
 		SaveConfig();
 	}
-	if(!loadedConfig.uuid) {
+	if(!loadedConfig.uuid || typeof loadedConfig.uuid !== "string") {
 		logger('Adding an uuid identifier to this server for using MDNS.', 'info-quiet');
+		currentConfig.uuid = uuidv4();
 		SaveConfig(); //uuid added if missing on config save
 	}
-	if(!loadedConfig.security.jwt_private_key) {
+	if(!loadedConfig.security.jwt_private_key || typeof loadedConfig.security.jwt_private_key !== "string") {
 		logger('Adding a private key for JWT authentication.', 'info-quiet');
+		currentConfig.security.jwt_private_key = randomBytes(256).toString('base64');
 		SaveConfig(); //uuid added if missing on config save
 	}
 }