Added server token verification

2024-10-27 20:34:03 +00:00 · 2021-04-10 17:12:21 +00:00 · 2021-04-10 17:12:21 +00:00 · 377cc81093
commit 377cc81093
parent 9e4164632c
5 changed files with 835 additions and 832 deletions
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/src/app/configs/app.config.ts
+++ b/src/app/configs/app.config.ts
@ -4,6 +4,7 @@ import * as fs from "fs"
 export default {
    name: env('APP_NAME', 'Extollo'),
    defaultTime: env('DEFAULT_TIME', 1.21e+9),
+    api_server_header: env('API_SERVER_HEADER', 'X-Server-Token'),

    gpg: {
       key: {
--- a/src/app/http/controllers/api/Blockchain.controller.ts
+++ b/src/app/http/controllers/api/Blockchain.controller.ts
@ -2,7 +2,7 @@ import {Controller, Config} from "@extollo/lib"
 import {Injectable, Inject} from "@extollo/di"
 import {TransactionResource, TransactionResourceItem} from "../../../rtdb/TransactionResource"
 import {Iterable, many, one} from "@extollo/util"
-import {Block, Blockchain as BlockchainService} from "../../../units/Blockchain"
+import {Block, Blockchain as BlockchainService, Peer} from "../../../units/Blockchain"
 import {ExposureResource, ExposureResourceItem} from "../../../rtdb/ExposureResource";
 import {FirebaseUnit} from "../../../units/FirebaseUnit"
 import { BlockResource, BlockResourceItem } from "../../../rtdb/BlockResource"
@ -101,4 +101,16 @@ export class Blockchain extends Controller {
        let blocks = (Object.values(snapshot.val()) as BlockResourceItem[]).filter((item: BlockResourceItem) => item.seqID !== 0)
        return many(blocks)
    }
+
+    public async peer() {
+        const url = this.request.input('host')
+        const name = this.request.input('name')
+        const peer: Peer = {
+            host: String(url)
+            } 
+        if (name) {
+            peer.name = String(name)
+        }
+        await this.blockchain.registerPeer(peer)
+    }
 }
--- a/src/app/http/middlewares/api/ServerGPGTokenVerify.middleware.ts
+++ b/src/app/http/middlewares/api/ServerGPGTokenVerify.middleware.ts
@ -0,0 +1,54 @@
+import {Middleware, Config, error} from "@extollo/lib"
+import {Injectable, Inject} from "@extollo/di"
+import { HTTPStatus } from "@extollo/util"
+import * as openpgp from "openpgp"
+
+/**
+ * serverGPGTokenVerify Middleware
+ * --------------------------------------------
+ * Put some description here.
+ */
+@Injectable()
+export class ServerGPGTokenVerify extends Middleware {
+    @Inject()
+    protected readonly config!: Config
+
+    public async apply() {
+        const header = this.config.get('app.api_server_header')
+        let value = this.request.getHeader(header)
+        // if nothing, fail
+        if (!value) {
+            return this.fail()
+        }
+        // if single string
+        if (typeof(value) === 'string') {
+            this.verifyToken(value)
+            return
+        } else { // else an array of strings
+            for (const item of value) {
+                if (await this.verifyToken(item)) {
+                    return
+                }
+            }
+            
+        }
+    }
+
+    public fail() {
+        return error("Unauthorized", HTTPStatus.FORBIDDEN)
+    }
+    public async verifyToken(message: string) {
+        const publicKey = this.config.get("app.gpg.key.public")
+
+        const result = await openpgp.verify({
+            publicKeys: await openpgp.readKey({
+                armoredKey: publicKey,
+            }),
+            message: await openpgp.readMessage({
+                armoredMessage: message,
+            }),
+        })
+
+        return !!(await result.signatures?.[0]?.verified)
+    }
+}
--- a/src/app/http/routes/app.routes.ts
+++ b/src/app/http/routes/app.routes.ts
@ -12,6 +12,8 @@ Route.group('/api/v1', () => {
    Route.post('/validate', 'api:Blockchain.validate')
        .pre('DebugOnly')

+    Route.post('/peer', 'api:Blockchain.peer')
+
    Route.get('/chain', 'api:Blockchain.readBlockchain')

    Route.get('/check', 'api:Blockchain.check')