exposed the owner IDs to the API and mDNS

allows users to see which units have already been set up with owner during the setup process
2017-07-06 11:25:30 -06:00 · 2017-07-06 11:25:30 -06:00 · 0daf1b909a
--- a/lib/mdns.js
+++ b/lib/mdns.js
@ -31,7 +31,7 @@ var randomId = {
  }
 };

-function createResponse(name, packet, ttl, mainPort) {
+function createResponse(name, ownerIds, packet, ttl, mainPort) {
  var rpacket = {
    header: {
      id: packet.header.id
@ -97,12 +97,21 @@ function createResponse(name, packet, ttl, mainPort) {
  , target: name + ".local"
  });
  rpacket.additional.push({
-    name: name + '._device-info._tcp.local'
+    name: name + '._device-info.' + queryName
  , typeName: 'TXT'
  , ttl: ttl
  , className: 'IN'
  , data: ["model=CloudHome1,1", "dappsvers=1"]
  });
+  ownerIds.forEach(function (id) {
+    rpacket.additional.push({
+      name: name + '._owner-id.' + queryName
+    , typeName: 'TXT'
+    , ttl: ttl
+    , className: 'IN'
+    , data: [id]
+    });
+  });

  return require('dns-suite').DNSPacket.write(rpacket);
 }
@ -134,9 +143,23 @@ module.exports.start = function (deps, config, mainPort) {
    if (packet.question.length !== 1 || packet.question[0].name !== queryName) {
      return;
    }
+    if (packet.question[0].typeName !== 'PTR' || packet.question[0].className !== 'IN' ) {
+      return;
+    }

-    randomId.get().then(function (name) {
-      var resp = createResponse(name, packet, config.mdns.ttl, mainPort);
+    var proms = [
+      randomId.get()
+    , deps.storage.owners.all().then(function (owners) {
+        // The ID is the sha256 hash of the PPID, which shouldn't be reversible and therefore
+        // should be safe to expose without needing authentication.
+        return owners.map(function (owner) {
+          return owner.id;
+        });
+      })
+    ];
+
+    PromiseA.all(proms).then(function (results) {
+      var resp = createResponse(results[0], results[1], packet, config.mdns.ttl, mainPort);
      var now = Date.now();
      if (now > nextBroadcast) {
        socket.send(resp, config.mdns.port, config.mdns.broadcast);
--- a/packages/apis/com.daplie.goldilocks/index.js
+++ b/packages/apis/com.daplie.goldilocks/index.js
@ -12,13 +12,6 @@ module.exports.create = function (deps, conf) {

  var api = deps.api;

-  /*
-  var owners;
-  deps.storage.owners.on('set', function (_owners) {
-    owners = _owners;
-  });
-  */
-
  function handleCors(req, res, methods) {
    if (!methods) {
      methods = ['GET', 'POST'];
@ -65,7 +58,7 @@ module.exports.create = function (deps, conf) {

  return {
    init: function (req, res) {
-      if (handleCors(req, res, 'POST')) {
+      if (handleCors(req, res, ['GET', 'POST'])) {
        return;
      }
      if (req.method !== 'POST') {
@ -75,6 +68,18 @@ module.exports.create = function (deps, conf) {
        return;
      }

+      if ('POST' !== req.method) {
+        // It should be safe to give the list of owner IDs to an un-authenticated
+        // request because the ID is the sha256 of the PPID and shouldn't be reversible
+        return deps.storage.owners.all().then(function (results) {
+          var ids = results.map(function (owner) {
+            return owner.id;
+          });
+          res.setHeader('Content-Type', 'application/json');
+          res.end(JSON.stringify(ids));
+        });
+      }
+
      jsonParser(req, res, function () {

      return deps.PromiseA.resolve().then(function () {