coolaj86/issuer.rest.walnut.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

changed the id used to store JWKs

Browse Source
This commit is contained in:
tigerbot 2017-06-28 17:51:24 -06:00
parent d320f3d990
commit 5b8d77a555
2 changed files with 31 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
models.js
View File

@ -8,6 +8,6 @@ module.exports = [
tablename: apiname + '_jwks', tablename: apiname + '_jwks',
idname: 'id', idname: 'id',
unique: ['id'], unique: ['id'],
indices: baseFields.concat([ 'kty', 'kid' ]), indices: baseFields.concat([ 'kty', 'kid', 'sub' ]),
} }
]; ];

38
rest.js
View File

@ -6,12 +6,18 @@ var crypto = require('crypto');
module.exports.create = function (bigconf, deps, app) { module.exports.create = function (bigconf, deps, app) {
var Jwks = { restful: {} }; var Jwks = { restful: {} };
function attachModels(req, res, next) { // This tablename is based on the tablename found in the objects in model.js.
return req.getSiteStore().then(function (models) { // Instead of the snake_case the name with be UpperCammelCase, converted by masterquest-sqlite3.
req.Models = models; function attachSiteStore(tablename, req, res, next) {
return req.getSiteStore().then(function (store) {
req.Store = store[tablename];
next(); next();
}); });
} }
function detachSiteStore(req, res, next) {
delete req.Store;
next();
}
Jwks.thumbprint = function (jwk) { Jwks.thumbprint = function (jwk) {
// To produce a thumbprint we need to create a JSON string with only the required keys for // To produce a thumbprint we need to create a JSON string with only the required keys for
@ -42,10 +48,15 @@ module.exports.create = function (bigconf, deps, app) {
}; };
Jwks.restful.get = function (req, res) { Jwks.restful.get = function (req, res) {
var promise = req.Models.IssuerOauth3OrgJwks.find({ kid: req.params.kid }, { limit: 1 }).then(function (jwkArr) { var promise = req.Store.find({ kid: req.params.kid }, { limit: 1 }).then(function (results) {
var jwk = jwkArr[0]; if (!results.length) {
throw new Error('no keys stored with kid "'+req.params.kid+'"');
}
var jwk = results[0];
// We need to sanitize the key to make sure we don't deliver any private keys fields if // We need to sanitize the key to make sure we don't deliver any private keys fields if
// we were given a key we could use to sign tokens on behalf of the user. // we were given a key we could use to sign tokens on behalf of the user. We also don't
// want to deliver the sub or any other PPIDs.
var whitelist = [ 'kty', 'alg', 'kid', 'use' ]; var whitelist = [ 'kty', 'alg', 'kid', 'use' ];
if (jwk.kty === 'EC') { if (jwk.kty === 'EC') {
whitelist = whitelist.concat([ 'crv', 'x', 'y' ]); whitelist = whitelist.concat([ 'crv', 'x', 'y' ]);
@ -69,8 +80,17 @@ module.exports.create = function (bigconf, deps, app) {
throw new Error('provided kid "'+jwk.kid+'" does not match calculated "'+kid+'"'); throw new Error('provided kid "'+jwk.kid+'" does not match calculated "'+kid+'"');
} }
jwk.kid = kid; jwk.kid = kid;
jwk.sub = req.params.sub;
return req.Models.IssuerOauth3OrgJwks.upsert(req.params.sub, jwk); return req.Store.find({ kid: jwk.kid, sub: jwk.sub}).then(function (results) {
if (!results.length) {
return crypto.randomBytes(32).toString('hex');
} else {
return results[0].id;
}
}).then(function (id) {
return req.Store.upsert(id, jwk);
});
}).then(function () { }).then(function () {
return { success: true }; return { success: true };
}); });
@ -78,7 +98,9 @@ module.exports.create = function (bigconf, deps, app) {
app.handlePromise(req, res, promise, "[issuer@oauth3.org] create JWK"); app.handlePromise(req, res, promise, "[issuer@oauth3.org] create JWK");
}; };
app.use( '/jwks', attachModels); app.use( '/jwks', attachSiteStore.bind(null, 'IssuerOauth3OrgJwks'));
app.get( '/jwks/:kid.json', Jwks.restful.get); app.get( '/jwks/:kid.json', Jwks.restful.get);
app.post( '/jwks/:sub', Jwks.restful.saveNew); app.post( '/jwks/:sub', Jwks.restful.saveNew);
app.use(detachSiteStore);
}; };