From 33b00ee330b945633580d73852cfb14f0a28cc3d Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 11 May 2019 16:53:24 -0600 Subject: [PATCH] WIP: authenticate all requests --- bin/telebit-remote.js | 4 ++++ bin/telebitd.js | 18 ++++++++++------ lib/eggspress.js | 50 ++++++++++++++++++++++++++++--------------- 3 files changed, 49 insertions(+), 23 deletions(-) diff --git a/bin/telebit-remote.js b/bin/telebit-remote.js index 2fe7c71..933893c 100755 --- a/bin/telebit-remote.js +++ b/bin/telebit-remote.js @@ -707,6 +707,10 @@ function parseConfig(err, text) { }).then(function (resp) { //nonce = resp.headers['replay-nonce']; if (!resp.body || 'valid' !== resp.body.status) { + console.error('request jws:', jws); + console.error('response:'); + console.error(resp.headers); + console.error(resp.body); throw new Error("did not successfully create or restore account"); } return RC.requestAsync({ service: 'config', method: 'GET' }).catch(function (err) { diff --git a/bin/telebitd.js b/bin/telebitd.js index 9d6bf2d..6bbbdfd 100755 --- a/bin/telebitd.js +++ b/bin/telebitd.js @@ -1049,11 +1049,14 @@ function handleApi() { function mustTrust(req, res, next) { // TODO public routes should be explicitly marked // trusted should be the default - if (req.trusted) { next(); } - res.statusCode = 400; - res.send({"error":{"message": "this type of requests must be encoded as a jws payload" - + " and signed by a trusted account holder"}}); - return; + if (!req.trusted) { + res.statusCode = 400; + res.send({"error":{"message": "this type of requests must be encoded as a jws payload" + + " and signed by a trusted account holder"}}); + return; + } + + next(); } app.use(/\b(relay)\b/, mustTrust, controllers.relay); app.get(/\b(config)\b/, mustTrust, getConfigOnly); @@ -1076,7 +1079,10 @@ function handleApi() { app.use(/\b(status)\b/, mustTrust, getStatus); app.use(/\b(list)\b/, mustTrust, listSuccess); app.use('/', function (req, res) { - res.send({"error":{"message":"unrecognized rpc"}}); + res.send({"error":{"message":"unrecognized rpc: [" + req.method + "] " + req.url + "\n" + + JSON.stringify(req.headers) + "\n" + + JSON.stringify(req.body) + "\n" + }}); }); return app; diff --git a/lib/eggspress.js b/lib/eggspress.js index d4b3d28..82249fe 100644 --- a/lib/eggspress.js +++ b/lib/eggspress.js @@ -51,16 +51,29 @@ module.exports = function eggspress() { res.end(e.message); } - try { - console.log("[eggspress] matched pattern", todo[0], req.url); - var p = todo[1](req, res, next); - if (p && p.catch) { - p.catch(fail); - } - } catch(e) { - fail(e); - return; + console.log("[eggspress] matched pattern", todo[0], req.url); + if ('function' === typeof todo[1]) { + // TODO this is prep-work + todo[1] = [todo[1]]; } + + var fns = todo[1].slice(0); + + function nextTodo(err) { + if (err) { fail(err); return; } + var fn = fns.shift(); + if (!fn) { next(err); return; } + try { + var p = fn(req, res, nextTodo); + if (p && p.catch) { + p.catch(fail); + } + } catch(e) { + fail(e); + return; + } + } + nextTodo(); } res.send = eggSend; @@ -68,19 +81,22 @@ module.exports = function eggspress() { next(); }; - app.use = function (pattern, fn) { - return app._use('', pattern, fn); + app.use = function (pattern) { + var fns = Array.prototype.slice.call(arguments, 1); + return app._use('', pattern, fns); }; [ 'HEAD', 'GET', 'POST', 'DELETE' ].forEach(function (method) { - app[method.toLowerCase()] = function (pattern, fn) { - return app._use(method, pattern, fn); + app[method.toLowerCase()] = function (pattern) { + var fns = Array.prototype.slice.call(arguments, 1); + return app._use(method, pattern, fns); }; }); - app.post = function (pattern, fn) { - return app._use('POST', pattern, fn); + app.post = function (pattern) { + var fns = Array.prototype.slice.call(arguments, 1); + return app._use('POST', pattern, fns); }; - app._use = function (method, pattern, fn) { + app._use = function (method, pattern, fns) { // always end in a slash, for now if ('string' === typeof pattern) { pattern = pattern.replace(/\/$/, '') + '/'; @@ -94,7 +110,7 @@ module.exports = function eggspress() { return b.length - a.length; }); */ - allPatterns.push([pattern, fn, method.toLowerCase()]); + allPatterns.push([pattern, fns, method.toLowerCase()]); return app; };