WIP: authenticate all requests

This commit is contained in:
AJ ONeal 2019-05-11 16:53:24 -06:00
parent 1826ec8497
commit 33b00ee330
3 changed files with 49 additions and 23 deletions

View File

@ -707,6 +707,10 @@ function parseConfig(err, text) {
}).then(function (resp) {
//nonce = resp.headers['replay-nonce'];
if (!resp.body || 'valid' !== resp.body.status) {
console.error('request jws:', jws);
console.error('response:');
console.error(resp.headers);
console.error(resp.body);
throw new Error("did not successfully create or restore account");
}
return RC.requestAsync({ service: 'config', method: 'GET' }).catch(function (err) {

View File

@ -1049,12 +1049,15 @@ function handleApi() {
function mustTrust(req, res, next) {
// TODO public routes should be explicitly marked
// trusted should be the default
if (req.trusted) { next(); }
if (!req.trusted) {
res.statusCode = 400;
res.send({"error":{"message": "this type of requests must be encoded as a jws payload"
+ " and signed by a trusted account holder"}});
return;
}
next();
}
app.use(/\b(relay)\b/, mustTrust, controllers.relay);
app.get(/\b(config)\b/, mustTrust, getConfigOnly);
app.use(/\b(init|config)\b/, mustTrust, initOrConfig);
@ -1076,7 +1079,10 @@ function handleApi() {
app.use(/\b(status)\b/, mustTrust, getStatus);
app.use(/\b(list)\b/, mustTrust, listSuccess);
app.use('/', function (req, res) {
res.send({"error":{"message":"unrecognized rpc"}});
res.send({"error":{"message":"unrecognized rpc: [" + req.method + "] " + req.url + "\n"
+ JSON.stringify(req.headers) + "\n"
+ JSON.stringify(req.body) + "\n"
}});
});
return app;

View File

@ -51,9 +51,20 @@ module.exports = function eggspress() {
res.end(e.message);
}
try {
console.log("[eggspress] matched pattern", todo[0], req.url);
var p = todo[1](req, res, next);
if ('function' === typeof todo[1]) {
// TODO this is prep-work
todo[1] = [todo[1]];
}
var fns = todo[1].slice(0);
function nextTodo(err) {
if (err) { fail(err); return; }
var fn = fns.shift();
if (!fn) { next(err); return; }
try {
var p = fn(req, res, nextTodo);
if (p && p.catch) {
p.catch(fail);
}
@ -62,25 +73,30 @@ module.exports = function eggspress() {
return;
}
}
nextTodo();
}
res.send = eggSend;
next();
};
app.use = function (pattern, fn) {
return app._use('', pattern, fn);
app.use = function (pattern) {
var fns = Array.prototype.slice.call(arguments, 1);
return app._use('', pattern, fns);
};
[ 'HEAD', 'GET', 'POST', 'DELETE' ].forEach(function (method) {
app[method.toLowerCase()] = function (pattern, fn) {
return app._use(method, pattern, fn);
app[method.toLowerCase()] = function (pattern) {
var fns = Array.prototype.slice.call(arguments, 1);
return app._use(method, pattern, fns);
};
});
app.post = function (pattern, fn) {
return app._use('POST', pattern, fn);
app.post = function (pattern) {
var fns = Array.prototype.slice.call(arguments, 1);
return app._use('POST', pattern, fns);
};
app._use = function (method, pattern, fn) {
app._use = function (method, pattern, fns) {
// always end in a slash, for now
if ('string' === typeof pattern) {
pattern = pattern.replace(/\/$/, '') + '/';
@ -94,7 +110,7 @@ module.exports = function eggspress() {
return b.length - a.length;
});
*/
allPatterns.push([pattern, fn, method.toLowerCase()]);
allPatterns.push([pattern, fns, method.toLowerCase()]);
return app;
};