From 0daf1b909ac57eb572532ac0d716ca77af5e7ae4 Mon Sep 17 00:00:00 2001 From: tigerbot Date: Thu, 6 Jul 2017 11:25:30 -0600 Subject: [PATCH] exposed the owner IDs to the API and mDNS allows users to see which units have already been set up with owner during the setup process --- lib/mdns.js | 31 +++++++++++++++++--- packages/apis/com.daplie.goldilocks/index.js | 21 ++++++++----- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/lib/mdns.js b/lib/mdns.js index 60fe873..2c6ef0c 100644 --- a/lib/mdns.js +++ b/lib/mdns.js @@ -31,7 +31,7 @@ var randomId = { } }; -function createResponse(name, packet, ttl, mainPort) { +function createResponse(name, ownerIds, packet, ttl, mainPort) { var rpacket = { header: { id: packet.header.id @@ -97,12 +97,21 @@ function createResponse(name, packet, ttl, mainPort) { , target: name + ".local" }); rpacket.additional.push({ - name: name + '._device-info._tcp.local' + name: name + '._device-info.' + queryName , typeName: 'TXT' , ttl: ttl , className: 'IN' , data: ["model=CloudHome1,1", "dappsvers=1"] }); + ownerIds.forEach(function (id) { + rpacket.additional.push({ + name: name + '._owner-id.' + queryName + , typeName: 'TXT' + , ttl: ttl + , className: 'IN' + , data: [id] + }); + }); return require('dns-suite').DNSPacket.write(rpacket); } @@ -134,9 +143,23 @@ module.exports.start = function (deps, config, mainPort) { if (packet.question.length !== 1 || packet.question[0].name !== queryName) { return; } + if (packet.question[0].typeName !== 'PTR' || packet.question[0].className !== 'IN' ) { + return; + } - randomId.get().then(function (name) { - var resp = createResponse(name, packet, config.mdns.ttl, mainPort); + var proms = [ + randomId.get() + , deps.storage.owners.all().then(function (owners) { + // The ID is the sha256 hash of the PPID, which shouldn't be reversible and therefore + // should be safe to expose without needing authentication. + return owners.map(function (owner) { + return owner.id; + }); + }) + ]; + + PromiseA.all(proms).then(function (results) { + var resp = createResponse(results[0], results[1], packet, config.mdns.ttl, mainPort); var now = Date.now(); if (now > nextBroadcast) { socket.send(resp, config.mdns.port, config.mdns.broadcast); diff --git a/packages/apis/com.daplie.goldilocks/index.js b/packages/apis/com.daplie.goldilocks/index.js index eb3d88b..6c94f14 100644 --- a/packages/apis/com.daplie.goldilocks/index.js +++ b/packages/apis/com.daplie.goldilocks/index.js @@ -12,13 +12,6 @@ module.exports.create = function (deps, conf) { var api = deps.api; - /* - var owners; - deps.storage.owners.on('set', function (_owners) { - owners = _owners; - }); - */ - function handleCors(req, res, methods) { if (!methods) { methods = ['GET', 'POST']; @@ -65,7 +58,7 @@ module.exports.create = function (deps, conf) { return { init: function (req, res) { - if (handleCors(req, res, 'POST')) { + if (handleCors(req, res, ['GET', 'POST'])) { return; } if (req.method !== 'POST') { @@ -75,6 +68,18 @@ module.exports.create = function (deps, conf) { return; } + if ('POST' !== req.method) { + // It should be safe to give the list of owner IDs to an un-authenticated + // request because the ID is the sha256 of the PPID and shouldn't be reversible + return deps.storage.owners.all().then(function (results) { + var ids = results.map(function (owner) { + return owner.id; + }); + res.setHeader('Content-Type', 'application/json'); + res.end(JSON.stringify(ids)); + }); + } + jsonParser(req, res, function () { return deps.PromiseA.resolve().then(function () {