diff --git a/src/server.js b/src/server.js index 3a006db4..1b14e226 100644 --- a/src/server.js +++ b/src/server.js @@ -124,6 +124,12 @@ const server = program => { const deviceId = req.headers['encryption-device-id'] const oldSend = res.send + console.log({ + deviceId, + encryptionDisabled: process.env.SHOCK_ENCRYPTION_ECC === 'false', + unprotectedRoute: nonEncryptedRoutes.includes(req.path) + }) + if ( nonEncryptedRoutes.includes(req.path) || process.env.SHOCK_ENCRYPTION_ECC === 'false' @@ -403,16 +409,18 @@ const server = program => { }) } - if(process.env.ALLOW_UNLOCKED_LND === 'true'){ - const codes = await Storage.valuesWithKeyMatch(/^UnlockedAccessSecrets\//u) - if(codes.length === 0){ + if (process.env.ALLOW_UNLOCKED_LND === 'true') { + const codes = await Storage.valuesWithKeyMatch( + /^UnlockedAccessSecrets\//u + ) + if (codes.length === 0) { const code = ECC.generateRandomString(12) await Storage.setItem(`UnlockedAccessSecrets/${code}`, false) await Storage.setItem(`FirstAccessSecret`, code) - logger.info("the access code is:"+code) - } else if(codes.length === 1 && codes[0] === false){ - const firstCode = await Storage.getItem("FirstAccessSecret") - logger.info("the access code is:"+firstCode) + logger.info('the access code is:' + code) + } else if (codes.length === 1 && codes[0] === false) { + const firstCode = await Storage.getItem('FirstAccessSecret') + logger.info('the access code is:' + firstCode) } } serverInstance.listen(serverPort, serverHost) diff --git a/utils/ECC/crypto.js b/utils/ECC/crypto.js index 2a734cb2..5fe5b56a 100644 --- a/utils/ECC/crypto.js +++ b/utils/ECC/crypto.js @@ -8,6 +8,7 @@ const FieldError = require("../fieldError") * @prop {Buffer} iv * @prop {Buffer} mac * @prop {Buffer} ephemPublicKey + * @prop {any?} metadata */ /** @@ -16,6 +17,7 @@ const FieldError = require("../fieldError") * @prop {string} iv * @prop {string} mac * @prop {string} ephemPublicKey + * @prop {any?} metadata */ const generateRandomString = (length = 16) => @@ -70,7 +72,8 @@ const convertToEncryptedMessageResponse = (encryptedMessage) => { ciphertext: convertBufferToBase64(encryptedMessage.ciphertext), iv: convertBufferToBase64(encryptedMessage.iv), mac: convertBufferToBase64(encryptedMessage.mac), - ephemPublicKey: convertBufferToBase64(encryptedMessage.ephemPublicKey) + ephemPublicKey: convertBufferToBase64(encryptedMessage.ephemPublicKey), + metadata: encryptedMessage.metadata }; } @@ -105,7 +108,8 @@ const convertToEncryptedMessage = (encryptedMessage) => { ciphertext: convertBase64ToBuffer(encryptedMessage.ciphertext), iv: convertBase64ToBuffer(encryptedMessage.iv), mac: convertBase64ToBuffer(encryptedMessage.mac), - ephemPublicKey: convertBase64ToBuffer(encryptedMessage.ephemPublicKey) + ephemPublicKey: convertBase64ToBuffer(encryptedMessage.ephemPublicKey), + metadata: encryptedMessage.metadata }; } throw new FieldError({ diff --git a/utils/ECC/index.js b/utils/ECC/index.js index 960067f5..37a2f13c 100644 --- a/utils/ECC/index.js +++ b/utils/ECC/index.js @@ -134,7 +134,11 @@ const encryptMessage = async ({ message = '', deviceId }) => { ciphertext: encryptedMessage.ciphertext, iv: encryptedMessage.iv, mac: encryptedMessage.mac, - ephemPublicKey: encryptedMessage.ephemPublicKey + ephemPublicKey: encryptedMessage.ephemPublicKey, + metadata: { + _deviceId: deviceId, + _publicKey: publicKey + } } return convertToEncryptedMessageResponse(encryptedMessageResponse) @@ -143,7 +147,7 @@ const encryptMessage = async ({ message = '', deviceId }) => { /** * Decrypts the specified message using the API keypair * associated with the specified deviceId - * @param {{ encryptedMessage: EncryptedMessage, deviceId: string }} arg0 + * @param {{ encryptedMessage: import('./crypto').EncryptedMessageResponse, deviceId: string }} arg0 */ const decryptMessage = async ({ encryptedMessage, deviceId }) => { const keyPair = nodeKeyPairs.get(deviceId)