Backwards-compatible encrypted token functionality (Fixes #88)

2020-07-17 15:59:20 +01:00 · 2020-07-17 15:59:20 +01:00 · ba2e0ef1f9
commit ba2e0ef1f9
parent 003232bde7
2 changed files with 38 additions and 32 deletions
--- a/src/routes.js
+++ b/src/routes.js
@ -257,8 +257,14 @@ module.exports = async (
      }

      const decryptedKey = Encryption.decryptKey({ deviceId, message: req.body.encryptionKey });
-      const decryptedMessage = Encryption.decryptMessage({ message: req.body.data, key: decryptedKey, iv: req.body.iv })
+      const decryptedMessage = Encryption.decryptMessage({ message: req.body.data, key: decryptedKey, iv: req.body.iv });
+      const decryptedToken = req.body.token ? Encryption.decryptMessage({ message: req.body.token, key: decryptedKey, iv: req.body.iv }) : null;
      req.body = JSON.parse(decryptedMessage);
+
+      if (decryptedToken) {
+        req.headers.authorization = decryptedToken;
+      }
+
      return next();
    } catch (err) {
      logger.error(err);
@ -270,6 +276,37 @@ module.exports = async (
    }
  })

+  app.use(async (req, res, next) => {
+    logger.info('Route:', req.path)
+    if (unprotectedRoutes[req.method][req.path]) {
+      next()
+    } else {
+      try {
+        const response = await auth.validateToken(
+          req.headers.authorization.replace('Bearer ', '')
+        )
+        if (response.valid) {
+          next()
+        } else {
+          res.status(401).json({
+            field: 'authorization',
+            errorMessage:
+              "The authorization token you've supplied is invalid"
+          })
+        }
+      } catch (err) {
+        logger.error(
+          !req.headers.authorization
+            ? 'Please add an Authorization header'
+            : err
+        )
+        res
+          .status(401)
+          .json({ field: 'authorization', errorMessage: 'Please log in' })
+      }
+    }
+  })
+
  app.use(async (req, res, next) => {
    try {
      logger.info("Route:", req.path)
--- a/src/server.js
+++ b/src/server.js
@ -163,37 +163,6 @@ const server = program => {

      app.use(compression())

-      app.use(async (req, res, next) => {
-        logger.info('Route:', req.path)
-        if (unprotectedRoutes[req.method][req.path]) {
-          next()
-        } else {
-          try {
-            const response = await auth.validateToken(
-              req.headers.authorization.replace('Bearer ', '')
-            )
-            if (response.valid) {
-              next()
-            } else {
-              res.status(401).json({
-                field: 'authorization',
-                errorMessage:
-                  "The authorization token you've supplied is invalid"
-              })
-            }
-          } catch (err) {
-            logger.error(
-              !req.headers.authorization
-                ? 'Please add an Authorization header'
-                : err
-            )
-            res
-              .status(401)
-              .json({ field: 'authorization', errorMessage: 'Please log in' })
-          }
-        }
-      })
-
      app.use((req, res, next) => {
        if (sensitiveRoutes[req.method][req.path]) {
          logger.info(