aiolabs/lightning-pub
2
0
Fork 0
Code Issues 9 Pull requests 4 Projects Releases Packages Wiki Activity Actions

Trusted keys functionality completed

Browse source
This commit is contained in:
emad-salah 2020-08-09 00:15:57 +01:00
parent 1821988184
commit bff9739e19
1 changed files with 72 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

94
src/routes.js
View file

@ -5,6 +5,7 @@
const Axios = require('axios') const Axios = require('axios')
const Crypto = require('crypto') const Crypto = require('crypto')
const Storage = require('node-persist')
const logger = require('winston') const logger = require('winston')
const httpsAgent = require('https') const httpsAgent = require('https')
const responseTime = require('response-time') const responseTime = require('response-time')
@ -100,7 +101,7 @@ module.exports = async (
success: true success: true
}) })
}) })
}) })
const checkHealth = async () => { const checkHealth = async () => {
logger.info('Getting service status...') logger.info('Getting service status...')
@ -203,7 +204,7 @@ module.exports = async (
message: sanitizeLNDError(err.message) message: sanitizeLNDError(err.message)
}) })
} }
}) })
// Hack to check whether or not a wallet exists // Hack to check whether or not a wallet exists
const walletExists = async () => { const walletExists = async () => {
@ -264,27 +265,30 @@ module.exports = async (
logger.error('Unknown Device') logger.error('Unknown Device')
return res.status(401).json(error) return res.status(401).json(error)
} }
if (!req.body.encryptionKey && !req.body.iv && !req.headers["x-shock-encryption-token"]){ if (
!req.body.encryptionKey &&
!req.body.iv &&
!req.headers['x-shock-encryption-token']
) {
return next() return next()
} }
let encryptedToken,encryptedKey,IV,data
if(req.method === 'GET' || req.method === 'DELETE'){ const { data } = req.body
if(req.headers["x-shock-encryption-token"]){ let IV = req.body.iv
encryptedToken = req.headers["x-shock-encryption-token"] let encryptedKey = req.body.encryptionKey
encryptedKey =req.headers["x-shock-encryption-key"] let encryptedToken = req.body.token
IV =req.headers["x-shock-encryption-iv"] if (req.method === 'GET' || req.method === 'DELETE') {
if (req.headers['x-shock-encryption-token']) {
encryptedToken = req.headers['x-shock-encryption-token']
encryptedKey = req.headers['x-shock-encryption-key']
IV = req.headers['x-shock-encryption-iv']
} }
} else {
encryptedToken = req.body.token
encryptedKey = req.body.encryptionKey
IV = req.body.iv
data = req.body.data
} }
const decryptedKey = Encryption.decryptKey({ const decryptedKey = Encryption.decryptKey({
deviceId, deviceId,
message: encryptedKey message: encryptedKey
}) })
if(data){ if (data) {
const decryptedMessage = Encryption.decryptMessage({ const decryptedMessage = Encryption.decryptMessage({
message: data, message: data,
key: decryptedKey, key: decryptedKey,
@ -292,7 +296,7 @@ module.exports = async (
}) })
req.body = JSON.parse(decryptedMessage) req.body = JSON.parse(decryptedMessage)
} }
const decryptedToken = encryptedToken const decryptedToken = encryptedToken
? Encryption.decryptMessage({ ? Encryption.decryptMessage({
message: encryptedToken, message: encryptedToken,
@ -300,7 +304,6 @@ module.exports = async (
iv: IV iv: IV
}) })
: null : null
if (decryptedToken) { if (decryptedToken) {
req.headers.authorization = decryptedToken req.headers.authorization = decryptedToken
@ -470,6 +473,15 @@ module.exports = async (
} }
}) })
const validateToken = async token => {
try {
const tokenValid = await auth.validateToken(token)
return tokenValid
} catch (err) {
return err
}
}
app.post('/api/lnd/auth', async (req, res) => { app.post('/api/lnd/auth', async (req, res) => {
try { try {
const health = await checkHealth() const health = await checkHealth()
@ -486,12 +498,44 @@ module.exports = async (
} }
const publicKey = await GunDB.authenticate(alias, password) const publicKey = await GunDB.authenticate(alias, password)
if (
walletInitialized && if (!publicKey) {
health.LNDStatus.walletStatus === 'locked' && res.status(400).json({
publicKey field: 'alias',
) { errorMessage: 'Invalid alias/password combination',
success: false
})
return false
}
const trustedKeys = await Storage.get('trustedPKs')
const [isKeyTrusted] = trustedKeys.filter(
trustedKey => trustedKey === publicKey
)
const walletUnlocked = health.LNDStatus.walletStatus === 'unlocked'
if (!walletUnlocked) {
await unlockWallet(password) await unlockWallet(password)
if (!isKeyTrusted) {
await Storage.set('trustedPKs', [...trustedKeys, publicKey])
}
}
if (walletUnlocked && !isKeyTrusted) {
const { authorization = '' } = req.headers
const validatedToken = await validateToken(
authorization.replace('Bearer ', '')
)
if (!validatedToken) {
res.status(403).json({
field: 'alias',
errorMessage: 'Invalid alias/password combination',
success: false
})
return
}
} }
// Send an event to update lightning's status // Send an event to update lightning's status
@ -651,6 +695,12 @@ module.exports = async (
GunDB.mySEA GunDB.mySEA
) )
const trustedPKs = await Storage.get('trustedPKs')
await Storage.setItem('trustedPKs', [
...(trustedPKs || []),
publicKey
])
walletUnlocker.initWallet( walletUnlocker.initWallet(
walletArgs, walletArgs,
async (initWalletErr, initWalletResponse) => { async (initWalletErr, initWalletResponse) => {