diff --git a/asset-api/index.js b/asset-api/index.js index 6860c5b..9624991 100644 --- a/asset-api/index.js +++ b/asset-api/index.js @@ -1,11 +1,19 @@ -import { readFileSync } from "node:fs" +import { readFile } from "node:fs/promises" +import { readFileSync } from "node:fs"; import { createSign } from "node:crypto"; import Fastify from "fastify"; +import { join } from "node:path"; +import mime from "mime" +import { assert } from "node:console"; -const { private: M2M_PRIVATE_KEY, public: M2M_PUBLIC_KEY } = loadM2MKeys() const M2M_ALGORITHM = "RSA-SHA512" +const { private: M2M_PRIVATE_KEY, public: M2M_PUBLIC_KEY } = loadM2MKeys() +if (M2M_PRIVATE_KEY == null || M2M_PUBLIC_KEY == null) { + console.error("Couldn't load keys") + process.exit(1) +} -const ASSETS_FOLDER = "~/.assets/" +const ASSETS_FOLDER = "../.assets/" const ASSET_API_LANDING_MESSAGE = "asset-api v1.0.0" const IDENTITY_API_ENDPOINT = "http://localhost:3000" @@ -26,28 +34,45 @@ fastify.get("/crypto/algo", (request, reply) => { return M2M_ALGORITHM }) -fastify.get("/asset", { +fastify.put("/asset", { async handler(request, reply) { - let url = new URL(IDENTITY_API_ENDPOINT) - url.pathname = "/auth/account/fromkey" + let user = await userFromSessionKey(request.query.session_key) - let res = await fetch(url, { - method: "POST", - body: signString(JSON.stringify({ - session_key: request.query.session_key, - })) - }) - - return await res.text() + // continue working onmthis + console.log(typeof request.body) }, schema: { query: { type: "object", properties: { - id: { type: "string" }, session_key: { type: "string" }, }, - required: ["id", "session_key"], + required: ["session_key"], + }, + }, +}) + +fastify.get("/asset", { + async handler(request, reply) { + let user = await userFromSessionKey(request.query.session_key) + + if (user.assets.includes(request.query.asset_id)) { + let path = join(ASSETS_FOLDER, request.query.asset_id) + + reply.type(mime.getType(path)) + reply.send(await readFile(path)) + } else { + return "Not authorized" + } + }, + schema: { + query: { + type: "object", + properties: { + asset_id: { type: "string" }, + session_key: { type: "string" }, + }, + required: ["asset_id", "session_key"], }, }, }) @@ -65,4 +90,22 @@ function signString(content) { let sign = createSign(M2M_ALGORITHM) sign.update(content) return `-----BEGIN SIGNED MESSAGE-----\n\n${content}\n\n-----BEGIN SIGNATURE-----\n\n${sign.sign(M2M_PRIVATE_KEY, "base64")}\n-----END SIGNATURE-----` +} + +function signObject(content) { + return signString(JSON.stringify(content)) +} + +async function userFromSessionKey(session_key) { + let url = new URL(IDENTITY_API_ENDPOINT) + url.pathname = "/m2m/account" + + let res1 = await fetch(url, { + method: "POST", + body: signObject({ + session_key: request.query.session_key, + }) + }) + + return await res1.json() } \ No newline at end of file diff --git a/asset-api/package.json b/asset-api/package.json index f2046c9..0f5ff59 100644 --- a/asset-api/package.json +++ b/asset-api/package.json @@ -5,6 +5,7 @@ "packageManager": "yarn@4.3.0", "dependencies": { "fastify": "^4.28.0", + "mime": "^4.0.3", "uuid": "^10.0.0" }, "scripts": { diff --git a/asset-api/yarn.lock b/asset-api/yarn.lock index 70d14d5..c52c71b 100644 --- a/asset-api/yarn.lock +++ b/asset-api/yarn.lock @@ -102,6 +102,7 @@ __metadata: resolution: "asset-api@workspace:." dependencies: fastify: "npm:^4.28.0" + mime: "npm:^4.0.3" uuid: "npm:^10.0.0" languageName: unknown linkType: soft @@ -312,6 +313,15 @@ __metadata: languageName: node linkType: hard +"mime@npm:^4.0.3": + version: 4.0.3 + resolution: "mime@npm:4.0.3" + bin: + mime: bin/cli.js + checksum: 10c0/4be1d06813a581eb9634748919eadab9785857dcfe2af4acca8e4bc340b4b74ff7452c7d3cd76169d0f6b77d7f1ab3434bde8a72ca4291fd150b4205c756c36b + languageName: node + linkType: hard + "on-exit-leak-free@npm:^2.1.0": version: 2.1.2 resolution: "on-exit-leak-free@npm:2.1.2" diff --git a/identity-api/index.js b/identity-api/index.js index 49870c2..febc679 100644 --- a/identity-api/index.js +++ b/identity-api/index.js @@ -24,6 +24,7 @@ let users = { uid: '005d6417-a23c-48bd-b348-eafeae649b94', password: '12345678901234567890', name: 'Jane Doe', + assets: ["f9d040d6-598c-4483-952f-08e7d35d5420.jpg"], } } @@ -35,10 +36,28 @@ fastify.get('/', async (request, reply) => { return IDENTITY_API_LANDING_MESSAGE; }) -fastify.post("/auth/account/fromkey", { +fastify.put("/m2m/asset", { async handler(request, reply) { if (!verifySignature(request.body, ASSET_API_PUBKEY)) { reply.statusCode(401) + return + } + + let body = JSON.parse(getContentFromSigned(request.body)) + + let uid = session_keys[`key:${body.session_key}`] + let user = Object.values(users).filter(v => v.uid === uid) + assert(user.length === 1) + + users[user[0].email].assets.push(body.asset_id) + } +}) + +fastify.post("/m2m/account", { + async handler(request, reply) { + if (!verifySignature(request.body, ASSET_API_PUBKEY)) { + reply.statusCode(401) + return } let body = JSON.parse(getContentFromSigned(request.body)) @@ -137,6 +156,7 @@ fastify.post('/auth/register', { uid: uuidv4(), password: request.body.password, name: request.body.name, + assets: [], } let user = users[request.body.email]