start implementing asset-api and m2m comms with identity-api

This commit is contained in:
Sofía Aritz 2024-06-16 12:18:19 +02:00
parent 859844bcf4
commit e566b16ea6
Signed by: sofia
GPG key ID: 90B5116E3542B28F
3 changed files with 161 additions and 3 deletions

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.keys/
.assets/

View file

@ -1,13 +1,68 @@
import { readFileSync } from "node:fs"
import { createSign } from "node:crypto";
import Fastify from "fastify"; import Fastify from "fastify";
const { private: M2M_PRIVATE_KEY, public: M2M_PUBLIC_KEY } = loadM2MKeys()
const M2M_ALGORITHM = "RSA-SHA512"
const ASSETS_FOLDER = "~/.assets/"
const ASSET_API_LANDING_MESSAGE = "asset-api v1.0.0" const ASSET_API_LANDING_MESSAGE = "asset-api v1.0.0"
const IDENTITY_API_ENDPOINT = "http://localhost:3000"
const fastify = new Fastify({ const fastify = new Fastify({
logger: true, logger: true,
}) })
fastify.get("/", async (request, reply) => { fastify.get("/", async (request, reply) => {
return ASSET_API_LANDING_MESSAGE return signString(ASSET_API_LANDING_MESSAGE)
})
fastify.get("/crypto/cert", async (request, reply) => {
return M2M_PUBLIC_KEY
})
fastify.get("/crypto/algo", (request, reply) => {
return M2M_ALGORITHM
})
fastify.get("/asset", {
async handler(request, reply) {
let url = new URL(IDENTITY_API_ENDPOINT)
url.pathname = "/auth/account/fromkey"
let res = await fetch(url, {
method: "POST",
body: signString(JSON.stringify({
session_key: request.query.session_key,
}))
})
return await res.text()
},
schema: {
query: {
type: "object",
properties: {
id: { type: "string" },
session_key: { type: "string" },
},
required: ["id", "session_key"],
},
},
}) })
fastify.listen({ port: 3001 }) fastify.listen({ port: 3001 })
function loadM2MKeys() {
return {
private: readFileSync("../.keys/m2m-dev.pem").toString("ascii"),
public: readFileSync("../.keys/m2m-dev.pub").toString("ascii"),
}
}
function signString(content) {
let sign = createSign(M2M_ALGORITHM)
sign.update(content)
return `-----BEGIN SIGNED MESSAGE-----\n\n${content}\n\n-----BEGIN SIGNATURE-----\n\n${sign.sign(M2M_PRIVATE_KEY, "base64")}\n-----END SIGNATURE-----`
}

View file

@ -1,6 +1,8 @@
import { createVerify } from "node:crypto"
import Fastify from 'fastify'; import Fastify from 'fastify';
import * as Jose from 'jose'; import * as Jose from 'jose';
import { v4 as uuidv4 } from 'uuid' import { v4 as uuidv4 } from 'uuid'
import assert from "node:assert";
const IDENTITY_API_LANDING_MESSAGE = 'identity-api v1.0.0'; const IDENTITY_API_LANDING_MESSAGE = 'identity-api v1.0.0';
const JWT_SECRET = new TextEncoder().encode( const JWT_SECRET = new TextEncoder().encode(
@ -8,6 +10,15 @@ const JWT_SECRET = new TextEncoder().encode(
) )
const JWT_ALG = 'HS256' const JWT_ALG = 'HS256'
const ASSET_API_ENDPOINT = "http://localhost:3001/"
const ASSET_API_PUBKEY = await loadAssetPubkey()
const ASSET_API_ALGORITHM = await loadAssetAlgo()
let session_keys = {
'uid:005d6417-a23c-48bd-b348-eafeae649b94': 'e381ba8c-e18a-4bca-afce-b212b37bc26b',
'key:e381ba8c-e18a-4bca-afce-b212b37bc26b': '005d6417-a23c-48bd-b348-eafeae649b94'
};
let users = { let users = {
'jane@identity.net': { 'jane@identity.net': {
uid: '005d6417-a23c-48bd-b348-eafeae649b94', uid: '005d6417-a23c-48bd-b348-eafeae649b94',
@ -24,6 +35,47 @@ fastify.get('/', async (request, reply) => {
return IDENTITY_API_LANDING_MESSAGE; return IDENTITY_API_LANDING_MESSAGE;
}) })
fastify.post("/auth/account/fromkey", {
async handler(request, reply) {
if (!verifySignature(request.body, ASSET_API_PUBKEY)) {
reply.statusCode(401)
}
let body = JSON.parse(getContentFromSigned(request.body))
let uid = session_keys[`key:${body.session_key}`]
let user = Object.values(users).filter(v => v.uid === uid)
assert(user.length === 1)
user[0].password = undefined
return user[0]
}
})
fastify.get('/auth/genkey', {
async handler(request, reply) {
let jwt = request.headers['authorization'].replace('Bearer', '').trim()
let { payload } = await Jose.jwtVerify(jwt, JWT_SECRET)
let key = uuidv4()
session_keys[`uid:${payload.uid}`] = key
session_keys[`key:${key}`] = payload.uid
return {
session_key: session_keys[payload.uid]
}
},
schema: {
headers: {
type: 'object',
properties: {
authorization: { type: 'string' },
},
},
},
})
fastify.get('/auth/account', { fastify.get('/auth/account', {
async handler(request, reply) { async handler(request, reply) {
let jwt = request.headers['authorization'].replace('Bearer', '').trim() let jwt = request.headers['authorization'].replace('Bearer', '').trim()
@ -119,3 +171,52 @@ fastify.post('/auth/register', {
}) })
fastify.listen({ port: 3000 }) fastify.listen({ port: 3000 })
async function loadAssetPubkey() {
let url = new URL(ASSET_API_ENDPOINT)
url.pathname = "/crypto/cert"
let res = await fetch(url)
return await res.text()
}
async function loadAssetAlgo() {
let url = new URL(ASSET_API_ENDPOINT)
url.pathname = "/crypto/algo"
let res = await fetch(url)
return await res.text()
}
/**
*
* @param {string} content
* @param {string} pubkeyText
*/
function verifySignature(content, pubkeyText) {
let parts = content
.replace("-----BEGIN SIGNED MESSAGE-----\n\n", "")
.replace("\n-----END SIGNATURE-----", "")
.split("\n\n-----BEGIN SIGNATURE-----\n\n")
assert(parts.length === 2);
let verify = createVerify(ASSET_API_ALGORITHM)
verify.update(parts[0])
let pubkey = Buffer.from(pubkeyText, "ascii")
let digest = Buffer.from(parts[1], "base64")
return verify.verify(pubkey, digest)
}
function getContentFromSigned(content) {
let parts = content
.replace("-----BEGIN SIGNED MESSAGE-----\n\n", "")
.replace("\n-----END SIGNATURE-----", "")
.split("\n\n-----BEGIN SIGNATURE-----\n\n")
assert(parts.length === 2);
return parts[0]
}