diff --git a/config.json b/config.json index e7d9b272..4913d1f9 100644 --- a/config.json +++ b/config.json @@ -17,6 +17,14 @@ "appId": "test_app_id2" } }, + "jwt": { + "jwtAlgorithm": "HS256", + "jwt-expiry": 60, + "st-67890":{ + "jwtAlgorithm": "HS512", + "jwt-expiry": 60 + } + }, "redis": { "options": { "host": "localhost", diff --git a/lib/app/middlewares/APIKeyMiddleware/index.js b/lib/app/middlewares/APIKeyMiddleware/index.js index 77328d3c..a4fe3d6d 100644 --- a/lib/app/middlewares/APIKeyMiddleware/index.js +++ b/lib/app/middlewares/APIKeyMiddleware/index.js @@ -7,6 +7,7 @@ var jwt = require("jwt-simple"); var config = require('../../../../config'); var apiPrefix = config.app.apiPrefix; var credentials = config.credentials; +var jwtProps = config.jwt; function APIKeyMiddleware() { var botIdregex = /(?st-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-5[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})/; @@ -17,6 +18,7 @@ function APIKeyMiddleware() { var botId = url.match(botIdregex).groups.botId; var cred = credentials[botId]?credentials[botId]:credentials; + var jwtAlg = (jwtProps[botId] ? jwtProps[botId].jwtAlgorithm : jwtProps.jwtAlgorithm) || "HS256" ; //Adding HS256 as default algorithm if config is not set. if(_.has(header, 'apikey')){//DEPRECATED::SOON TO BE REMOVED if(header.apikey===cred.apikey) @@ -25,7 +27,7 @@ function APIKeyMiddleware() { if(_.has(header, 'token')){ var appId; try { - appId = jwt.decode(header.token, cred.apikey).appId; + appId = jwt.decode(header.token, cred.apikey, false, jwtAlg).appId; } catch(e){ console.info("invalid jwt token"); } diff --git a/lib/sdk/lib/invokePlatformAPIs.js b/lib/sdk/lib/invokePlatformAPIs.js index 188b6e6e..6d132455 100644 --- a/lib/sdk/lib/invokePlatformAPIs.js +++ b/lib/sdk/lib/invokePlatformAPIs.js @@ -5,7 +5,9 @@ var config = require("../../../config"); var { get, extend, has, isEmpty, set, clone } = require('lodash'); function getSignedJWTToken(botId) { - var appId, apiKey; + var appId, apiKey, jwtAlgorithm, jwtExpiry; + var defAlg = "HS256"; + if (config.credentials[botId]) { appId = config.credentials[botId].appId; apiKey = config.credentials[botId].apikey; @@ -13,10 +15,19 @@ function getSignedJWTToken(botId) { appId = config.credentials.appId; apiKey = config.credentials.apikey; } + + if (config.jwt[botId]) { + jwtAlgorithm = config.jwt[botId].jwtAlgorithm; + jwtExpiry = config.jwt[botId].jwtExpiry; + } else { + jwtAlgorithm = config.jwt.jwtAlgorithm; + jwtExpiry = config.jwt.jwtExpiry; + } + return jwt.encode({ appId: appId, - exp: Date.now()/1000 + (config.jwt_expiry || 60) //set the default expiry as 60 seconds - }, apiKey); + exp: Date.now()/1000 + (jwtExpiry || 60) //set the default expiry as 60 seconds + }, apiKey, (jwtAlgorithm || defAlg)); } function makeRequest(url, method, body, opts) { @@ -30,6 +41,7 @@ function makeRequest(url, method, body, opts) { opts = opts || {}; headers = opts.headers || {}; headers['content-type'] = 'application/json'; + headers.auth = getSignedJWTToken(botId); extend(headers, clone(get(config, 'headers', {})));