-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add
/api/auth/revoke/key
endpoint
- Loading branch information
Showing
14 changed files
with
434 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
import express from 'express' | ||
import nano from 'nanocurrency' | ||
import { verify_nano_community_revoke_key_signature } from '#common' | ||
|
||
const router = express.Router() | ||
|
||
router.post('/key/?', async (req, res) => { | ||
const { logger, db } = req.app.locals | ||
try { | ||
const required = ['account', 'public_key', 'signature'] | ||
for (const prop of required) { | ||
if (!req.body[prop]) { | ||
return res.status(400).send({ error: `missing ${prop} param` }) | ||
} | ||
} | ||
|
||
const { account, public_key, signature } = req.body | ||
|
||
if (!nano.checkAddress(account)) { | ||
return res.status(401).send({ error: 'invalid account param' }) | ||
} | ||
|
||
if (!nano.checkKey(public_key)) { | ||
return res.status(401).send({ error: 'invalid public_key param' }) | ||
} | ||
|
||
if (!nano.checkSignature(signature)) { | ||
return res.status(401).send({ error: 'invalid signature' }) | ||
} | ||
|
||
const account_public_key = nano.derivePublicKey(account) | ||
const valid_signature = verify_nano_community_revoke_key_signature({ | ||
linked_public_key: public_key, | ||
nano_account: account, | ||
nano_account_public_key: account_public_key, | ||
signature | ||
}) | ||
if (!valid_signature) { | ||
return res.status(401).send({ error: 'invalid signature' }) | ||
} | ||
|
||
const linked_key = await db('account_keys') | ||
.where({ account, public_key }) | ||
.first() | ||
|
||
if (!linked_key) { | ||
return res | ||
.status(401) | ||
.send({ error: `key ${public_key} not linked to account ${account}` }) | ||
} | ||
|
||
if (linked_key.revoked_at) { | ||
return res | ||
.status(401) | ||
.send({ error: `key ${public_key} already revoked` }) | ||
} | ||
|
||
const revoked_at = Math.floor(Date.now() / 1000) | ||
await db('account_keys') | ||
.update({ revoked_at, revoke_signature: signature }) | ||
.where({ account, public_key }) | ||
|
||
res.status(200).send({ | ||
account, | ||
public_key, | ||
signature, | ||
created_at: linked_key.created_at, | ||
revoked_at | ||
}) | ||
} catch (error) { | ||
console.log(error) | ||
logger(error) | ||
res.status(500).send('Internal server error') | ||
} | ||
}) | ||
|
||
export default router |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
import ed25519 from '@trashman/ed25519-blake2b' | ||
|
||
export default function sign_nano_community_link_key({ | ||
linked_public_key, | ||
nano_account, | ||
nano_account_private_key, | ||
nano_account_public_key | ||
}) { | ||
if (!linked_public_key) { | ||
throw new Error('linked_public_key is required') | ||
} | ||
|
||
if (!nano_account) { | ||
throw new Error('nano_account is required') | ||
} | ||
|
||
if (!nano_account_private_key) { | ||
throw new Error('nano_account_private_key is required') | ||
} | ||
|
||
if (!nano_account_public_key) { | ||
throw new Error('nano_account_public_key is required') | ||
} | ||
|
||
const data = Buffer.from(['LINK', nano_account, linked_public_key]) | ||
|
||
const message_hash = ed25519.hash(data) | ||
|
||
return ed25519.sign( | ||
message_hash, | ||
nano_account_private_key, | ||
nano_account_public_key | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
import ed25519 from '@trashman/ed25519-blake2b' | ||
|
||
export default function sign_nano_community_revoke_key({ | ||
linked_public_key, | ||
nano_account, | ||
nano_account_private_key, | ||
nano_account_public_key | ||
}) { | ||
if (!linked_public_key) { | ||
throw new Error('linked_public_key is required') | ||
} | ||
|
||
if (!nano_account) { | ||
throw new Error('nano_account is required') | ||
} | ||
|
||
if (!nano_account_private_key) { | ||
throw new Error('nano_account_private_key is required') | ||
} | ||
|
||
if (!nano_account_public_key) { | ||
throw new Error('nano_account_public_key is required') | ||
} | ||
|
||
const data = Buffer.from(['REVOKE', nano_account, linked_public_key]) | ||
|
||
const message_hash = ed25519.hash(data) | ||
|
||
return ed25519.sign( | ||
message_hash, | ||
nano_account_private_key, | ||
nano_account_public_key | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
import ed25519 from '@trashman/ed25519-blake2b' | ||
|
||
export default function verify_nano_community_link_key_signature({ | ||
linked_public_key, | ||
nano_account, | ||
nano_account_public_key, | ||
signature | ||
}) { | ||
const data = Buffer.from(['LINK', nano_account, linked_public_key]) | ||
|
||
const message_hash = ed25519.hash(data) | ||
return ed25519.verify(signature, message_hash, nano_account_public_key) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
import ed25519 from '@trashman/ed25519-blake2b' | ||
|
||
export default function verify_nano_community_revoke_key_signature({ | ||
linked_public_key, | ||
nano_account, | ||
nano_account_public_key, | ||
signature | ||
}) { | ||
if (!linked_public_key) { | ||
throw new Error('linked_public_key is required') | ||
} | ||
|
||
if (!nano_account) { | ||
throw new Error('nano_account is required') | ||
} | ||
|
||
if (!nano_account_public_key) { | ||
throw new Error('nano_account_public_key is required') | ||
} | ||
|
||
if (!signature) { | ||
throw new Error('signature is required') | ||
} | ||
|
||
const data = Buffer.from(['REVOKE', nano_account, linked_public_key]) | ||
|
||
const message_hash = ed25519.hash(data) | ||
return ed25519.verify(signature, message_hash, nano_account_public_key) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.