address comments by @seaerchin and @mantariksh

opengovsg · May 7, 2021 · cbbe9ac · cbbe9ac
1 parent 4972663
commit cbbe9ac
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -86,6 +86,49 @@ app.post(
   }
 )
 
+// Example for submissions with attachments
+app.post(
+  '/submissions-attachment',
+  // Endpoint authentication by verifying signatures
+  function (req, res, next) {
+    try {
+      formsg.webhooks.authenticate(req.get('X-FormSG-Signature'), POST_URI)
+      // Continue processing the POST body
+      return next()
+    } catch (e) {
+      return res.status(401).send({ message: 'Unauthorized' })
+    }
+  },
+  // Parse JSON from raw request body
+  express.json(),
+  // Decrypt the submission and attachments
+  async function (req, res, next) {
+    // `req.body.data` is an object fulfilling the DecryptParams interface.
+    // interface DecryptParams {
+    //   encryptedContent: EncryptedContent
+    //   version: number
+    //   verifiedContent?: EncryptedContent
+    // }
+    /** @type {{content: DecryptedContent, attachments: DecryptedAttachments}} */
+    const submission = formsg.crypto.decryptWithAttachments(
+      formSecretKey,
+      // If `verifiedContent` is provided in `req.body.data`, the return object
+      // will include a verified key.
+      req.body.data
+    )
+
+    // If the decryption failed, submission will be `null`.
+    if (submission) {
+      // Continue processing the submission
+
+      // processSubmission(submission.content)
+      // processAttachments(submission.attachments)
+    } else {
+      // Could not decrypt the submission
+    }
+  }
+)
+
 app.listen(8080, () => console.log('Running on port 8080'))
 ```
 

diff --git a/spec/crypto.spec.ts b/spec/crypto.spec.ts
@@ -369,7 +369,6 @@ describe('Crypto', function () {
       attachmentDownloadUrls: { '6e771c946b3c5100240368e5': 'https://some.s3.url/some/encrypted/file' },
       version: INTERNAL_TEST_VERSION,
     })
-    mockAxios.mockResponse({ data: { encryptedFile: uploadedFile }})
     const decryptedContents = await decryptedFilesPromise
 
     // Assert

diff --git a/src/crypto.ts b/src/crypto.ts
@@ -220,32 +220,40 @@ export default class Crypto {
     if (decryptedContent === null) return null
 
     // Retrieve all original filenames for attachments for easy lookup
-    for (const i in decryptedContent.responses) {
-      const response = decryptedContent.responses[i]
+    decryptedContent.responses.forEach((response) => {
       if (response.fieldType === 'attachment' && response.answer) {
         filenames[response._id] = response.answer
       }
-    }
+    })
 
+    const downloadPromises : Array<Promise<void>> = []
     for (let fieldId in attachmentRecords) {
-      const downloadResponse = await axios.get(attachmentRecords[fieldId], { responseType: 'json' })
-      if (downloadResponse.status !== 200) return null
+      // Original name for the file is not found
+      if (filenames[fieldId] === undefined) return null
 
-      const encryptedAttachment: EncryptedAttachmentContent = downloadResponse.data
-      const encryptedFile: EncryptedFileContent = {
-        submissionPublicKey: encryptedAttachment.encryptedFile.submissionPublicKey,
-        nonce: encryptedAttachment.encryptedFile.nonce,
-        binary: decodeBase64(encryptedAttachment.encryptedFile.binary),
-      }
-      const decryptedFile = await this.decryptFile(formSecretKey, encryptedFile)
+      downloadPromises.push(
+        axios.get(attachmentRecords[fieldId], { responseType: 'json' })
+      .then((downloadResponse) => {
+        if (downloadResponse.status !== 200) throw new Error("Download failed")
 
-      // Decryption for a file failed
-      if (decryptedFile === null) return null
+        const encryptedAttachment: EncryptedAttachmentContent = downloadResponse.data
+        const encryptedFile: EncryptedFileContent = {
+          submissionPublicKey: encryptedAttachment.encryptedFile.submissionPublicKey,
+          nonce: encryptedAttachment.encryptedFile.nonce,
+          binary: decodeBase64(encryptedAttachment.encryptedFile.binary),
+        }
 
-      // Original name for the file is not found
-      if (filenames[fieldId] === undefined) return null
+        return this.decryptFile(formSecretKey, encryptedFile)
+      }).then((decryptedFile) => {
+        if (decryptedFile === null) throw new Error("Attachment decryption failed")
+        decryptedRecords[fieldId] = { filename: filenames[fieldId], content: decryptedFile }
+      }))
+    }
 
-      decryptedRecords[fieldId] = { filename: filenames[fieldId], content: decryptedFile }
+    try {
+      await Promise.all(downloadPromises)
+    } catch (e) {
+      return null
     }
 
     return {