@bee.js/node 0.0.96 → 0.0.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/beehive.js +56 -1
- package/lib/JWT/beeJWT.js +33 -6
- package/lib/WEB/route.js +5 -2
- package/package.json +2 -2
package/beehive.js
CHANGED
|
@@ -4,6 +4,7 @@ const beeORM = require("./lib/ORM/beeORM");
|
|
|
4
4
|
const beeDBA = require("./lib/DBA/beeDBA");
|
|
5
5
|
const beeJWT = require("./lib/JWT/beeJWT");
|
|
6
6
|
const beeTools = require("./tools/beeTools");
|
|
7
|
+
const crypto = require("crypto");
|
|
7
8
|
|
|
8
9
|
module.exports = function hive(req = {}, res = {}, model = null) {
|
|
9
10
|
model =
|
|
@@ -468,7 +469,28 @@ module.exports = function hive(req = {}, res = {}, model = null) {
|
|
|
468
469
|
},
|
|
469
470
|
|
|
470
471
|
response: function (sendData = data, action = null, status) {
|
|
471
|
-
|
|
472
|
+
let responseData = sendData;
|
|
473
|
+
let e2eeConfig = null;
|
|
474
|
+
|
|
475
|
+
if (
|
|
476
|
+
sendData &&
|
|
477
|
+
typeof sendData === "object" &&
|
|
478
|
+
!Array.isArray(sendData) &&
|
|
479
|
+
sendData.e2ee
|
|
480
|
+
) {
|
|
481
|
+
const hasDataOverride = Object.prototype.hasOwnProperty.call(
|
|
482
|
+
sendData,
|
|
483
|
+
"data"
|
|
484
|
+
);
|
|
485
|
+
const isConfigOnly = Object.keys(sendData).length === 1;
|
|
486
|
+
|
|
487
|
+
if (hasDataOverride || isConfigOnly) {
|
|
488
|
+
e2eeConfig = sendData.e2ee;
|
|
489
|
+
responseData = hasDataOverride ? sendData.data : data;
|
|
490
|
+
}
|
|
491
|
+
}
|
|
492
|
+
|
|
493
|
+
const out = { data: responseData, counters, action, error };
|
|
472
494
|
|
|
473
495
|
if (res.headersSent)
|
|
474
496
|
return console.error("ERROR beejs: headers already sent");
|
|
@@ -477,6 +499,39 @@ module.exports = function hive(req = {}, res = {}, model = null) {
|
|
|
477
499
|
|
|
478
500
|
if (global.configs.debug) out.debug = debug;
|
|
479
501
|
|
|
502
|
+
if (e2eeConfig) {
|
|
503
|
+
try {
|
|
504
|
+
const algorithm =
|
|
505
|
+
e2eeConfig.algorithm || e2eeConfig.alghoritimo || "aes-256-gcm";
|
|
506
|
+
const key =
|
|
507
|
+
typeof e2eeConfig.key === "string" ? e2eeConfig.key : "";
|
|
508
|
+
|
|
509
|
+
if (key) {
|
|
510
|
+
const iv = crypto.randomBytes(12);
|
|
511
|
+
const hashKey =
|
|
512
|
+
/^[a-f0-9]{64}$/i.test(key)
|
|
513
|
+
? Buffer.from(key, "hex")
|
|
514
|
+
: crypto.createHash("sha256").update(key).digest();
|
|
515
|
+
const cipher = crypto.createCipheriv(algorithm, hashKey, iv);
|
|
516
|
+
const jsonData = JSON.stringify(out.data ?? null);
|
|
517
|
+
const encryptedBuffer = Buffer.concat([
|
|
518
|
+
cipher.update(jsonData, "utf8"),
|
|
519
|
+
cipher.final(),
|
|
520
|
+
]);
|
|
521
|
+
const tag = cipher.getAuthTag();
|
|
522
|
+
out.data = {
|
|
523
|
+
e2ee: {
|
|
524
|
+
encrypted: encryptedBuffer.toString("base64"),
|
|
525
|
+
iv: iv.toString("base64"),
|
|
526
|
+
tag: tag.toString("base64"),
|
|
527
|
+
},
|
|
528
|
+
};
|
|
529
|
+
}
|
|
530
|
+
} catch (e) {
|
|
531
|
+
console.error("ERROR beejs: e2ee encryption failed", e);
|
|
532
|
+
}
|
|
533
|
+
}
|
|
534
|
+
|
|
480
535
|
if (status) res.status(status).send(out);
|
|
481
536
|
else
|
|
482
537
|
switch (req.method) {
|
package/lib/JWT/beeJWT.js
CHANGED
|
@@ -2,7 +2,7 @@ const CryptoJS = require("crypto-js");
|
|
|
2
2
|
const log = require("../beeHive/log");
|
|
3
3
|
|
|
4
4
|
function base64url(source) {
|
|
5
|
-
encodedSource = CryptoJS.enc.Base64.stringify(source);
|
|
5
|
+
let encodedSource = CryptoJS.enc.Base64.stringify(source);
|
|
6
6
|
encodedSource = encodedSource.replace(/=+$/, "");
|
|
7
7
|
encodedSource = encodedSource.replace(/\+/g, "-");
|
|
8
8
|
encodedSource = encodedSource.replace(/\//g, "_");
|
|
@@ -10,7 +10,17 @@ function base64url(source) {
|
|
|
10
10
|
return encodedSource;
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
function base64urlDecode(input = "") {
|
|
14
|
+
if (!input) return "";
|
|
15
|
+
|
|
16
|
+
let normalized = input.replace(/-/g, "+").replace(/_/g, "/");
|
|
17
|
+
const pad = normalized.length % 4;
|
|
18
|
+
if (pad) normalized += "=".repeat(4 - pad);
|
|
19
|
+
|
|
20
|
+
return Buffer.from(normalized, "base64").toString("utf8");
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
module.exports = function token(_payload = null, header = {}, options = {}) {
|
|
14
24
|
if (_payload) {
|
|
15
25
|
let { jwt, ...payload } = _payload;
|
|
16
26
|
|
|
@@ -19,7 +29,10 @@ module.exports = function token(_payload = null, header = {}) {
|
|
|
19
29
|
|
|
20
30
|
let secret = global.configs.jwt.secret;
|
|
21
31
|
let iat = new Date().getTime();
|
|
22
|
-
|
|
32
|
+
// options.expires is in minutes (default: 1 minute)
|
|
33
|
+
const expiresInMinutes =
|
|
34
|
+
typeof options.expires === "number" ? options.expires : 1;
|
|
35
|
+
let exp = new Date().getTime() + expiresInMinutes * 60 * 1000;
|
|
23
36
|
|
|
24
37
|
header = {
|
|
25
38
|
...header,
|
|
@@ -55,7 +68,9 @@ module.exports = function token(_payload = null, header = {}) {
|
|
|
55
68
|
...this,
|
|
56
69
|
verify: function (token) {
|
|
57
70
|
const secret = global.configs.jwt.secret;
|
|
71
|
+
if (!token || typeof token !== "string") return false;
|
|
58
72
|
const array = token.split(".");
|
|
73
|
+
if (array.length !== 3) return false;
|
|
59
74
|
const header = array[0];
|
|
60
75
|
const payload = array[1];
|
|
61
76
|
|
|
@@ -63,9 +78,21 @@ module.exports = function token(_payload = null, header = {}) {
|
|
|
63
78
|
CryptoJS.HmacSHA256(`${header}.${payload}`, secret)
|
|
64
79
|
);
|
|
65
80
|
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
81
|
+
if (token !== `${header}.${payload}.${signature}`) return false;
|
|
82
|
+
|
|
83
|
+
let payloadDecoded = base64urlDecode(payload);
|
|
84
|
+
let payloadJson;
|
|
85
|
+
try {
|
|
86
|
+
payloadJson = JSON.parse(payloadDecoded);
|
|
87
|
+
} catch (error) {
|
|
88
|
+
return false;
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
if (payloadJson?.exp && new Date().getTime() > payloadJson.exp) {
|
|
92
|
+
return { error: { message: "TOKEN_EXPIRED", status: 401 } };
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
return payloadDecoded;
|
|
69
96
|
},
|
|
70
97
|
};
|
|
71
98
|
};
|
package/lib/WEB/route.js
CHANGED
|
@@ -16,7 +16,10 @@ module.exports = async function(req, res, next, ignoreMiddlewares = false) {
|
|
|
16
16
|
log(`Token verify: ${token}`)
|
|
17
17
|
|
|
18
18
|
token = beeJWT().verify(token)
|
|
19
|
-
|
|
19
|
+
|
|
20
|
+
if (token?.error?.message === "TOKEN_EXPIRED")
|
|
21
|
+
return res.status(token.error.status || 401).send({data: null, error: {message: 'TOKEN_EXPIRED'}, action: 'TOKEN_EXPIRED'})
|
|
22
|
+
|
|
20
23
|
if(!token)
|
|
21
24
|
return res.status(validSession.errorCode || 401).send({data: null, error: {message: validSession.error || 'NOT_AUTHENTICATED'}, action: validSession.failAction || 'NOT_AUTHENTICATED'})
|
|
22
25
|
|
|
@@ -25,4 +28,4 @@ module.exports = async function(req, res, next, ignoreMiddlewares = false) {
|
|
|
25
28
|
}
|
|
26
29
|
|
|
27
30
|
next()
|
|
28
|
-
}
|
|
31
|
+
}
|
package/package.json
CHANGED