badmfck-api-server 4.0.74 → 4.0.75
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -35,7 +35,7 @@ class MicroserviceClient extends BaseService_1.BaseService {
|
|
|
35
35
|
}
|
|
36
36
|
async requestMicroserviceCall(req) {
|
|
37
37
|
const url = this.options.host + "/__ms_host_control/receiver";
|
|
38
|
-
const ts =
|
|
38
|
+
const ts = Date.now().toString();
|
|
39
39
|
const nonce = crypto_1.default.randomBytes(12).toString("hex");
|
|
40
40
|
const headers = {
|
|
41
41
|
"Content-Type": "application/json",
|
|
@@ -58,11 +58,9 @@ class MicroserviceClient extends BaseService_1.BaseService {
|
|
|
58
58
|
enc: encrypted.toString("base64")
|
|
59
59
|
}, { headers });
|
|
60
60
|
if (!resp.ok)
|
|
61
|
-
return { ...DefaultErrors_1.default.BAD_REQUEST, details: resp.details
|
|
61
|
+
return { ...DefaultErrors_1.default.BAD_REQUEST, details: resp.details };
|
|
62
62
|
const body = resp.data;
|
|
63
|
-
|
|
64
|
-
return body.error;
|
|
65
|
-
return body.data ?? null;
|
|
63
|
+
return (body && typeof body === "object" && "error" in body) ? body.error : (body.data ?? null);
|
|
66
64
|
}
|
|
67
65
|
}
|
|
68
66
|
exports.MicroserviceClient = MicroserviceClient;
|
|
@@ -27,11 +27,17 @@ class MicroserviceHost extends BaseService_1.BaseService {
|
|
|
27
27
|
const ts = req.headers["x-microservice-ts"];
|
|
28
28
|
if (!nonce || !ts)
|
|
29
29
|
return { ...DefaultErrors_1.default.BAD_REQUEST, details: "missing headers" };
|
|
30
|
-
const
|
|
31
|
-
|
|
30
|
+
const requestTime = parseInt(ts);
|
|
31
|
+
const now = Date.now();
|
|
32
|
+
if (isNaN(requestTime) || Math.abs(now - requestTime) > 1000 * 60 * 2) {
|
|
33
|
+
return { ...DefaultErrors_1.default.BAD_REQUEST, details: "timestamp out of range" };
|
|
34
|
+
}
|
|
35
|
+
const callKey = `${nonce}|${ts}`;
|
|
36
|
+
if (MicroserviceHost.#calls.has(callKey)) {
|
|
32
37
|
return { ...DefaultErrors_1.default.BAD_REQUEST, details: "replay attack detected" };
|
|
33
|
-
|
|
34
|
-
|
|
38
|
+
}
|
|
39
|
+
MicroserviceHost.#calls.add(callKey);
|
|
40
|
+
if (MicroserviceHost.#calls.size > 5000) {
|
|
35
41
|
const iterator = MicroserviceHost.#calls.values();
|
|
36
42
|
for (let i = 0; i < 100; i++) {
|
|
37
43
|
const val = iterator.next().value;
|
|
@@ -52,17 +58,13 @@ class MicroserviceHost extends BaseService_1.BaseService {
|
|
|
52
58
|
decipher.setAuthTag(tag);
|
|
53
59
|
const decrypted = Buffer.concat([decipher.update(enc), decipher.final()]);
|
|
54
60
|
const request = JSON.parse(decrypted.toString("utf8"));
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
const reqCall = this.options.requests.find(r => r.name === request.requestName);
|
|
59
|
-
if (!reqCall) {
|
|
60
|
-
return { ...DefaultErrors_1.default.BAD_REQUEST, details: "request not found: " + request.requestName };
|
|
61
|
-
}
|
|
61
|
+
const reqCall = this.options.requests.find(r => r.name === request?.requestName);
|
|
62
|
+
if (!reqCall)
|
|
63
|
+
return { ...DefaultErrors_1.default.BAD_REQUEST, details: "method not found" };
|
|
62
64
|
return await reqCall.request(request.requestData);
|
|
63
65
|
}
|
|
64
66
|
catch (e) {
|
|
65
|
-
return { ...DefaultErrors_1.default.BAD_REQUEST, details: "decryption
|
|
67
|
+
return { ...DefaultErrors_1.default.BAD_REQUEST, details: "decryption error" };
|
|
66
68
|
}
|
|
67
69
|
}
|
|
68
70
|
}
|