Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Su/log2 #1237

Merged
merged 2 commits into from
Jul 30, 2024
Merged

Su/log2 #1237

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
15eb3de
Log statements
ukstv Jul 23, 2024
cffdf15
log more
ukstv Jul 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 11 additions & 8 deletions src/auth/auth.middleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,9 @@ export function parseAllowedDIDs(dids: string | undefined): Set<string> {
}

export function auth(opts: AuthOpts): Handler {
console.log('opts.allowedDIDs.0', Array.from(opts.allowedDIDs))
const hasAllowedDIDsList = opts.allowedDIDs.size > 0
console.log('opts.allowedDIDs.hasAllowedDIDsList', hasAllowedDIDsList)

/**
* @dev If the request has a did header, it means we have already confirmed the did
Expand All @@ -53,17 +55,18 @@ export function auth(opts: AuthOpts): Handler {
* this app will still work if the logice above is not in place.
*/
return async function (req: Request, res: Response, next: NextFunction) {
const logger = opts.logger
// const logger = opts.logger

// Use auth lambda
const didFromHeader = req.header('did')
if (didFromHeader && req.body && Object.keys(req.body).length > 0) {
const digest = buildBodyDigest(req.header('Content-Type'), req.body)
if (req.header('digest') === digest) {
ServiceMetrics.count(METRIC_NAMES.AUTH_ALLOWED, 1, { did: didFromHeader })
console.log(`Allowed: Auth lambda: ${didFromHeader}`)
return next()
} else {
logger?.verbose(`Disallowed: Auth lambda: Invalid digest`)
console.log(`Disallowed: Auth lambda: Invalid digest`)
return disallow(res, DISALLOW_REASON.LAMBDA_INVALID_DIGEST)
}
}
Expand All @@ -74,31 +77,31 @@ export function auth(opts: AuthOpts): Handler {
const bearerTokenMatch = AUTH_BEARER_REGEXP.exec(authorizationHeader)
const jws = bearerTokenMatch?.[1]
if (!jws) {
logger?.verbose(`Disallowed: No authorization header`)
console.log(`Disallowed: No authorization header`)
return disallow(res, DISALLOW_REASON.DID_ALLOWLIST_NO_HEADER)
}
const verifyJWSResult = await VERIFIER.verifyJWS(jws)
const did = verifyJWSResult.didResolutionResult.didDocument?.id
if (!did) {
logger?.verbose(`Disallowed: No DID`)
console.log(`Disallowed: No DID`)
return disallow(res, DISALLOW_REASON.DID_ALLOWLIST_NO_DID)
}
const nonce = verifyJWSResult.payload?.['nonce']
const digest = verifyJWSResult.payload?.['digest']
if (!nonce || !digest) {
logger?.verbose(`Disallowed: No nonce or No digest`)
console.log(`Disallowed: No nonce or No digest`)
return disallow(res, DISALLOW_REASON.DID_ALLOWLIST_NO_FIELDS)
}
if (!isAllowedDID(did, opts)) {
logger?.verbose(`Disallowed: ${did}`)
console.log(`Disallowed: ${did}`)
return disallow(res, DISALLOW_REASON.DID_ALLOWLIST_REJECTED)
}

const body = req.body
const contentType = req.header('Content-Type')
const digestCalculated = buildBodyDigest(contentType, body)
if (digestCalculated !== digest) {
logger?.verbose(`Disallowed: Incorrect digest for DID ${did}`)
console.log(`Disallowed: Incorrect digest for DID ${did}`)
return disallow(res, DISALLOW_REASON.DID_ALLOWLIST_INVALID_DIGEST)
}
const relaxedLabel = opts.isRelaxed ? 1 : 0
Expand All @@ -115,7 +118,7 @@ function disallow(res: Response, reason: DISALLOW_REASON): Response {

function isAllowedDID(did: string, opts: AuthOpts): boolean {
if (opts.isRelaxed) {
opts.logger?.verbose(`Allowed: Relaxed: ${did}`)
console.log(`Allowed: Relaxed: ${did}`)
return true
} else {
return opts.allowedDIDs.has(did)
Expand Down
Loading