epic: Server rewrite #10
Conversation
…oading public keys from jwks.json.
… rewrites the code using factories to facilitate testing.
|
|
||
| const ciphertext = await encrypt(data.plaintext, data.keyName); | ||
|
|
||
| logRequestSuccess(Route.ENCRYPT, idToken); |
There was a problem hiding this comment.
Before, we were logging the responses, which could include ciphertext, plaintext, signatures... I don't think that should be the case, the same way we were not logging the ID token as-is. These 2 logger functions have been updated to only work in development for now.
| createUserHandlerFactory() as unknown as express.Handler, | ||
| ); | ||
|
|
||
| // TODO: Data from multer doesn't seem to be used at all, as that's coming from the JWT token: |
There was a problem hiding this comment.
Multer wasn't actually used as the files are sent inside the ID token, so until I make the change to send them separately and only include a hash within the token, I'm removing Multer's middleware.
| import { stringToBuffer } from "../../utils/arweave/arweaveUtils"; | ||
| import { OthentError, OthentErrorID } from "../../server/errors/errors.utils"; | ||
|
|
||
| export async function createBundleAndSign( |
There was a problem hiding this comment.
This doesn't seem to be used in the SDK as it just creates the bundle on the client and calls the /sign endpoint through the Signer, so this endpoint/function can probably be removed.
| ); | ||
| } | ||
|
|
||
| const lastNonce = await getLastNonce(idToken.sub); |
There was a problem hiding this comment.
There's a potential issue here if 2 operations are performed at the same time and they make it to the server out-of-order, as processing the last one first will invalidate the other one.
| try { | ||
| const [encryptResponse] = await kmsClient.encrypt({ | ||
| name, | ||
| plaintext: Buffer.from(plaintextData), |
There was a problem hiding this comment.
This would actually throw an error if someone sends binary data to encrypt or decrypt (instead of sending a plain string), as it would be stringified using JSON.stringify, so plaintextData = { 0: 23, 1: 65, 2: 67, 3: 23, ... }.
| process.env.signKeyVersion, | ||
| ); | ||
|
|
||
| const uint8Array = new Uint8Array(Object.values(data)); |
There was a problem hiding this comment.
This won't produce the expected result if someone sends non-binary data, as data would then be a plain string, so potentially we are doing something similar to new Uint8Array(['H', 'e', 'l', 'l', 'o']), which won't encode the string properly.
actions/add-user-metadata.js
Outdated
| @@ -0,0 +1,51 @@ | |||
| /** | |||
There was a problem hiding this comment.
We can probably deploy these automatically using the Management API. See https://auth0.com/docs/api/management/v2/actions/patch-action.
Danziger
changed the title
create-bundle-and-signendpoint as it was not used in the SDK anyway.keyNamein the input data and the new one that (always) includespathin the input data. The output has also changed, so now instead of always being consumed asresponse.data.dataon the frontend, it would beresponse.data.idTokenWithData,response.data.encryptedData,response.data.decryptedDataorresponse.data.signature.