Encrypt response for /secrets/

cpoppema · Mar 2, 2016 · 16b5764 · 16b5764
1 parent 945cc73
commit 16b5764
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 21 deletions.
diff --git a/auth-middleware.js b/auth-middleware.js
@@ -1,31 +1,46 @@
 'use strict'
 
+/**
+ * NPM modules.
+ */
+var openpgp = require('openpgp')
+
+
 module.exports = function AuthenticationMiddleware() {
   return function handle(req, res, next) {
-    // read keyId from body
-    var longKeyId = req.body.keyId
-    if (typeof longKeyId === typeof void 0) {
-      var e = new Error('Please provide a keyId.')
+    // read publicKey from body
+    var publicKey = req.body.publicKey
+    if (typeof publicKey === typeof void 0) {
+      var e = new Error('Please provide a publicKey.')
       e.status = 400
       next(e)
     } else {
-      // let the store validate
-      var store = require('./store')
-      try {
-        store.validateKey(longKeyId, function validated(isAuthenticated) {
-          if (!isAuthenticated) {
-            var e = new Error('Invalid keyId.')
-            e.status = 401
-            next(e)
-          } else {
-            // continue
-            next()
-          }
-        })
-      } catch (e) {
-        // error raised in the store
-        if (!e.status) e.status = 500
+      var publicKey = openpgp.key.readArmored(publicKey).keys[0]
+      if (typeof publicKey === typeof void 0) {
+        var e = new Error('Invalid publicKey.')
+        e.status = 401
         next(e)
+      } else {
+        // let the store validate
+        var store = require('./store')
+        try {
+          var longKeyId = publicKey.primaryKey.getKeyId().toHex().toUpperCase()
+
+          store.validateKey(longKeyId, function validated(isAuthenticated) {
+            if (!isAuthenticated) {
+              var e = new Error('Invalid publicKey.')
+              e.status = 401
+              next(e)
+            } else {
+              // continue
+              next()
+            }
+          })
+        } catch (e) {
+          // error raised in the store
+          if (!e.status) e.status = 500
+          next(e)
+        }
       }
     }
   }

diff --git a/package.json b/package.json
@@ -14,6 +14,7 @@
     "connect-route": "^0.1.5",
     "crc": "^3.4.0",
     "line-reader": "^0.3.0",
+    "openpgp": "^2.1.0",
     "unorm": "^1.4.1",
     "walk": "^2.3.9"
   },

diff --git a/views.js b/views.js
@@ -1,5 +1,10 @@
 'use strict'
 
+/**
+ * NPM modules.
+ */
+var openpgp = require('openpgp')
+
 /**
  * Local modules.
  */
@@ -11,7 +16,19 @@ module.exports = function routes(router) {
 
     store.getList(function getList(secrets) {
       res.writeHead(200, {'Content-Type': 'application/json'})
-      res.end(JSON.stringify({response: secrets}, null, 2))
+
+      var data = JSON.stringify(secrets)
+      var publicKey = req.body.publicKey
+
+      openpgp.encrypt(
+        { data: data
+          , publicKeys: openpgp.key.readArmored(publicKey).keys
+        })
+        .then(function sendPgpResponse(armored) {
+          var pgpMessage = armored.data
+          res.writeHead(200, {'Content-Type': 'application/json'})
+          res.end(JSON.stringify({response: pgpMessage}, null, 2))
+        })
     })
   })