fix big in pgp key unconsistent

api/middlewares/isAuthenticated.js

@@ -6,6 +6,7 @@ const openpgp = require("openpgp");
 const conf = require(`${process.env.dirtown}/conf.json`);
 
 const isAuthenticated = async (req, res, next) => {
+  // tokens if valid are store in /dirtown/tmp/tokens/xalias_xdays_xhash(20,200) 
   // once a day rm oldest tokens than 24hours tag job by adding tmp/tokensmenagedone{day}
   const currentday = dayjs().date();
   console.log(
@@ -34,8 +35,8 @@ const isAuthenticated = async (req, res, next) => {
       xaliasexists: true,
     },
   };
-  console.log(req.session.header);
-  if (req.session.header.xalias == "anonymous") {
+  //console.log(req.session.header);
+  if (req.session.header.xalias == "anonymous" || req.session.header.xhash == "anonymous") {
     console.log("alias anonymous means not auth");
     return res.status(401).json(resnotauth);
   }
@@ -43,7 +44,7 @@ const isAuthenticated = async (req, res, next) => {
   const tmpfs = `${process.env.dirtown}/tmp/tokens/${req.session.header.xalias}_${
     req.session.header.xdays
   }_${req.session.header.xhash.substring(20, 200)}`;
-  console.log(tmpfs);
+  //console.log(tmpfs);
   if (!fs.existsSync(tmpfs)) {
     // need to check detached sign
     let publickey;
@@ -53,7 +54,7 @@ const isAuthenticated = async (req, res, next) => {
       )
     ) {
       const pagan = fs.readJsonSync(
-        `${conf.dirapi}nationchains/pagans/itm/${req.session.header.xalias}.json`
+        `${conf.dirapi}/nationchains/pagans/itm/${req.session.header.xalias}.json`
       );
       publickey = pagan.publicKey;
     } else {
@@ -65,10 +66,21 @@ const isAuthenticated = async (req, res, next) => {
         return res.status(404).send(resnotauth);
       }
     }
-    console.log(publickey);
-    console.log(Buffer.from(req.session.header.xhash, "base64").toString());
-    const publicKey = await openpgp.readKey({ armoredKey: publickey });
-    const msg = await openpgp.createMessage({
+    if (publickey.substring(0,10)!=="-----BEGIN"){
+      console.log("Publickey is not valid as armored key:", publickey)
+      return res.status(404).send(resnotauth);
+    }
+    if (Buffer.from(req.session.header.xhash, "base64").toString().substring(0,10)!=="-----BEGIN"){
+      console.log("xhash conv is not valid as armored key:", Buffer.from(req.session.header.xhash, "base64").toString())
+      return res.status(404).send(resnotauth);
+    }
+    let publicKey;
+    try {
+      publicKey = await openpgp.readKey({ armoredKey: publickey });
+    }catch(err){
+      console.log(erreur)
+    }
+      const msg = await openpgp.createMessage({
       text: `${req.session.header.xalias}_${req.session.header.xdays}`,
     });
     const signature = await openpgp.readSignature({
@@ -77,16 +89,16 @@ const isAuthenticated = async (req, res, next) => {
         "base64"
       ).toString(),
     });
-    console.log(msg);
-    console.log(signature);
-    console.log(publicKey);
+    //console.log(msg);
+    //console.log(signature);
+    //console.log(publicKey);
     const checkauth = await openpgp.verify({
       message: msg,
       signature: signature,
       verificationKeys: publicKey,
     });
-    console.log(checkauth);
-    console.log(checkauth.signatures[0].keyID);
+    //console.log(checkauth);
+    //console.log(checkauth.signatures[0].keyID);
     //console.log(await checkauth.signatures[0].signature);
     //console.log(await checkauth.signatures[0].verified);