apxtrib/api/middlewares/isAuthenticated.js

const fs = require("fs-extra");
const dayjs = require("dayjs");
const glob = require("glob");
const openpgp = require("openpgp");

const conf = require("../../nationchains/tribes/conf.json");

const isAuthenticated = async (req, res, next) => {
  // once a day rm oldest tokens than 24hours tag job by adding tmp/tokensmenagedone{day}
  const currentday = dayjs().date();
  console.log(
    "if menagedone" + currentday,
    !fs.existsSync(`${__base}tmp/tokensmenagedone${currentday}`)
  );
  if (!fs.existsSync(`${__base}/tmp/tokens`))
    fs.mkdirSync(`${__base}tmp/tokens`);
  if (!fs.existsSync(`${__base}tmp/tokensmenagedone${currentday}`)) {
    // clean oldest
    const tsday = dayjs().valueOf(); // now in timestamp format
    glob.sync(`${__base}tmp/tokensmenagedone*`).forEach((f) => {
      fs.removeSync(f);
    });
    glob.sync(`${__base}tmp/tokens/*.json`).forEach((f) => {
      if (tsday - parseInt(f.split("_")[1]) > 86400000) fs.remove(f);
    });
  }
  //Check register in tmp/tokens/
  console.log("isAuthenticate?");
  const resnotauth = {
    ref: "headers",
    msg: "notauthenticated",
    data: {
      xalias: req.session.header.xalias,
      xaliasexists: true,
    },
  };
  console.log(req.session.header);
  if (req.session.header.xalias == "anonymous") {
    console.log("alias anonymous means not auth");
    return res.status(401).json(resnotauth);
  }

  const tmpfs = `${__base}tmp/tokens/${req.session.header.xalias}_${
    req.session.header.xdays
  }_${req.session.header.xhash.substring(20, 200)}`;
  console.log(tmpfs);
  if (!fs.existsSync(tmpfs)) {
    // need to check detached sign
    let publickey;
    if (
      fs.existsSync(
        `${__base}nationchains/pagans/itm/${req.session.header.xalias}.json`
      )
    ) {
      const pagan = fs.readJsonSync(
        `${__base}nationchains/pagans/itm/${req.session.header.xalias}.json`
      );
      publickey = pagan.publicKey;
    } else {
      resnotauth.data.xaliasexists = false;
      if (req.body.publickey) {
        publickey = req.body.publickey;
      } else {
        console.log("alias unknown");
        return res.status(404).send(resnotauth);
      }
    }
    console.log(publickey);
    console.log(Buffer.from(req.session.header.xhash, "base64").toString());
    const publicKey = await openpgp.readKey({ armoredKey: publickey });
    const msg = await openpgp.createMessage({
      text: `${req.session.header.xalias}_${req.session.header.xdays}`,
    });
    const signature = await openpgp.readSignature({
      armoredSignature: Buffer.from(
        req.session.header.xhash,
        "base64"
      ).toString(),
    });
    console.log(msg);
    console.log(signature);
    console.log(publicKey);
    const checkauth = await openpgp.verify({
      message: msg,
      signature: signature,
      verificationKeys: publicKey,
    });
    console.log(checkauth);
    console.log(checkauth.signatures[0].keyID);
    //console.log(await checkauth.signatures[0].signature);
    //console.log(await checkauth.signatures[0].verified);

    const { check, keyID } = checkauth.signatures[0];
    try {
      await check; // raise an error if necessary
      fs.outputFileSync(tmpfs, req.session.header.xhash, "utf8");
    } catch (e) {
      resnotauth.msg = "signaturefailed";
      console.log("not auth fail sign");
      return res.status(401).send(resnotauth);
    }
  }
  console.log("Authenticated");
  next();
};
module.exports = isAuthenticated;