mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-15 06:15:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix oversight in token compression

Browse Source
This commit is contained in:
KernelDeimos 2024-04-29 22:48:10 -04:00
parent e7e7363fa7
commit 8e6ee9ea79
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
packages/backend/src/services/auth/TokenService.js
View File

@ -25,8 +25,15 @@ defv = o => {
}; };
}; };
const uuid_compression = { const uuid_compression = prefix => ({
encode: v => { encode: v => {
if ( prefix ) {
if ( ! v.startsWith(prefix) ) {
throw new Error(`Expected ${prefix} prefix`);
}
v = v.slice(prefix.length);
}
const undecorated = v.replace(/-/g, ""); const undecorated = v.replace(/-/g, "");
const base64 = Buffer const base64 = Buffer
.from(undecorated, 'hex') .from(undecorated, 'hex')
@ -40,7 +47,7 @@ const uuid_compression = {
const undecorated = Buffer const undecorated = Buffer
.from(v, 'base64') .from(v, 'base64')
.toString('hex'); .toString('hex');
return [ return (prefix ?? '') + [
undecorated.slice(0, 8), undecorated.slice(0, 8),
undecorated.slice(8, 12), undecorated.slice(8, 12),
undecorated.slice(12, 16), undecorated.slice(12, 16),
@ -48,13 +55,13 @@ const uuid_compression = {
undecorated.slice(20), undecorated.slice(20),
].join('-'); ].join('-');
} }
}; });
const compression = { const compression = {
auth: def({ auth: def({
uuid: { uuid: {
short: 'u', short: 'u',
...uuid_compression, ...uuid_compression(),
}, },
version: 'v', version: 'v',
type: { type: {
@ -67,11 +74,11 @@ const compression = {
}, },
user_uid: { user_uid: {
short: 'uu', short: 'uu',
...uuid_compression, ...uuid_compression(),
}, },
app_uid: { app_uid: {
short: 'au', short: 'au',
...uuid_compression, ...uuid_compression('app-'),
}, },
}), }),
}; };
@ -97,6 +104,7 @@ class TokenService extends BaseService {
const secret = this.secret; const secret = this.secret;
const context = this.compression[scope]; const context = this.compression[scope];
console.log('original payload', payload)
const compressed_payload = this._compress_payload(context, payload); const compressed_payload = this._compress_payload(context, payload);
return jwt.sign(compressed_payload, secret, options); return jwt.sign(compressed_payload, secret, options);
@ -111,9 +119,11 @@ class TokenService extends BaseService {
const context = this.compression[scope]; const context = this.compression[scope];
const payload = jwt.verify(token, secret); const payload = jwt.verify(token, secret);
console.log('payloda', payload) console.log('payload', payload)
return this._decompress_payload(context, payload); const decoded = this._decompress_payload(context, payload);
console.log('decoded', decoded);
return decoded;
} }
_compress_payload (context, payload) { _compress_payload (context, payload) {