@dooor-ai/trust/dist/nest/controllers/tee-attestation.controller.js

TEE Attestation and Confidential Computing utilities for Dooor OS

"use strict";
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
    return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
    return function (target, key) { decorator(target, key, paramIndex); }
};
var TeeAttestationController_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.TeeAttestationController = void 0;
const common_1 = require("@nestjs/common");
const swagger_1 = require("@nestjs/swagger");
const fs = require("fs");
const jwt = require("jsonwebtoken");
const tee_operation_logger_service_1 = require("../../core/services/tee-operation-logger.service");
const tee_kms_service_1 = require("../../core/services/tee-kms.service");
const tee_connect_dto_1 = require("../../common/dto/tee-connect.dto");
let TeeAttestationController = TeeAttestationController_1 = class TeeAttestationController {
    constructor(kmsService, operationLogger) {
        this.kmsService = kmsService;
        this.operationLogger = operationLogger;
        this.logger = new common_1.Logger(TeeAttestationController_1.name);
    }
    async getAttestation(audience) {
        const tokenFilePath = '/run/container_launcher/attestation_token';
        if (!fs.existsSync(tokenFilePath)) {
            this.logger.warn('Attestation token file not found. Running in non-TEE environment.');
            return jwt.sign({
                iss: 'mock-tee-issuer',
                aud: audience,
                sub: 'mock-workload',
                'tee-claims': {
                    'hardware-model': 'mock-hardware',
                }
            }, 'mock-secret', { expiresIn: '1h' });
        }
        return fs.readFileSync(tokenFilePath, 'utf-8');
    }
    async connect(body, req) {
        try {
            this.logger.log(`[connect] Received request with UID: ${body.uid}`);
            const attestationJwt = await this.getAttestation(body.uid);
            const sessionId = 'tee-session-' + Math.random().toString(36).substring(2, 15);
            this.operationLogger.logOperation('POST', '/tee/connect', 0, common_1.HttpStatus.CREATED, body.uid);
            return {
                attestation_jwt: attestationJwt,
                session_id: sessionId,
            };
        }
        catch (e) {
            this.logger.error(`[connect] Error: ${e.message}`, e.stack);
            throw new common_1.HttpException({
                message: 'Failed to establish TEE connection',
                error: e.message,
            }, common_1.HttpStatus.INTERNAL_SERVER_ERROR);
        }
    }
    healthCheck() {
        return { status: 'ok' };
    }
};
exports.TeeAttestationController = TeeAttestationController;
__decorate([
    (0, common_1.Post)('connect'),
    (0, swagger_1.ApiOperation)({ summary: 'Establish a secure connection with the TEE' }),
    (0, swagger_1.ApiResponse)({
        status: 201,
        description: 'Connection successful, returns attestation JWT',
        type: tee_connect_dto_1.TeeConnectResponseDto,
    }),
    (0, swagger_1.ApiBody)({ type: tee_connect_dto_1.TeeConnectRequestDto }),
    __param(0, (0, common_1.Body)()),
    __param(1, (0, common_1.Req)()),
    __metadata("design:type", Function),
    __metadata("design:paramtypes", [tee_connect_dto_1.TeeConnectRequestDto, Object]),
    __metadata("design:returntype", Promise)
], TeeAttestationController.prototype, "connect", null);
__decorate([
    (0, common_1.Get)('health'),
    (0, swagger_1.ApiOperation)({ summary: 'Check the health of the TEE module' }),
    __metadata("design:type", Function),
    __metadata("design:paramtypes", []),
    __metadata("design:returntype", void 0)
], TeeAttestationController.prototype, "healthCheck", null);
exports.TeeAttestationController = TeeAttestationController = TeeAttestationController_1 = __decorate([
    (0, swagger_1.ApiTags)('TEE Attestation'),
    (0, common_1.Controller)('tee'),
    __metadata("design:paramtypes", [tee_kms_service_1.TeeKmsService,
        tee_operation_logger_service_1.TEEOperationLoggerService])
], TeeAttestationController);
//# sourceMappingURL=tee-attestation.controller.js.map