@guardian/pan-domain-node/dist/src/utils.js

NodeJs implementation of Guardian pan-domain auth verification

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
    __setModuleDefault(result, mod);
    return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.parseUser = exports.httpGet = exports.base64ToPEM = exports.sign = exports.verifySignature = exports.parseCookie = exports.decodeBase64 = void 0;
const crypto = __importStar(require("crypto"));
const https = __importStar(require("https"));
const url_1 = require("url");
function decodeBase64(data) {
    return Buffer.from(data, 'base64').toString('utf8');
}
exports.decodeBase64 = decodeBase64;
/**
 * Parse a pan-domain user cookie in to data and signature
 */
function parseCookie(cookie) {
    const splitCookie = cookie.split('\.');
    return {
        data: decodeBase64(splitCookie[0]),
        signature: splitCookie[1]
    };
}
exports.parseCookie = parseCookie;
/**
 * Verify signed data using nodeJs crypto library
 */
function verifySignature(message, signature, pandaPublicKey) {
    return crypto.createVerify('sha256WithRSAEncryption')
        .update(message, 'utf8')
        .verify(pandaPublicKey, signature, 'base64');
}
exports.verifySignature = verifySignature;
function sign(message, privateKey) {
    const sign = crypto.createSign("sha256WithRSAEncryption");
    sign.write(message);
    sign.end();
    return sign.sign(privateKey, 'base64');
}
exports.sign = sign;
const ASCII_NEW_LINE = String.fromCharCode(10);
function base64ToPEM(key, headerFooter) {
    const PEM_HEADER = `-----BEGIN ${headerFooter} KEY-----`;
    const PEM_FOOTER = `-----END ${headerFooter} KEY-----`;
    let tmp = [];
    const ret = [Buffer.from(PEM_HEADER).toString('ascii')];
    for (let i = 0, len = key.length; i < len; i++) {
        if (i > 0 && i % 64 === 0) {
            ret.push(tmp.join(''));
            tmp = [];
        }
        tmp.push(key[i]);
    }
    ret.push(tmp.join(''));
    ret.push(Buffer.from(PEM_FOOTER).toString('ascii'));
    return ret.join(ASCII_NEW_LINE);
}
exports.base64ToPEM = base64ToPEM;
function httpGet(path) {
    return new Promise((resolve, reject) => {
        const data = [];
        https.get(path, res => {
            res.on('data', chunk => data.push(chunk.toString('utf8')));
            res.on('error', err => reject(err));
            res.on('end', () => {
                const body = data.join('');
                if (res.statusCode == 200) {
                    resolve(body);
                }
                else {
                    // Response might be XML
                    const match = body.match(/<message>(.*)<\/message>/i);
                    const error = new Error(match ? match[1] : 'Invalid public key response');
                    reject(error);
                }
            });
        });
    });
}
exports.httpGet = httpGet;
function parseUser(data) {
    const params = new url_1.URLSearchParams(data);
    function stringField(name) {
        const value = params.get(name);
        if (!value) {
            throw new Error(`Missing ${name}`);
        }
        return value;
    }
    function numberField(name) {
        const value = params.get(name);
        if (!value) {
            throw new Error(`Missing ${name}`);
        }
        return parseInt(value);
    }
    function booleanField(name) {
        return params.get(name) === 'true';
    }
    function stringListField(name) {
        const value = params.get(name);
        if (!value) {
            throw new Error(`Missing ${name}`);
        }
        return value.split(",");
    }
    const avatarUrl = params.get("avatarUrl");
    return {
        firstName: stringField("firstName"),
        lastName: stringField("lastName"),
        email: stringField("email"),
        avatarUrl: avatarUrl ? avatarUrl : undefined,
        authenticatingSystem: stringField("system"),
        authenticatedIn: stringListField("authedIn"),
        expires: numberField("expires"),
        multifactor: booleanField("multifactor")
    };
}
exports.parseUser = parseUser;