@trap_stevo/veripath
Version:
The pinnacle of real-time encrypted routing and session-bound communication through a precision-crafted middleware system. Empowering developers to secure every route with dynamic request decryption, intelligent session validation, and seamless encrypted
117 lines (116 loc) • 3.9 kB
JavaScript
;
const crypto = require("crypto");
const {
RouteSecurityEngine
} = require("../RouteSecurityEngine.js");
const {
veriVaultManager
} = require("./VeriVaultManager.js");
const {
linkTracker
} = require("./LinkTracker.js");
function createDecryptRequest(config = {}) {
const engine = new RouteSecurityEngine(config);
const defaultAgents = ["verilink-node", "verilink-browser"];
const expectedAgents = Array.isArray(config.expectedUserAgents) ? config.expectedUserAgents : typeof config.expectedUserAgent === "string" ? [config.expectedUserAgent] : defaultAgents;
return async function decryptRequest(req, res, next) {
try {
const vlinkTime = parseInt(req.headers["x-vlink-claim-timestamp"]);
const vlinkDevice = req.headers["x-vlink-device"] || undefined;
const vlinkClaim = req.headers["x-vlink-claim"];
const vlinkID = req.headers["x-vlink-id"];
const vlink = req.headers["x-vlink"];
if (!vlink || !vlinkID || !vlinkClaim || !vlinkTime) {
return res.status(400).json({
error: "Unauthorized ~ missing required data"
});
}
const sessionKey = await veriVaultManager.getKey(req);
if (!sessionKey) {
return res.status(401).json({
error: "Unauthorized ~ missing required data"
});
}
const expectedID = crypto.createHmac("sha256", Buffer.from(sessionKey)).update(vlink).digest("base64");
if (expectedID !== vlinkID) {
return res.status(401).json({
error: "Unauthorized"
});
}
const sessionHash = crypto.createHash("sha256").update(Buffer.from(sessionKey)).digest("hex");
const fresh = linkTracker.register(sessionHash, vlink);
if (!fresh) {
return res.status(401).json({
error: "Unauthorized"
});
}
let claimAuthorized = false;
for (const agent of expectedAgents) {
const payload = {
deviceID: vlinkDevice,
timestamp: vlinkTime,
userAgent: agent
};
const expectedClaim = crypto.createHmac("sha256", Buffer.from(sessionKey)).update(JSON.stringify(payload)).digest("base64");
if (expectedClaim === vlinkClaim) {
claimAuthorized = true;
break;
}
}
if (!claimAuthorized) {
return res.status(401).json({
error: "Unauthorized"
});
}
const now = Date.now();
if (Math.abs(now - vlinkTime) > 5 * 60 * 1000) {
return res.status(401).json({
error: "Unauthorized"
});
}
if (req.method === "POST" && req.body?.encrypted) {
req.vData = await engine.decrypt(req.body.encrypted, sessionKey);
} else if (req.method === "GET" && req.query?.encrypted) {
const decrypted = await engine.decrypt(req.query.encrypted, sessionKey);
req.vData = decrypted;
}
next();
} catch (error) {
console.log("🔐 [VeriPath] ~ Error ~", error);
res.status(400).json({
error: "Unauthorized"
});
}
};
}
;
function createEncryptResponse(config = {}) {
const engine = new RouteSecurityEngine(config);
return async function encryptResponse(req, ress, next) {
ress.vSend = async function (data) {
try {
const sessionKey = await veriVaultManager.getKey(req);
if (!sessionKey) {
return ress.status(401).send({
error: "Unauthorized ~ missing data"
});
}
const encrypted = await engine.encrypt(data, sessionKey);
return ress.status(200).send({
encrypted
});
} catch (error) {
console.log("🔐 [VeriPath] ~ Encryption error ~", error);
return ress.status(500).send({
error: "Unauthorized"
});
}
};
next();
};
}
;
module.exports = {
createDecryptRequest,
createEncryptResponse
};