UNPKG

dce-expresskit

Version:

Shared functions, helpers, and tools for Harvard DCE Express-based servers

github.com/harvard-edtech/dce-expresskit

harvard-edtech/dce-expresskit

108 lines (87 loc) 3.48 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
// Import crypto lib import crypto from 'crypto'; // Prompt import readline from 'readline'; // Create a readline interface const readlineInterface = readline.createInterface({ input: process.stdin, output: process.stdout }); /** * Prompt user for input * @author Gabe Abrams * @param question the question to ask the user * @returns the text from the user */ const prompt = (question: string): Promise<string> => { return new Promise((resolve, reject) => { readlineInterface.question(question, (answer: string) => { if (!answer || answer.trim().length === 0) { console.log('\nValue cannot be empty. Exiting...'); process.exit(0); } resolve(answer); }); }); }; // All chars for randomizer const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; (async () => { console.log('––––– Generate Encoded Secret –––––'); console.log('\nFirst, we need info on the *receiving* server'); console.log('This is the server that hosts the cross-server endpoint, the one that receives requests from the sending server.\n'); // Get salt console.log('Encoding salt on the *receiving* server') const salt = await prompt('Salt: '); // Get host console.log('Hostname of the *receiving* server'); const host = await prompt('Host: '); console.log('\n\nSecond, we need info on the *sending* server'); console.log('This is the server that sends requests to the receiving server.\n'); // Get key console.log('Short unique key for the *sending* server (only letters and dashes, no whitespace)') const key = (await prompt('Key: ')).trim(); // Get description console.log('Human-readable description of the *sending* server') const description = await prompt('Description: '); // Generate a random secret let secret = ''; for (let i = 0; i < 32; i++) { secret += chars.charAt(Math.floor(Math.random() * chars.length)); } secret = Buffer.from(secret).toString('base64'); // Encryption process based on: // https://medium.com/@tony.infisical/guide-to-nodes-crypto-module-for-encryption-decryption-65c077176980 // Create a random initialization vector const iv = crypto.randomBytes(12).toString('base64'); // Create a cipher console.log('salt', salt, Buffer.from(salt, 'base64')); const cipher = crypto.createCipheriv( 'aes-256-gcm', Buffer.from(salt, 'base64'), Buffer.from(iv, 'base64'), ); // Encrypt the string let ciphertext = cipher.update(secret, 'utf8', 'base64'); // Finalize the encryption ciphertext += cipher.final('base64'); // Get the authentication tag const tag = cipher.getAuthTag(); // JSONify the encrypted data const encryptionPack = encodeURIComponent(JSON.stringify({ ciphertext, iv, tag, })); // Show the encrypted data console.log('\n\n'); console.log('––––– Done! What\'s Next: –––––'); console.log(''); console.log('On the *sending* server, !!APPEND!! the following to the DCEKIT_CROSS_SERVER_CREDENTIALS env var:'); console.log(`|${host}:${key}:${secret}|`); console.log(''); console.log('On the *receiving* server, add an entry to its "CrossServerCredential" collection:'); console.log(`{ "description": "${description}", "key": "${key}", "encodedeSecret": "${encryptionPack}", "scopes": [] }`); console.log(''); console.log('For all scopes that the server should have access to, add them to the "scopes" array.'); })();