UNPKG

nemid

Version:

Node.js module for NemID authentication and signing

github.com/emilbayes/nemid

emilbayes/nemid

112 lines (92 loc) 3.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
const express = require('express') const app = express() const crypto = require('crypto') const path = require('path') const fs = require('fs') const cert = path.join(__dirname, 'cert.der') const key = path.join(__dirname, 'test.key') const issuer = path.join(__dirname, 'issuer.der') const NemID = require('.') const nemid = new NemID({ clientKey: crypto.createPrivateKey({ key: fs.readFileSync(key), format: 'pem', type: 'pkcs1' }), clientCert: fs.readFileSync(cert), serverCA: fs.readFileSync(issuer) }) app.use(express.json()) app.get('/', function (req, res) { res.setHeader('X-Frame-Options', 'deny') // res.setHeader('Content-Security-Policy', "") res.setHeader('X-Content-Type-Options', 'nosniff') res.setHeader('X-Download-Options', 'noopen') res.setHeader('Strict-Transport-Security', 'max-age=5184000; includeSubDomains; preload') const parameters = nemid.authenticate({ origin: 'http://localhost:8000' }) res.send(`<!DOCTYPE html> <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initialscale=1.0, user-scalable=no"> <title></title> <style> .nemid { border: 0; width: 320px; height: 480px; } </style> <script type="text/javascript"> const NEMID_ORIGIN = 'https://appletk.danid.dk' function initNemid (parameters) { const elm = document.createElement('iframe') elm.id = 'nemid-' + Math.random().toString(32) elm.classList.add('nemid') elm.title = 'NemID' elm.allowfullscreen = true elm.src = \`\${NEMID_ORIGIN}/launcher/std/\${elm.id}\` window.addEventListener('message', handler) return { element: elm } function handler (ev) { if (ev.origin !== NEMID_ORIGIN) return if (ev.source !== elm.contentWindow) return // capture the event here ev.stopPropagation() var data = {} try { data = JSON.parse(ev.data) } catch (ex) { console.error(ev.data) } const { command, content } = data if (command === 'SendParameters') { const res = { command: 'parameters', content: JSON.stringify(parameters) } elm.contentWindow.postMessage(JSON.stringify(res), NEMID_ORIGIN) return false } if (command === 'changeResponseAndSubmit') { console.log('http://localhost:8000/', { content }) // Terminal condition window.removeEventListener('message', handler) return false } } } </script> </head> <body> <script> const ctx = initNemid(${JSON.stringify(parameters)}) document.body.appendChild(ctx.element) const ctx2 = initNemid(${JSON.stringify(parameters)}) document.body.appendChild(ctx2.element) </script> </body> </html>`) }) app.post('/', function (req, res) { nemid.verifyAuthenticate(req.body.content, console.log) }) app.listen(8000)