Skip to content

Commit

Permalink
hash all secrets to db
Browse files Browse the repository at this point in the history
  • Loading branch information
Robert committed Feb 4, 2020
1 parent 47147e2 commit 88119e6
Show file tree
Hide file tree
Showing 20 changed files with 269 additions and 66 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
# Custom
utils/


### C++ ###
# Prerequisites
*.d
Expand Down
135 changes: 135 additions & 0 deletions .npmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
# Created by https://www.gitignore.io/api/c++,node,visualstudiocode
# Edit at https://www.gitignore.io/?templates=c++,node,visualstudiocode

# Custom
utils/
docs/
.vscode/


### C++ ###
# Prerequisites
*.d

# Compiled Object files
*.slo
*.lo
*.o
*.obj

# Precompiled Headers
*.gch
*.pch

# Fortran module files
*.mod
*.smod

# Compiled Static libraries
*.lai
*.la
*.a
*.lib

### Node ###
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*

# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json

# Runtime data
pids
*.pid
*.seed
*.pid.lock

# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov

# Coverage directory used by tools like istanbul
coverage
*.lcov

# nyc test coverage
.nyc_output

# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt

# Bower dependency directory (https://bower.io/)
bower_components

# node-waf configuration
.lock-wscript

# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release

# Dependency directories
node_modules/
jspm_packages/

# TypeScript v1 declaration files
typings/

# TypeScript cache
*.tsbuildinfo

# Optional npm cache directory
.npm

# Optional eslint cache
.eslintcache

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# dotenv environment variables file
.env
.env.test

# parcel-bundler cache (https://parceljs.org/)
.cache

# next.js build output
.next

# nuxt.js build output
.nuxt

# vuepress build output
.vuepress/dist

# Serverless directories
.serverless/

# FuseBox cache
.fusebox/

# DynamoDB Local files
.dynamodb/

### VisualStudioCode ###
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json

### VisualStudioCode Patch ###
# Ignore all local history of files
.history

# End of https://www.gitignore.io/api/c++,node,visualstudiocode
5 changes: 2 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

A CSC RSSP, cloud signature consortium remote signature service provider, made in Node.js, using SoftHSMv2 as HSM.

This is a work in progress. Do not use it yet!

## Prerequistes

Expand Down Expand Up @@ -42,7 +41,7 @@ In the [release version](https://github.com/simionrobert/cloud-signature-consort
Don't forget to configure the location of these in the config/config.json ("softhsm2_driver_path, "openSSL_path", "openSC_path")
If you don't want to do this, by default, the config file is set to search in /utils (/ = root) folder.

## Install
## Usage

Installing globally via `npm`:

Expand All @@ -53,7 +52,7 @@ npm install -g csc-server
Create your own user:

```
csc-server --user "user" --pass "pass"
csc-server --user "username" --pass "password"
```

Start CSC Server:
Expand Down
89 changes: 64 additions & 25 deletions bin/csc-server
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,13 @@
const cscServer = require('../src/lib'),
os = require('os'),
logger = require('winston'),
argv = require('minimist')(process.argv.slice(2));
argv = require('minimist')(process.argv.slice(2)),
config = require('../src/config');

const { format } = logger;
const ifaces = os.networkInterfaces();

// Configure logger suppression or not
logger.configure({
level: 'info',
format: format.combine(
Expand All @@ -23,33 +25,54 @@ logger.configure({
]
});


// Show help
if (argv.h || argv.help) {
logger.log([
'Usage:',
'csc-server [options]',
'',
'Options:',
' --createUser Create a user using the arguments below.',
' --user Username of the user.',
' --pass Password of the user.',
' --pin PIN associated with the generated private key.',
'',
' --createClient Create an OAuth 2.0 client using the arguments below.',
' --name Name of the client application.',
' --id Client id.',
' --secret Client_secret.',
' --redirectUri Redirect_uri.',
'',
' --listen, -l Start the server',
' --port, -p Port to use [8080]',
' --address, -a Address to use [0.0.0.0]',
' --init, -i Create credential for user (generate cert, key pair, assign to user). Used with --use',
' --user User to add once to the db.',
' --pass Password of the user.',
' --keypass Password of the generated private key.',
' --cert, -c Path to ssl cert file (default: cert.pem).',
' --key, -k Path to ssl key file (default: key.pem).',
' --passphrase Path to ssl key file (default: 0000).',
'',
' --cert, -c Path to SSL cert file (default: cert.pem).',
' --key, -k Path to SSL key file (default: key.pem).',
' --passphrase Password to SSL private key (default: 0000).',
'',
' --silent, -s Suppress log messages from output',
' --version, -v Print the version and exit.',
' --help, -h Print this list and exit.',
'',
'Examples',
' csc-server -l',
' csc-server --user=username --pass=password --keypass=password'
' csc-server --createUser --user=username --pass=password --pin=password',
' csc-server --createClient --name=name --id=id --secret=secret --redirectUri=redirectUri'
].join('\n'));
process.exit();
}

if (argv.user || argv.pass || argv.keypass) {
// Only register user
if (argv.user && argv.pass && argv.keypass) {
// Show version
if (argv.v || argv.version) {
logger.log(`csc-server version ${config.settings.version}`);
process.exit();
}


// Do work
if (argv.createUser) {
if (argv.user && argv.pass && argv.pin) {
const server = cscServer.createServer();

logger.info(`Creating the user ...`);
Expand All @@ -58,30 +81,42 @@ if (argv.user || argv.pass || argv.keypass) {
logger.error(`An error occured when saving the user ${argv.user}. ${err}`);
process.exit(1);
}
logger.info(`User ${argv.user} was successfully created!`);

logger.info(`User ${argv.user} was successfully created!`);
logger.info(`Generating credentials ...`);
server.generateCredentials(argv.user, argv.keypass, (err) => {

server.generateCredentials(argv.user, argv.pin, (err) => {
if (err) { logger.error(err); process.exit(); }

logger.info(`Credentials successfully generated!`);
process.exit();
});
});
} else {
logger.error(`Options --user and --pass need to be used together!`);
logger.error(`Options --user, --pass and --pin need to be used together!`);
process.exit(1);
}
} else if (argv.l || argv.listen) {
// Start server
listen();
} else {
logger.error(`Nothing specified. Exiting!`);
process.exit(1);
}

} else if (argv.createClient) {
if (argv.name && argv.id && argv.secret && argv.redirectUri) {
const server = cscServer.createServer();

logger.info(`Creating the client ...`);
server.registerClient(argv.name, argv.id, argv.secret, argv.redirectUri, function (err) {
if (err) {
logger.error(`An error occured when saving the client ${argv.name}. ${err}`);
process.exit(1);
}

logger.info(`Client "${argv.name}" was successfully created!`);
});
} else {
logger.error(`Options --name, --id, --secret and redirectUri need to be used together!`);
process.exit(1);
}

function listen() {
} else if (argv.l || argv.listen) {
// Start server
const options = {
host: argv.a || argv.address,
port: argv.p || argv.port || parseInt(process.env.PORT, 10),
Expand All @@ -101,7 +136,6 @@ function listen() {
const canonicalHost = host === '0.0.0.0' ? '127.0.0.1' : host,
protocol = 'https://';


let addresses = [];
if (argv.a && host !== '0.0.0.0') {
addresses.push((' ' + protocol + canonicalHost + ':' + (port.toString())));
Expand All @@ -123,8 +157,13 @@ function listen() {
].join('\n'));
logger.info('Hit CTRL-C to stop the server');
});

} else {
logger.error(`Nothing specified. Exiting!`);
process.exit(1);
}


if (process.platform === 'win32') {
require('readline').createInterface({
input: process.stdin,
Expand Down
Binary file modified docs/Simion Robert-George Dizertatie CSC ATM 2019.docx
Binary file not shown.
Binary file not shown.
Binary file added docs/~WRL3752.tmp
Binary file not shown.
8 changes: 5 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@
"author": "Simion Robert",
"url": "https://github.com/simionrobert/",
"repository": {
"type": "git",
"url": "https://github.com/simionrobert/CSC-Framework.git"
"url": "git://github.com/simionrobert/CSC-Framework.git"
},
"publishConfig": {
"registry": "https://npm.pkg.github.com/"
},
"keywords": [
"digital signature",
Expand Down Expand Up @@ -59,4 +61,4 @@
"bin": {
"csc-server": "bin/csc-server"
}
}
}
1 change: 1 addition & 0 deletions src/config/config.json
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{
"version":"1.0.0",
"https": {
"host": "0.0.0.0",
"port": "8080",
Expand Down
9 changes: 7 additions & 2 deletions src/lib/db/Client.js
Original file line number Diff line number Diff line change
@@ -1,15 +1,20 @@
'use strict';

const mongoose = require('mongoose');
const crypto = require('crypto');

const clientSchema = new mongoose.Schema({
name: String,
client_id: { type: String, unique: true },
client_secret: String,
redirect_uri: String,
is_trusted: Boolean
redirect_uri: String
});


clientSchema.methods.verify = function (value) {
return this.client_secret === crypto.createHash('sha256').update(value).digest('hex');
};

const Client = mongoose.model('clients', clientSchema);

module.exports = Client
1 change: 0 additions & 1 deletion src/lib/db/Code.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ const codeSchema = new mongoose.Schema({
creation_date: { type: Date, default: Date.now() }
});


const Code = mongoose.model('codes', codeSchema);

module.exports = Code;
Loading

0 comments on commit 88119e6

Please sign in to comment.