| 1 | {"version":3,"file":"server-secure.js","sourceRoot":"","sources":["../../../../src/http/server-secure.ts"],"names":[],"mappings":";;;AAOA,+BAAiC;AACjC,8BAAgC;AAMhC,IAAM,KAAK,GAAG,MAAM,CAAC,gCAAgC,CAAC,CAAC;AACvD,IAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;AAEtC,IAAM,MAAM,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC;AAM1F,SAAgB,sBAAsB,CAAC,MAAc,EAAE,GAAW;IAE9D,IAAM,IAAI,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACjC,IAAI,MAAM,CAAC,SAAS,EAAE;QAClB,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,YAAY,EAAE;QAI/D,IAAI,EAAE,SAAmB,CAAC;QAC1B,IAAI,MAAM,EAAE;YACR,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;SACzB;QAED,IAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,IAAM,aAAa,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EACrD,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,YAAY,CAAC,CAAC;QACvB,aAAa,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAEnC,IAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAM,OAAO,GAAG,gBAAW,GAAG,oBAAY,GAAG,MAAG,CAAC;QAEjD,IAAM,KAAK,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACpD,IAAI,KAAK,EAAE;YACP,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;SAC1B;QACD,IAAM,KAAK,GAAG,aAAa,CAAC,KAAK,EAAE,CAAC;QACpC,IAAI,KAAK,EAAE;YACP,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;SAC1B;QACD,IAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAE5C,IAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzD,IAAI,MAAM,EAAE;YACR,IAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAM,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACtB,IAAM,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAM,YAAY,GAAG,WAAW,GAAG,GAAG,CAAC;YAKvC,UAAU,CAAC,WAAS,OAAO,UAAK,YAAY,aAAQ,GAAG,OAAI,CAAC,CAAC;SAChE;QAED,OAAO,EAAE,IAAI,EAAG,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;KAC3D;IAED,OAAO,SAAS,CAAC;AACrB,CAAC;AAnDD,wDAmDC;AAED,SAAgB,YAAY,CAAC,MAAc,EAAE,SAA8B;IAEvE,SAAS,CAAC,GAAG,CAAC,UAAC,GAAoB,EAAE,GAAqB,EAAE,IAA0B;QAElF,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE;YACrB,IAAI,EAAE,CAAC;YACP,OAAO;SACV;QAED,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,SAAS,EAAE;YACxC,IAAI,EAAE,CAAC;YACP,OAAO;SACV;QAeD,IAAI,MAAM,GAAG,IAAI,CAAC;QAElB,IAAM,UAAU,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEvC,IAAI,UAAU,IAAI,UAAU,CAAC,QAAQ;YACjC,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,YAAY,EAAE;YAIlD,IAAI,EAAE,SAAmB,CAAC;YAC1B,IAAI,MAAM,EAAE;gBACR,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;aACzB;YACD,IAAI,KAAK,GAAG,CAAC,CAAC;YAEd,IAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC;YAE9C,IAAM,SAAS,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;YACxD,IAAI,SAAS,EAAE;gBACX,IAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAIpD,IAAM,SAAS,GAAG,UAAU,CAAC;gBAE7B,IAAM,UAAU,GAAa,EAAE,CAAC;gBAChC,IAAM,aAAa,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EACvD,UAAU,CAAC,QAAQ,EACnB,UAAU,CAAC,YAAY,CAAC,CAAC;gBAC7B,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBACpC,IAAM,KAAK,GAAG,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC9C,IAAI,KAAK,EAAE;oBACP,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;iBAC1B;gBACD,IAAM,KAAK,GAAG,aAAa,CAAC,KAAK,EAAE,CAAC;gBACpC,IAAI,KAAK,EAAE;oBACP,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;iBAC1B;gBACD,IAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC5C,IAAM,aAAa,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACtD,IAAM,IAAI,GAAG,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC;gBAC9C,IAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAE/D,IAAI;oBACA,IAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;oBAC/C,IAAI,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;oBAC5B,IAAM,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC;oBAGhC,IAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBACvB,KAAK,GAAG,GAAG,GAAG,IAAI,CAAC;oBAKnB,IAAI,KAAK,IAAI,IAAI,EAAE;wBACf,IAAM,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;wBAC/B,IAAI,CAAC,GAAG,CAAC,EAAE;4BACP,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;yBAC1B;wBACD,IAAI,GAAG,KAAK,QAAQ,EAAE;4BAClB,MAAM,GAAG,KAAK,CAAC;yBAClB;qBACJ;iBACJ;gBAAC,OAAO,GAAG,EAAE;oBACV,KAAK,CAAC,GAAG,CAAC,CAAC;oBACX,KAAK,CAAC,YAAY,CAAC,CAAC;iBACvB;aACJ;YAED,IAAI,MAAM,EAAE;gBACR,IAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC9B,IAAM,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAM,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC1B,IAAM,YAAY,GAAG,WAAW,GAAG,GAAG,CAAC;gBAKvC,UAAU,CAAC,YAAU,KAAK,YAAO,OAAO,UAAK,YAAY,aAAQ,QAAQ,OAAI,CAAC,CAAC;aAClF;SACJ;QAED,IAAI,MAAM,EAAE;YACR,KAAK,CAAC,0DAA0D,CAAC,CAAC;YAClE,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAKf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAEhB,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;SACV;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC;AAEP,CAAC;AA9HD,oCA8HC","sourcesContent":["// ==LICENSE-BEGIN==\n// Copyright 2017 European Digital Reading Lab. All rights reserved.\n// Licensed to the Readium Foundation under one or more contributor license agreements.\n// Use of this source code is governed by a BSD-style license\n// that can be found in the LICENSE file exposed on Github (readium) in the project repository.\n// ==LICENSE-END==\n\nimport * as crypto from \"crypto\";\nimport * as debug_ from \"debug\";\nimport * as express from \"express\";\n\nimport { _jsonPath, _show, _urlEncoded } from \"./request-ext\";\nimport { Server } from \"./server\";\n\nconst debug = debug_(\"r2:streamer#http/server-secure\");\nconst debugHttps = debug_(\"r2:https\");\n\nconst IS_DEV = (process.env.NODE_ENV === \"development\" || process.env.NODE_ENV === \"dev\");\n\nexport interface IHTTPHeaderNameValue {\n name: string;\n value: string;\n}\nexport function serverSecureHTTPHeader(server: Server, url: string): IHTTPHeaderNameValue | undefined {\n\n const info = server.serverInfo();\n if (server.isSecured() &&\n info && info.trustKey && info.trustCheck && info.trustCheckIV) {\n\n // @ts-ignorexx: TS2454 (variable is used before being assigned)\n // instead: exclamation mark \"definite assignment\"\n let t1!: [number, number];\n if (IS_DEV) {\n t1 = process.hrtime();\n }\n\n const encrypteds: Buffer[] = [];\n // encrypteds.push(info.trustCheckIV);\n const encryptStream = crypto.createCipheriv(\"aes-256-cbc\",\n info.trustKey,\n info.trustCheckIV);\n encryptStream.setAutoPadding(true);\n // milliseconds since epoch (midnight, 1 Jan 1970)\n const now = Date.now(); // +new Date()\n const jsonStr = `{\"url\":\"${url}\",\"time\":${now}}`;\n // const jsonBuff = Buffer.from(jsonStr, \"utf8\");\n const buff1 = encryptStream.update(jsonStr, \"utf8\"); // jsonBuff\n if (buff1) {\n encrypteds.push(buff1);\n }\n const buff2 = encryptStream.final();\n if (buff2) {\n encrypteds.push(buff2);\n }\n const encrypted = Buffer.concat(encrypteds);\n\n const base64 = Buffer.from(encrypted).toString(\"base64\");\n\n if (IS_DEV) {\n const t2 = process.hrtime(t1);\n const seconds = t2[0];\n const nanoseconds = t2[1];\n const milliseconds = nanoseconds / 1e6;\n // const totalNanoseconds = (seconds * 1e9) + nanoseconds;\n // const totalMilliseconds = totalNanoseconds / 1e6;\n // const totalSeconds = totalNanoseconds / 1e9;\n\n debugHttps(`< A > ${seconds}s ${milliseconds}ms [ ${url} ]`);\n }\n\n return { name : \"X-\" + info.trustCheck, value: base64 };\n }\n\n return undefined;\n}\n\nexport function serverSecure(server: Server, topRouter: express.Application) {\n\n topRouter.use((req: express.Request, res: express.Response, next: express.NextFunction) => {\n\n if (!server.isSecured()) {\n next();\n return;\n }\n\n if (req.method.toLowerCase() === \"options\") {\n next();\n return;\n }\n\n // let ua = req.get(\"user-agent\");\n // if (ua) {\n // ua = ua.toLowerCase();\n // }\n\n // console.log(util.inspect(req,\n // { showHidden: false,\n // depth: 1,\n // colors: true,\n // customInspect: true,\n // breakLength: 100,\n // maxArrayLength: undefined }));\n\n let doFail = true;\n\n const serverData = server.serverInfo();\n\n if (serverData && serverData.trustKey &&\n serverData.trustCheck && serverData.trustCheckIV) {\n\n // @ts-ignorexx: TS2454 (variable is used before being assigned)\n // instead: exclamation mark \"definite assignment\"\n let t1!: [number, number];\n if (IS_DEV) {\n t1 = process.hrtime();\n }\n let delta = 0;\n\n const urlCheck = server.serverUrl() + req.url;\n\n const base64Val = req.get(\"X-\" + serverData.trustCheck);\n if (base64Val) {\n const decodedVal = Buffer.from(base64Val, \"base64\"); // .toString(\"utf8\");\n\n // const AES_BLOCK_SIZE = 16;\n // const iv = decodedVal.slice(0, AES_BLOCK_SIZE);\n const encrypted = decodedVal; // .slice(AES_BLOCK_SIZE);\n\n const decrypteds: Buffer[] = [];\n const decryptStream = crypto.createDecipheriv(\"aes-256-cbc\",\n serverData.trustKey,\n serverData.trustCheckIV);\n decryptStream.setAutoPadding(false);\n const buff1 = decryptStream.update(encrypted);\n if (buff1) {\n decrypteds.push(buff1);\n }\n const buff2 = decryptStream.final();\n if (buff2) {\n decrypteds.push(buff2);\n }\n const decrypted = Buffer.concat(decrypteds);\n const nPaddingBytes = decrypted[decrypted.length - 1];\n const size = encrypted.length - nPaddingBytes;\n const decryptedStr = decrypted.slice(0, size).toString(\"utf8\");\n // debug(decryptedStr);\n try {\n const decryptedJson = JSON.parse(decryptedStr);\n let url = decryptedJson.url;\n const time = decryptedJson.time;\n\n // milliseconds since epoch (midnight, 1 Jan 1970)\n const now = Date.now(); // +new Date()\n delta = now - time;\n\n // 3-second time window between HTTP header creation and consumption\n // this should account for plenty of hypothetical server latency\n // (typical figures way under 100ms, but there are occasional high-load spikes)\n if (delta <= 3000) {\n const i = url.lastIndexOf(\"#\");\n if (i > 0) {\n url = url.substr(0, i);\n }\n if (url === urlCheck) {\n doFail = false;\n }\n }\n } catch (err) {\n debug(err);\n debug(decryptedStr);\n }\n }\n\n if (IS_DEV) {\n const t2 = process.hrtime(t1);\n const seconds = t2[0];\n const nanoseconds = t2[1];\n const milliseconds = nanoseconds / 1e6;\n // const totalNanoseconds = (seconds * 1e9) + nanoseconds;\n // const totalMilliseconds = totalNanoseconds / 1e6;\n // const totalSeconds = totalNanoseconds / 1e9;\n\n debugHttps(`< B > (${delta}ms) ${seconds}s ${milliseconds}ms [ ${urlCheck} ]`);\n }\n }\n\n if (doFail) {\n debug(\"############## X-Debug- FAIL ========================== \");\n debug(req.url);\n // debug(url);\n // Object.keys(req.headers).forEach((header: string) => {\n // debug(header + \" => \" + req.headers[header]);\n // });\n res.status(200);\n // res.send(\"<html><body> </body></html>\");\n res.end();\n return;\n }\n\n next();\n });\n\n}\n"]} |