diff --git a/bin/lamassu-server b/bin/lamassu-server index 10eb672d..e5e82712 100755 --- a/bin/lamassu-server +++ b/bin/lamassu-server @@ -16,7 +16,8 @@ if (!httpOnly) { try { options.https = { key: fs.readFileSync(options.certKeyPath), - cert: fs.readFileSync(options.certPath) + cert: fs.readFileSync(options.certPath), + requestCert: true } } catch (err) { console.log('Please configure your certificate.') diff --git a/lib/app.js b/lib/app.js index 66c5a8f5..ede1210d 100644 --- a/lib/app.js +++ b/lib/app.js @@ -9,6 +9,8 @@ var plugins = require('./plugins') var logger = require('./logger') var configManager = require('./config-manager') +const db = require('./db') + module.exports = function (options) { var app = express() var server @@ -61,10 +63,14 @@ module.exports = function (options) { server = http.createServer(app) authMiddleware = function (req, res, next) { - req.device = {} - console.log('DEBUG2') - console.log(req.route) - return next() + const deviceId = req.connection.getPeerCertificate().fingerprint + const sql = 'select id from devices where device_id=$1 and authorized=$2' + db.one(sql, [deviceId, true]) + .then(() => { + req.deviceId = deviceId + next() + }) + .catch(e => res.status(403).end()) } } @@ -72,7 +78,7 @@ module.exports = function (options) { var localApp = express() localApp.use(bodyParser.json()) - var localServer = http.createServer(localApp) + var localServer = http.createServer({localAddress: 'localhost'}, localApp) var localPort = 7070 console.log('DEBUG7 ****************') diff --git a/lib/db.js b/lib/db.js new file mode 100644 index 00000000..2889018d --- /dev/null +++ b/lib/db.js @@ -0,0 +1,4 @@ +const pgp = require('pg-promise')() +const psqlUrl = require('../lib/options').postgresql + +module.exports = {db: pgp(psqlUrl)} diff --git a/lib/pair.js b/lib/pair.js new file mode 100644 index 00000000..51e808b0 --- /dev/null +++ b/lib/pair.js @@ -0,0 +1,45 @@ +const fs = require('fs') +const pify = require('pify') +const readFile = pify(fs.readFile) +const path = require('path') +const crypto = require('crypto') +const db = require('./db') + +const CA_PATH = path.resolve(__dirname, '..', 'ca-cert.pem') + +function totem (ipAddress) { + return readFile(CA_PATH) + .then(data => { + const caHash = crypto.createHash('sha256').update(data).digest() + const token = crypto.randomBytes(32) + const ip = Buffer.from(ipAddress.split('.').map(s => parseInt(s, 10))) + const buf = Buffer.concat([ip, caHash, token]) + const sql = 'insert into pairing_tokens (token) values ($1)' + + return db.none(sql, [token.toString('hex')]) + .then(() => buf.toString('base64')) + }) +} + +function pair (token, deviceId) { + const sql = `delete from pairing_tokens + where token=$1 + returning created < now() - interval '1 hour' as expired` + return db.one(sql, [token]) + .then(r => { + if (r.expired) return false + + const pairSql = 'insert into paired_devices (device_id) values ($1)' + return db.none(pairSql, [deviceId]) + .then(() => true) + }) +} + +function isPaired (deviceId) { + const sql = 'select device_id from paired_devices where device_id=$1' + + return db.one(sql, [deviceId]) + .then(() => true) +} + +module.exports = {totem, pair, isPaired} diff --git a/lib/routes.js b/lib/routes.js index 11823b94..68a63267 100644 --- a/lib/routes.js +++ b/lib/routes.js @@ -223,11 +223,14 @@ function verifyTx (req, res) { } function pair (req, res) { - // const token = req.body.token - // const name = req.body.name + const token = req.body.token + const deviceId = getDeviceId(req) - // TODO: Pair - res.json({success: true}) + return pair.pair(token, deviceId) + .then(valid => { + if (valid) return res.status(200).end() + return res.status(408).end() + }) } function phoneCode (req, res) { diff --git a/todo.txt b/todo.txt index ae6b4ab8..a6b92af4 100644 --- a/todo.txt +++ b/todo.txt @@ -102,3 +102,5 @@ options: configure per machine; configure per crypto/fiat - cartridge counts -- where to store? already in db, not ideal but can fix later - twoWayMode should be per crypto + +- add cassette count handling in machines/actions in admin