WIP

bin/lamassu-server

@@ -16,7 +16,8 @@ if (!httpOnly) {
   try {
     options.https = {
       key: fs.readFileSync(options.certKeyPath),
-      cert: fs.readFileSync(options.certPath)
+      cert: fs.readFileSync(options.certPath),
+      requestCert: true
     }
   } catch (err) {
     console.log('Please configure your certificate.')

lib/app.js

@@ -9,6 +9,8 @@ var plugins = require('./plugins')
 var logger = require('./logger')
 var configManager = require('./config-manager')
 
+const db = require('./db')
+
 module.exports = function (options) {
   var app = express()
   var server
@@ -61,10 +63,14 @@ module.exports = function (options) {
       server = http.createServer(app)
 
       authMiddleware = function (req, res, next) {
-        req.device = {}
+        const deviceId = req.connection.getPeerCertificate().fingerprint
-        console.log('DEBUG2')
+        const sql = 'select id from devices where device_id=$1 and authorized=$2'
-        console.log(req.route)
+        db.one(sql, [deviceId, true])
-        return next()
+        .then(() => {
+          req.deviceId = deviceId
+          next()
+        })
+        .catch(e => res.status(403).end())
       }
     }
 
@@ -72,7 +78,7 @@ module.exports = function (options) {
 
     var localApp = express()
     localApp.use(bodyParser.json())
-    var localServer = http.createServer(localApp)
+    var localServer = http.createServer({localAddress: 'localhost'}, localApp)
     var localPort = 7070
 
     console.log('DEBUG7 ****************')

lib/db.js

@@ -0,0 +1,4 @@
+const pgp = require('pg-promise')()
+const psqlUrl = require('../lib/options').postgresql
+
+module.exports = {db: pgp(psqlUrl)}

lib/pair.js

@@ -0,0 +1,45 @@
+const fs = require('fs')
+const pify = require('pify')
+const readFile = pify(fs.readFile)
+const path = require('path')
+const crypto = require('crypto')
+const db = require('./db')
+
+const CA_PATH = path.resolve(__dirname, '..', 'ca-cert.pem')
+
+function totem (ipAddress) {
+  return readFile(CA_PATH)
+  .then(data => {
+    const caHash = crypto.createHash('sha256').update(data).digest()
+    const token = crypto.randomBytes(32)
+    const ip = Buffer.from(ipAddress.split('.').map(s => parseInt(s, 10)))
+    const buf = Buffer.concat([ip, caHash, token])
+    const sql = 'insert into pairing_tokens (token) values ($1)'
+
+    return db.none(sql, [token.toString('hex')])
+    .then(() => buf.toString('base64'))
+  })
+}
+
+function pair (token, deviceId) {
+  const sql = `delete from pairing_tokens
+    where token=$1
+    returning created < now() - interval '1 hour' as expired`
+  return db.one(sql, [token])
+  .then(r => {
+    if (r.expired) return false
+
+    const pairSql = 'insert into paired_devices (device_id) values ($1)'
+    return db.none(pairSql, [deviceId])
+    .then(() => true)
+  })
+}
+
+function isPaired (deviceId) {
+  const sql = 'select device_id from paired_devices where device_id=$1'
+
+  return db.one(sql, [deviceId])
+  .then(() => true)
+}
+
+module.exports = {totem, pair, isPaired}

lib/routes.js

@@ -223,11 +223,14 @@ function verifyTx (req, res) {
 }
 
 function pair (req, res) {
-  // const token = req.body.token
+  const token = req.body.token
-  // const name = req.body.name
+  const deviceId = getDeviceId(req)
 
-  // TODO: Pair
+  return pair.pair(token, deviceId)
-  res.json({success: true})
+  .then(valid => {
+    if (valid) return res.status(200).end()
+    return res.status(408).end()
+  })
 }
 
 function phoneCode (req, res) {

todo.txt

@@ -102,3 +102,5 @@ options: configure per machine; configure per crypto/fiat
 - cartridge counts -- where to store? already in db, not ideal but can fix later
 
 - twoWayMode should be per crypto
+
+- add cassette count handling in machines/actions in admin