From 802ca190ee5cee5baac366e7eb23210776d60400 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Ma=C5=82ecki?= <me@mmalecki.com>
Date: Mon, 17 Mar 2014 16:47:09 +0100
Subject: [PATCH] Implement client certificate middleware

---
 lib/app.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/lib/app.js b/lib/app.js
index ab0d8ce2..2d23eb32 100755
--- a/lib/app.js
+++ b/lib/app.js
@@ -28,6 +28,7 @@ var argv = require('optimist').argv;
 var LamassuConfig = require('lamassu-config');
 var atm = require('lamassu-atm-protocol');
 var format = require('util').format;
+var clientCertificateAuth = require('client-certificate-auth');
 
 var conString, dbConfig, config;
 
@@ -54,6 +55,17 @@ config.load(function(err, conf) {
   atm.init(app, conf.config);
 
   if (argv.https) {
+    app.use(clientCertificateAuth({ rejectUnauthorized: false }, function(cert, done) {
+      config.isAuthorized(cert.fingerprint, function(err, authorized) {
+        if (err) {
+          console.error('Client certificate authorization failed', err.message);
+          return done(false);
+        }
+
+        done(authorized);
+      });
+    }));
+
     var testkeys = path.join(__dirname, '..', 'testkeys');
     var privateKey = fs.readFileSync(path.join(testkeys, 'privatekey.pem'));
     var certificate = fs.readFileSync(path.join(testkeys, 'certificate.pem'));