Skip to content

Commit

Permalink
Push to prod (#19)
Browse files Browse the repository at this point in the history 
* Updating gateway to match dashboard field name for aat

* db encryption

* fixing secret key check with better conditionals
  • Loading branch information
@nymd
nymd authored Aug 12, 2020
1 parent 835bbc1 commit 53a355f
Showing 1 changed file with 25 additions and 1 deletion.
26 changes: 25 additions & 1 deletion src/controllers/v1.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,31 @@ export class V1Controller {

// Check secretKey; is it required? does it pass? -- temp allowance for unencrypted keys
const decryptor = new Decryptor({key: this.databaseEncryptionKey});
if (app.gatewaySettings.secretKeyRequired && this.secretKey !== app.gatewaySettings.secretKey && this.secretKey !== decryptor.decrypt(app.gatewaySettings.secretKey)) {
if (
app.gatewaySettings.secretKeyRequired // If the secret key is required by app's settings
&& // and
app.gatewaSettings.secretKey // the app's secret key is set
&& // and
(
!(this.secretKey) // the request doesn't contain a secret key
|| // or
this.secretKey.length < 32 // the secret key is invalid
|| // or
(
(
this.secretKey.length === 32
&&
this.secretKey !== app.gatewaySettings.secretKey // the secret key does not match plaintext
)
&& // and
(
this.secretKey.length > 32
&&
this.secretKey !== decryptor.decrypt(app.gatewaySettings.secretKey) // does not match encrypted
)
)
)
) {
throw new HttpErrors.Forbidden("SecretKey does not match");
}

Expand Down

0 comments on commit 53a355f

Please sign in to comment.