From 53a355f05e1f92282aeb606a6d2cc12c9b0e8c45 Mon Sep 17 00:00:00 2001 From: nymd Date: Wed, 12 Aug 2020 11:59:37 -0700 Subject: [PATCH] Push to prod (#19) * Updating gateway to match dashboard field name for aat * db encryption * fixing secret key check with better conditionals --- src/controllers/v1.controller.ts | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/controllers/v1.controller.ts b/src/controllers/v1.controller.ts index 12f93746..1b1e6c31 100644 --- a/src/controllers/v1.controller.ts +++ b/src/controllers/v1.controller.ts @@ -108,7 +108,31 @@ export class V1Controller { // Check secretKey; is it required? does it pass? -- temp allowance for unencrypted keys const decryptor = new Decryptor({key: this.databaseEncryptionKey}); - if (app.gatewaySettings.secretKeyRequired && this.secretKey !== app.gatewaySettings.secretKey && this.secretKey !== decryptor.decrypt(app.gatewaySettings.secretKey)) { + if ( + app.gatewaySettings.secretKeyRequired // If the secret key is required by app's settings + && // and + app.gatewaSettings.secretKey // the app's secret key is set + && // and + ( + !(this.secretKey) // the request doesn't contain a secret key + || // or + this.secretKey.length < 32 // the secret key is invalid + || // or + ( + ( + this.secretKey.length === 32 + && + this.secretKey !== app.gatewaySettings.secretKey // the secret key does not match plaintext + ) + && // and + ( + this.secretKey.length > 32 + && + this.secretKey !== decryptor.decrypt(app.gatewaySettings.secretKey) // does not match encrypted + ) + ) + ) + ) { throw new HttpErrors.Forbidden("SecretKey does not match"); }