ben.carrasco/jambonz-api-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-api-server.git synced 2026-01-25 02:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

obfuscate client password

Browse Source
This commit is contained in:
Quan HL
2023-06-16 07:08:33 +07:00
parent 1439c1b6a4
commit 43b784edd4
3 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/routes/api/clients.js
View File

@@ -4,7 +4,7 @@ const sysError = require('../error');
const Client = require('../../models/client');
const Account = require('../../models/account');
const { DbErrorBadRequest, DbErrorForbidden } = require('../../utils/errors');
const { encrypt, decrypt } = require('../../utils/encrypt-decrypt');
const { encrypt, decrypt, obscureKey } = require('../../utils/encrypt-decrypt');
const commonCheck = async(req) => {
if (req.user.hasAccountAuth) {
@@ -55,7 +55,7 @@ router.get('/', async(req, res) => {
await Client.retrieveAllByAccountSid(req.user.hasAccountAuth ? req.user.account_sid : null) :
await Client.retrieveAllByServiceProviderSid(req.user.service_provider_sid);
const ret = results.map((c) => {
c.password = decrypt(c.password);
c.password = obscureKey(decrypt(c.password), 1);
return c;
});
res.status(200).json(ret);
@@ -70,7 +70,7 @@ router.get('/:sid', async(req, res) => {
const results = await Client.retrieve(req.params.sid);
if (results.length === 0) return res.sendStatus(404);
const client = results[0];
client.password = decrypt(client.password);
client.password = obscureKey(decrypt(client.password), 1);
if (req.user.hasAccountAuth && client.account_sid !== req.user.account_sid) {
return res.sendStatus(404);
} else if (req.user.hasServiceProviderAuth) {

3
lib/utils/encrypt-decrypt.js
View File

@@ -23,8 +23,7 @@ const decrypt = (data) => {
return decrpyted.toString();
};
const obscureKey = (key) => {
const key_spoiler_length = 6;
const obscureKey = (key, key_spoiler_length = 6) => {
const key_spoiler_char = 'X';
if (!key || key.length <= key_spoiler_length) {

4
test/clients.js
View File

@@ -76,7 +76,7 @@ test('client test', async(t) => {
t.ok(result.client_sid, 'successfully retrieved Client by sid');
t.ok(result.username === 'client1', 'successfully retrieved Client by sid');
t.ok(result.is_active === 1 , 'successfully retrieved Client by sid');
t.ok(result.password === 'sdf12412' , 'successfully retrieved Client by sid');
t.ok(result.password === 'sXXXXXXX' , 'successfully retrieved Client by sid');
/* update the entity */
result = await request.put(`/Clients/${sid}`, {
@@ -94,7 +94,7 @@ test('client test', async(t) => {
json: true,
});
t.ok(result.is_active === 0 , 'successfully updated Client');
t.ok(result.password === 'sdf12412' , 'successfully retrieved Client by sid');
t.ok(result.password === 'sXXXXXXX' , 'successfully retrieved Client by sid');
/* delete Client */
result = await request.delete(`/Clients/${sid}`, {