Javascript/Nodejs help

Discussion in 'Tech Heads' started by Chemosh, May 17, 2019.

  1. Chemosh

    Chemosh TZT Addict

    Post Count:
    4,306
    So, I'm working on some middleware auth for an app that I'm building. I've been stuck on this stupid section for hours now and just can't get past it. Here's what this function does

    It takes a cookie that's passed into it, it parses the javascript web token, validates if the user is who they say they are and then 'should' say, 200 OK or 401 GTFO. Everything on this works except one simple catch statement. The 3rd party library I'm using 'jose' which decodes the JWT and validates it doesn't return the data in the catch statement.

    For example, I get a console.log of 'Catch', but the result this function returns is 'null' at the end of the day. However, if my token is expired, or I'm successful, ANY of the other res.error(...) statements work and I get the proper response.

    Do any of you guys see anything stupid that I'm just overlooking?

    The section I'm having issues with is
    catch(function(e) {
    console.log("Catch");
    res.error(RESPONSE.UNAUTHORIZED.CODE, RESPONSE.UNAUTHORIZED.MESSAGE);
    // TODO broken
    });

    Code:
    var jose = require('node-jose');
    const RESPONSE = require("../response");
    
    var app_client_id = '1rk639l7gs6uhkmv05lg2g16ue';
    const COGNITO_IDENTITY_COOKIE_STARTER = `CognitoIdentityServiceProvider.${app_client_id}`
    
    module.exports = async (req, res, next) => {
    //console.log(req.cookies);
    let lastAuthUser = req.cookies[`${COGNITO_IDENTITY_COOKIE_STARTER}.LastAuthUser`]
    let token = req.cookies[`${COGNITO_IDENTITY_COOKIE_STARTER}.${lastAuthUser}.idToken`]
    
    
    var sections = token.split('.');
    // get the kid from the headers prior to verification
    var header = jose.util.base64url.decode(sections[0]);
    header = JSON.parse(header);
    var kid = header.kid;
    
    let keys = [
    {
    "alg": "RS256",
    "e": "AQAB",
    "kid": "7O22ApeUswg0GJCafkGr/b9l1IbQqoUlCLswBxUGQUo=",
    "kty": "RSA",
    "n": "mRkOy8zDvulfYC9JsQUGEgOSyLmnrOIJvdUenOx3YL83VIXDfqreyOEXzA1p7flq4iAxBBqUOC298XH7Tzda0ukHSdM5Bv1J_uZpQp8AWBGkhUNYJfIDFUZ2GGOE4VFNaPm2_d3r-3KdPLGSVXyffW8uyJlkSbAX6rQv9oAKtU6lufYuSVUWcwoFpfubE0tS9A-krRfcqTj3hdioDVyrp4Da2xURo9Ydl3JWO22BiNPNrlamPnRs5UpJzeIZNpzZwHqwduzQpz4FRHMHRPcmD-DeEVCmWQgPJg5CPFgSFwsSlBgT-wx1qiC0q97-PRCkgoq26389QWeViyGPVKrhrQ",
    "use": "sig"
    },
    {
    "alg": "RS256",
    "e": "AQAB",
    "kid": "pOTtOAtqIjk0WdkKY0N49XQjwyCqry2dNBoIXJvwqsw=",
    "kty": "RSA",
    "n": "3TSFWhba1obtrZBR7yWVTlCu8uvbiY1dUw_YDwWq1e7T-Wb_8CPmn0TtwlmNMkRiUDocp6Ydn1zob7igvDKeBe22vY_KkFs4L94h2aJmg8MnZJjSTXHaO2_F-UYVUC9h4Ix3MgDLl2lysJ5OWKuj-8_o0qKnfiI2x0bnWQVhuzUWCSA4hb9Utybq-ctRRmITaIpy1OzOMJyPBbw0_Juw5cu9cmXxFBvqf-w7_0ubAoDeVHW7Br60Isbz-5mUKnnix9HStxFqcGDOxTynUPTL3-4Ztk7yrGU1MZjeIO5EU2Jd9ZWprvCTys_5TC5Dh8Jcrhns2BgKMJfY35Hiyozqsw",
    "use": "sig"
    }
    ]
    var key_index = -1;
    
    for (var i=0; i < keys.length; i++) {
    if (kid == keys[i].kid) {
    key_index = i;
    break;
    }
    }
    
    if (key_index == -1) {
    console.log("key_index = -1");
    res.error(500, "Internal Server Error");
    }
    jose.JWK.asKey(keys[key_index]).
    then(function(result) {
    // verify the signature
    jose.JWS.createVerify(result).
    verify(token).
    then(function(result) {
    // now we can use the claims
    var claims = JSON.parse(result.payload);
    // additionally we can verify the token expiration
    var current_ts = Math.floor(new Date() / 1000);
    if (current_ts > claims.exp) {
    //resolve('Token is expired');
    res.error(RESPONSE.UNAUTHORIZED_EXPIRED_TOKEN.CODE, RESPONSE.UNAUTHORIZED_EXPIRED_TOKEN.MESSAGE);
    }
    // and the Audience (use claims.client_id if verifying an access token)
    if (claims.aud != app_client_id) {
    console.log("here I")
    res.error(RESPONSE.UNAUTHORIZED.CODE, RESPONSE.UNAUTHORIZED.MESSAGE);
    }
    console.log(claims);
    next(); // change to next
    }).
    catch(function(e) {
    console.log("Catch");
    res.error(RESPONSE.UNAUTHORIZED.CODE, RESPONSE.UNAUTHORIZED.MESSAGE);
    // TODO broken
    });
    });
    }
    
     
  2. Chemosh

    Chemosh TZT Addict

    Post Count:
    4,306
    No idea what changed. I just reloaded the container today and made no changes and it's working *shrug*
     
  3. Agrul

    Agrul TZT Neckbeard Lord

    Post Count:
    45,903
    did you try scripting the nodes??
     
  4. Utumno

    Utumno Administrator Staff Member

    Post Count:
    41,366
    did u check the alternator?
     
  5. Chemosh

    Chemosh TZT Addict

    Post Count:
    4,306
    Blinker fluid