extractSignaturesFromHeader

RocketChat · Dec 9, 2024 · d0bc0ec · d0bc0ec
1 parent c99a79e
commit d0bc0ec
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 3 deletions.
diff --git a/packages/homeserver/src/authentication.spec.ts b/packages/homeserver/src/authentication.spec.ts
@@ -1,6 +1,11 @@
-import { expect, test } from "bun:test";
-
-import { computeHash, generateId, signRequest } from "./authentication";
+import { describe, expect, test } from "bun:test";
+
+import {
+	computeHash,
+	extractSignaturesFromHeader,
+	generateId,
+	signRequest,
+} from "./authentication";
 import { generateKeyPairsFromString } from "./keys";
 import { signJson, signText } from "./signJson";
 
@@ -161,3 +166,27 @@ test("computeHash", async () => {
 		"nPC9Qk7Amj+ykakbc25gzyyCdHrukUflCNeAM5DGoU4",
 	);
 });
+
+describe("extractSignaturesFromHeaders", async () => {
+	test("it should extract the origin, destination, key, and signature from the authorization header", async () => {
+		expect(
+			extractSignaturesFromHeader(
+				'X-Matrix origin="synapse1",destination="synapse2",key="ed25519:a_yNbw",sig="lxdmBBy9OtgsmRDbm1I3dhyslE4aFJgCcg48DBNDO0/rK4d7aUX3YjkDTMGLyugx9DT+s34AgxnBZOWRg1u6AQ"',
+			),
+		).toStrictEqual({
+			destination: "synapse2",
+			key: "ed25519:a_yNbw",
+			origin: "synapse1",
+			signature:
+				"lxdmBBy9OtgsmRDbm1I3dhyslE4aFJgCcg48DBNDO0/rK4d7aUX3YjkDTMGLyugx9DT+s34AgxnBZOWRg1u6AQ",
+		});
+	});
+
+	test("it should throw an error if the authorization header is invalid", async () => {
+		expect(() =>
+			extractSignaturesFromHeader(
+				'X-Matrix origin="synapse1",destination="synapse2",key="ed25519:a_yNbw",sig="lxdmBBy9OtgsmRDbm1I3dhyslE4aFJgCcg48DBNDO0/rK4d7aUX3YjkDTMGLyugx9DT+s34AgxnBZOWRg1u6AQ',
+			),
+		).toThrow("Invalid authorization header");
+	});
+});
diff --git a/packages/homeserver/src/authentication.ts b/packages/homeserver/src/authentication.ts
@@ -96,3 +96,43 @@ export function generateId<T extends object>(content: T): string {
 		{ urlSafe: true },
 	)}`;
 }
+
+/**
+ * Extracts the origin, destination, key, and signature from the authorization header.
+ *
+ * @param authorizationHeader The authorization header.
+ * @returns An object containing the origin, destination, key, and signature.
+ */
+
+export const extractSignaturesFromHeader = (authorizationHeader: string) => {
+	// `X-Matrix origin="${origin}",destination="${destination}",key="${key}",sig="${signed}"`
+
+	const regex = /\b(origin|destination|key|sig)="([^"]+)"/g;
+	const {
+		origin,
+		destination,
+		key,
+		sig: signature,
+		...rest
+	} = Object.fromEntries(
+		[...authorizationHeader.matchAll(regex)].map(
+			([, key, value]) => [key, value] as const,
+		),
+	);
+
+	if (Object.keys(rest).length) {
+		// it should never happen since the regex should match all the parameters
+		throw new Error("Invalid authorization header, unexpected parameters");
+	}
+
+	if ([origin, destination, key, signature].some((value) => !value)) {
+		throw new Error("Invalid authorization header");
+	}
+
+	return {
+		origin,
+		destination,
+		key,
+		signature,
+	};
+};