This repository has been archived by the owner on Jan 9, 2023. It is now read-only.
forked from nm123github/u2f-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.js
112 lines (87 loc) · 3 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
const U2F = require("u2f");
const Express = require("express");
const BodyParser = require("body-parser");
const Cors = require("cors");
const HTTPS = require("https");
const FS = require("fs");
const path = require("path")
const session = require("express-session");
const config = require("./config.json");
const APP_ID = config.appID;
const app = Express();
const port = config.port;
console.log(config)
app.use(session({ secret: config.cookeyKey, saveUninitialized: true, resave: false }));
app.use(BodyParser.json());
app.use(BodyParser.urlencoded({ extended: true }));
var users = {}
app.use(Express.static(path.join(__dirname, 'public'))); //Serves resources from public folder
app.post("/register/init", (request, response, next) => {
if (!request.body.username) {
return response
.status(500)
.json({
status: "failed",
error: "Missing username"
});
}
request.session.u2fchallenge = U2F.request(APP_ID);
request.session.username = request.body.username
console.log("request.session.u2fchallenge", request.session.u2fchallenge);
console.log("username", request.body.username);
return response.json({
status: "ok",
challenge: request.session.u2fchallenge
});
})
app.post("/register/response", (request, response, next) => {
if (!request.body.registerResponse) {
return response
.status(500)
.json({
status: "failed",
error: "Missing registerResponse"
});
}
console.log("request.session.u2fchallenge", request.session.u2fchallenge);
console.log("request.body.registerResponse", request.body.registerResponse);
var registration = U2F.checkRegistration(request.session.u2fchallenge, request.body.registerResponse);
console.log("registration", registration);
if (!registration.successful) {
return response
.status(500)
.json({
status: "failed",
error: "Failed to verify register response!"
});
}
users[request.session.username] = registration;
return response.json({
status: "ok",
});
})
app.post("/sign/init", (request, response, next) => {
if (!request.body.username) {
return response
.status(500)
.json({
status: "failed",
error: "Missing username"
});
}
request.session.u2fchallenge = U2F.request(APP_ID, users[request.body.username].keyHandle);
request.session.username = request.body.username
return response.json({
status: "ok",
challenge: request.session.u2fchallenge
});
})
app.post("/sign/response", (request, response, next) => {
var success = U2F.checkSignature(request.session.u2fchallenge, request.body.loginResponse, users[request.session.username].publicKey);
return response.json({
status: "ok"
});
})
app.listen(port);
console.log(`Started app on port ${port}`);
module.exports = app;