From cbf85fe2f9f574691784011ce595afcd4b1a0607 Mon Sep 17 00:00:00 2001 From: Jonathan Barrow Date: Fri, 9 Aug 2024 18:46:34 -0400 Subject: [PATCH] fix: make NNAS middleware only accept console tokens --- src/database.ts | 7 ++++++- src/middleware/pnid.ts | 7 ++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/database.ts b/src/database.ts index b6d443e..b4a8e4c 100644 --- a/src/database.ts +++ b/src/database.ts @@ -98,12 +98,17 @@ export async function getPNIDByBasicAuth(token: string): Promise { +export async function getPNIDByTokenAuth(token: string, allowedTypes?: number[]): Promise { verifyConnected(); try { const decryptedToken = decryptToken(Buffer.from(token, 'hex')); const unpackedToken = unpackToken(decryptedToken); + + if (allowedTypes && !allowedTypes.includes(unpackedToken.system_type)) { + return null; + } + const pnid = await getPNIDByPID(unpackedToken.pid); if (pnid) { diff --git a/src/middleware/pnid.ts b/src/middleware/pnid.ts index cb9776e..2381bc3 100644 --- a/src/middleware/pnid.ts +++ b/src/middleware/pnid.ts @@ -14,7 +14,7 @@ async function PNIDMiddleware(request: express.Request, response: express.Respon const parts = authHeader.split(' '); const type = parts[0]; let token = parts[1]; - let pnid: HydratedPNIDDocument | null; + let pnid: HydratedPNIDDocument | null = null; if (request.isCemu) { token = Buffer.from(token, 'hex').toString('base64'); @@ -22,8 +22,9 @@ async function PNIDMiddleware(request: express.Request, response: express.Respon if (type === 'Basic') { pnid = await getPNIDByBasicAuth(token); - } else { - pnid = await getPNIDByTokenAuth(token); + } else if (type === 'Bearer') { + // TODO - This "accepted types list" is mostly a hack. Change this + pnid = await getPNIDByTokenAuth(token, [1, 2]); } if (!pnid) {