Refactor out functionality for hashing keys. Create hashed key for te…

…st directly from API key.
cosmicds · Oct 1, 2024 · 042347a · 042347a
1 parent c3c7477
commit 042347a
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 5 deletions.
diff --git a/src/authorization.ts b/src/authorization.ts
@@ -6,13 +6,20 @@ const HASHER = new SHA3(256);
 
 const validKeys = new Map<string, APIKey>();
 
+export function hashAPIKey(key: string): string {
+  HASHER.reset();
+  HASHER.update(key);
+  const hashed = HASHER.digest("hex");
+  HASHER.reset();
+  return hashed;
+}
+
 export async function getAPIKey(key: string): Promise<APIKey | null> {
   const cachedKey = validKeys.get(key);
   if (cachedKey !== undefined) {
     return cachedKey;
   }
-  HASHER.update(key);
-  const hashedKey = HASHER.digest("hex");
+  const hashedKey = hashAPIKey(key);
   const apiKey = await APIKey.findOne({ where: { hashed_key: hashedKey } });
   HASHER.reset();
   if (apiKey !== null) {

diff --git a/src/database.ts b/src/database.ts
@@ -253,7 +253,7 @@ export const SignUpStudentSchema = S.struct({
 export type SignUpStudentOptions = S.Schema.To<typeof SignUpStudentSchema>;
 
 export async function signUpStudent(options: SignUpStudentOptions): Promise<SignUpResult> {
-  
+
   const encryptedPassword = encryptPassword(options.password);
 
   let validCode;

diff --git a/src/middleware.ts b/src/middleware.ts
@@ -17,6 +17,9 @@ export async function apiKeyMiddleware(req: Request, res: ExpressResponse, next:
   const key = req.get("Authorization");
   const apiKey = key ? await getAPIKey(key) : null;
   const apiKeyExists = apiKey !== null;
+  console.log(`key is null: ${key === null}`);
+  console.log(`key is undefined: ${key === undefined}`);
+  console.log(`API key exists: ${apiKeyExists}`);
   if (validOrigin || (apiKeyExists && hasPermission(apiKey, req))) {
     next();
   } else {

diff --git a/tests/utils.ts b/tests/utils.ts
@@ -11,6 +11,7 @@ import { APIKey } from "../src/models/api_key";
 import { config } from "dotenv";
 import { getDatabaseConnection } from "../src/database";
 import { createConnection, Connection } from "mysql2/promise";
+import { hashAPIKey } from "../src/authorization";
 
 export function authorize(request: Test): Test {
   return request.set({ Authorization: process.env.CDS_API_KEY });
@@ -72,10 +73,14 @@ export async function syncTables(force=false): Promise<void> {
 
 export async function addAPIKey(): Promise<APIKey | void> {
   // Set up some basic data that we're going to want
-  return APIKey.create({
-    hashed_key: process.env.HASHED_API_KEY as string,
+  const hashedKey = hashAPIKey(process.env.CDS_API_KEY as string);
+  await APIKey.create({
+    hashed_key: hashedKey,
     client: "Tests",
   });
+
+  const keys = await APIKey.findAll();
+  console.log(`There are ${keys.length} keys`);
 }
 
 export async function addTestData() {