From 042347accf402c67f2df0fd9a755ee1777fc8061 Mon Sep 17 00:00:00 2001
From: Carifio24 <carifio24@gmail.com>
Date: Tue, 1 Oct 2024 13:40:54 -0400
Subject: [PATCH] Refactor out functionality for hashing keys. Create hashed
 key for test directly from API key.

---
 src/authorization.ts | 11 +++++++++--
 src/database.ts      |  2 +-
 src/middleware.ts    |  3 +++
 tests/utils.ts       |  9 +++++++--
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/authorization.ts b/src/authorization.ts
index e673197..e65ca50 100644
--- a/src/authorization.ts
+++ b/src/authorization.ts
@@ -6,13 +6,20 @@ const HASHER = new SHA3(256);
 
 const validKeys = new Map<string, APIKey>();
 
+export function hashAPIKey(key: string): string {
+  HASHER.reset();
+  HASHER.update(key);
+  const hashed = HASHER.digest("hex");
+  HASHER.reset();
+  return hashed;
+}
+
 export async function getAPIKey(key: string): Promise<APIKey | null> {
   const cachedKey = validKeys.get(key);
   if (cachedKey !== undefined) {
     return cachedKey;
   }
-  HASHER.update(key);
-  const hashedKey = HASHER.digest("hex");
+  const hashedKey = hashAPIKey(key);
   const apiKey = await APIKey.findOne({ where: { hashed_key: hashedKey } });
   HASHER.reset();
   if (apiKey !== null) {
diff --git a/src/database.ts b/src/database.ts
index b78b66e..b700fbb 100644
--- a/src/database.ts
+++ b/src/database.ts
@@ -253,7 +253,7 @@ export const SignUpStudentSchema = S.struct({
 export type SignUpStudentOptions = S.Schema.To<typeof SignUpStudentSchema>;
 
 export async function signUpStudent(options: SignUpStudentOptions): Promise<SignUpResult> {
-  
+
   const encryptedPassword = encryptPassword(options.password);
 
   let validCode;
diff --git a/src/middleware.ts b/src/middleware.ts
index 001f80e..62849b3 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -17,6 +17,9 @@ export async function apiKeyMiddleware(req: Request, res: ExpressResponse, next:
   const key = req.get("Authorization");
   const apiKey = key ? await getAPIKey(key) : null;
   const apiKeyExists = apiKey !== null;
+  console.log(`key is null: ${key === null}`);
+  console.log(`key is undefined: ${key === undefined}`);
+  console.log(`API key exists: ${apiKeyExists}`);
   if (validOrigin || (apiKeyExists && hasPermission(apiKey, req))) {
     next();
   } else {
diff --git a/tests/utils.ts b/tests/utils.ts
index c3af7b2..bc31b37 100644
--- a/tests/utils.ts
+++ b/tests/utils.ts
@@ -11,6 +11,7 @@ import { APIKey } from "../src/models/api_key";
 import { config } from "dotenv";
 import { getDatabaseConnection } from "../src/database";
 import { createConnection, Connection } from "mysql2/promise";
+import { hashAPIKey } from "../src/authorization";
 
 export function authorize(request: Test): Test {
   return request.set({ Authorization: process.env.CDS_API_KEY });
@@ -72,10 +73,14 @@ export async function syncTables(force=false): Promise<void> {
 
 export async function addAPIKey(): Promise<APIKey | void> {
   // Set up some basic data that we're going to want
-  return APIKey.create({
-    hashed_key: process.env.HASHED_API_KEY as string,
+  const hashedKey = hashAPIKey(process.env.CDS_API_KEY as string);
+  await APIKey.create({
+    hashed_key: hashedKey,
     client: "Tests",
   });
+
+  const keys = await APIKey.findAll();
+  console.log(`There are ${keys.length} keys`);
 }
 
 export async function addTestData() {