lukechilds
/
umbrel-samourai-dojo
mirror of https://github.com/lukechilds/umbrel-samourai-dojo.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add support of auth token passed through the authorization http header

umbrel
kenshin-samourai 6 years ago
parent
c6ccd4bc5c
commit
a386b0dc2e
14 changed files with 40 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      doc/DELETE_xpub.md
  2. 2
      doc/GET_fees.md
  3. 2
      doc/GET_header.md
  4. 2
      doc/GET_multiaddr.md
  5. 2
      doc/GET_tx.md
  6. 2
      doc/GET_txs.md
  7. 2
      doc/GET_unspent.md
  8. 2
      doc/GET_xpub.md
  9. 2
      doc/POST_auth_login.md
  10. 2
      doc/POST_auth_refresh.md
  11. 2
      doc/POST_pushtx.md
  12. 2
      doc/POST_xpub.md
  13. 2
      doc/POST_xpub_lock.md
  14. 27
      lib/auth/authorizations-manager.js

2
doc/DELETE_xpub.md
View File

@ -11,7 +11,7 @@ DELETE /xpub/:xpub
## Parameters
* **address** - `string` - The first address of the internal chain for this `xpub`, derivation path `M/1/0`. Use compressed P2PHK address regardless of HD derivation scheme.
* **signature** - `string` - The base64-encoded signature of the double SHA256 hash of `[varuint length of xpub string, xpub string]`. Signature scheme follows [bitcoinjs-message](https://github.com/bitcoinjs/bitcoinjs-message/blob/master/index.js) with a message prefix matching the [coin type](https://github.com/bitcoinjs/bitcoinjs-lib/blob/v3.1.1/src/networks.js). Use the ECPair associated with the `M/1/0` address to sign.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Example

2
doc/GET_fees.md
View File

@ -8,7 +8,7 @@ GET /fees
```
## Parameters
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Examples

2
doc/GET_header.md
View File

@ -9,7 +9,7 @@ GET /header/:hash
## Parameters
* **hash** - `string` - The block hash
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Examples

2
doc/GET_multiaddr.md
View File

@ -38,7 +38,7 @@ GET /multiaddr?active=...[&new=...][&bip49=...][&bip84=...][&pubkey=...]
* **bip49** - `string` - A pipe-separated list of **new** extended public keys to be derived via [BIP49](https://github.com/bitcoin/bips/blob/master/bip-0049.mediawiki) and/or new P2WPKH/P2SH loose addresses
* **bip84** - `string` - A pipe-separated list of **new** extended public keys to be derived via [BIP84](https://github.com/bitcoin/bips/blob/master/bip-0084.mediawiki) and/or new P2WPKH Bech32 loose addresses
* **pubkey** - `string` - A pipe-separated list of **new** public keys to be derived as P2PKH, P2WPKH/P2SH, P2WPKH Bech32 addresses
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Examples

2
doc/GET_tx.md
View File

@ -11,7 +11,7 @@ GET /tx/:txid?fees=1
## Parameters
* **txid** - `string` - The transaction ID
* **fees** - `string` - (optional) Scan previous outputs to compute fees
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Examples

2
doc/GET_txs.md
View File

@ -12,7 +12,7 @@ GET /txs?active=...
* **active** - `string` - A pipe-separated list of extended public keys and/or loose addresses and/or pubkeys (`xpub1|address1|address2|pubkey1|...`)
* **page** - `integer` - Index of the requested page (first page is index 0)
* **count** - `integer` - Number of transactions returned per page
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Examples

2
doc/GET_unspent.md
View File

@ -36,7 +36,7 @@ GET /unspent?active=...&new=...&bip49=...&bip84=...&pubkey=...
* **bip49** - `string` - A pipe-separated list of **new** extended public keys to be derived via [BIP49](https://github.com/bitcoin/bips/blob/master/bip-0049.mediawiki) and/or new P2WPKH/P2SH loose addresses
* **bip84** - `string` - A pipe-separated list of **new** extended public keys to be derived via [BIP84](https://github.com/bitcoin/bips/blob/master/bip-0084.mediawiki) and/or new P2WPKH Bech32 loose addresses
* **pubkey** - `string` - A pipe-separated list of **new** public keys to be derived as P2PKH, P2WPKH/P2SH, P2WPKH Bech32 addresses
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Examples

2
doc/GET_xpub.md
View File

@ -10,7 +10,7 @@ GET /xpub/:xpub
## Parameters
* **:xpub** - `string` - The extended public key for the HD Account
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Example

2
doc/POST_auth_login.md
View File

@ -1,6 +1,6 @@
# Authentication
Authenticate to the backend by providing the API key expected by the server. If authentication succeeds, the endpoint returns a json embedding an access token and a refresh token (JSON Web Tokens). The access token must be passed as an argument for all later calls to the backend (account & pushtx REST API + websockets). The refresh token must be passed as an argument for later calls to /auth/refresh allowing to generate a new access token.
Authenticate to the backend by providing the API key expected by the server. If authentication succeeds, the endpoint returns a json embedding an access token and a refresh token (JSON Web Tokens). The access token must be passed as an argument or in the `Authorization` HTTP header for all later calls to the backend (account & pushtx REST API + websockets). The refresh token must be passed as an argument or in the `Authorization` HTTP header for later calls to /auth/refresh allowing to generate a new access token.
Authentication is activated in /keys/inndex.js configuration file

2
doc/POST_auth_refresh.md
View File

@ -1,6 +1,6 @@
# Refresh the access token
Request a new access token from the backend. A valid refresh token must be passed as an argument.
Request a new access token from the backend. A valid refresh token must be passed as an argument or through the `Authorization` HTTP header (with the `Bearer` scheme).
```

2
doc/POST_pushtx.md
View File

@ -8,7 +8,7 @@ POST /pushtx/
## Parameters
* **tx** - `hex string` - The raw transaction hex
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Example

2
doc/POST_xpub.md
View File

@ -13,7 +13,7 @@ POST /xpub
* **type** - `string` - Whether this is a newly-created account or one being restored. Recognized values are `'new'` and `'restore'`.
* **segwit** - `string` (optional) - What type of SegWit support for this xpub, if any. Valid values: `'bip49'` and `'bip84'`
* **force** - `boolean` (optional) - Force an override of derivation scheme even if xpub is locked. Used for `'restore'` operation.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Example

2
doc/POST_xpub_lock.md
View File

@ -10,7 +10,7 @@ POST /xpub/:xpub/lock
* **address** - `string` - The first address of the internal chain for this `xpub`, derivation path `M/1/0`. Use compressed P2PHK address regardless of HD derivation scheme.
* **message** - `string` - Either `"lock"` or `"unlock"`
* **signature** - `string` - The base64-encoded signature of the double SHA256 hash of `[varuint length of message string, message string]`. Signature scheme follows [bitcoinjs-message](https://github.com/bitcoinjs/bitcoinjs-message/blob/master/index.js) with a message prefix matching the [coin type](https://github.com/bitcoinjs/bitcoinjs-lib/blob/v3.1.1/src/networks.js). Use the ECPair associated with the `M/1/0` address to sign.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated.
* **at** - `string` (optional) - Access Token (json web token). Required if authentication is activated. Alternatively, the access token can be passed through the `Authorization` HTTP header (with the `Bearer` scheme).
### Example

27
lib/auth/authorizations-manager.js
View File

@ -220,6 +220,10 @@ class AuthorizationsManager {
* @returns {Object} returns the json web token
*/
_extractAccessToken(req) {
const token = this._extractBearerAuthorizationHeader(req)
if (token)
return token
if (req.body && req.body.at && validator.isJWT(req.body.at))
return req.body.at
@ -269,6 +273,10 @@ class AuthorizationsManager {
* @returns {Object} returns the json web token
*/
_extractRefreshToken(req) {
const token = this._extractBearerAuthorizationHeader(req)
if (token)
return token
if (req.body && req.body.rt && validator.isJWT(req.body.rt))
return req.body.rt
@ -291,6 +299,25 @@ class AuthorizationsManager {
return payload
}
/**
* Extract a bearer JWT auth token
* from the Authorization HTTP header
* Returns null if it doesn't exist or is an onvalid JWT
* @param {Object} req - http request object
* @returns {Object} returns the json web token
*/
_extractBearerAuthorizationHeader(req) {
if (req.get('Authorization')) {
const authHeader = req.get('Authorization')
if (authHeader.startsWith('Bearer ')) {
const token = authHeader.substring(7)
if (validator.isJWT(token))
return token
}
}
return null
}
}
module.exports = new AuthorizationsManager()

Write Preview
Loading…
Cancel
Save