From 2d5fe4097102b77470cb9cf582f73b01aaa43536 Mon Sep 17 00:00:00 2001 From: Trent Larson Date: Sun, 14 Jul 2024 17:53:11 -0600 Subject: [PATCH] add test for did:peer JWT --- src/server.ts | 48 ++++++++++++++++++++++++------------------------ test/test.sh | 22 +++++++++++++++++++++- 2 files changed, 45 insertions(+), 25 deletions(-) diff --git a/src/server.ts b/src/server.ts index 2472fb2..154c3e6 100644 --- a/src/server.ts +++ b/src/server.ts @@ -58,15 +58,15 @@ app.get('/image-limits', async (req, res) => { if (!limitsResult.success) { return limitsResult.result; } - return res.status(200).send(JSON.stringify({ + return res.status(200).send({ success: true, doneImagesThisWeek: limitsResult.doneImagesThisWeek, maxImagesPerWeek: limitsResult.maxImagesPerWeek, nextWeekBeginDateTime: limitsResult.nextWeekBeginDateTime - })); + }); } catch (e) { console.error('Error getting image limits:', e, ' ... with this string: ' + e); - return res.status(500).send(JSON.stringify({ success: false, message: 'Got this error retrieving limits: ' + e })); + return res.status(500).send({ success: false, message: 'Got this error retrieving limits: ' + e }); } }); @@ -82,7 +82,7 @@ app.get('/image-limits', async (req, res) => { app.post('/image', uploadMulter.single('image'), async (req, res) => { const reqFile = req.file; if (reqFile == null) { - return res.status(400).send(JSON.stringify({ success: false, message: 'No file uploaded.' })); + return res.status(400).send({ success: false, message: 'No file uploaded.' }); } try { if (reqFile.size > 10485760) { // 10MB @@ -91,7 +91,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { console.error("Error deleting too-large temp file", reqFile.path, "with error (but continuing):", err); } }); - return res.status(400).send(JSON.stringify({success: false, message: 'File size is too large. Maximum file size is 10MB.'})); + return res.status(400).send({success: false, message: 'File size is too large. Maximum file size is 10MB.'}); } const limitsResult = await retrievelimits(req, res); @@ -103,7 +103,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { const issuerDid = limitsResult.issuerDid; if (doneImagesThisWeek >= maxImagesPerWeek) { - return res.status(400).send(JSON.stringify({ success: false, message: 'You have reached your weekly limit of ' + maxImagesPerWeek + ' images.' })); + return res.status(400).send({ success: false, message: 'You have reached your weekly limit of ' + maxImagesPerWeek + ' images.' }); } // Read the file from the temporary location @@ -121,7 +121,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { // For some reason, this prepared-statement SQL gives seg fault: "SELECT did FROM image WHERE did = ? and final_file = ?" if (issuerDid.indexOf("'") >= 0 || finalFileName.indexOf("'") >= 0) { console.error("Error: SQL injection attempt with", issuerDid, finalFileName); - return res.status(400).send(JSON.stringify({ success: false, message: 'SQL injection attempt detected.' })); + return res.status(400).send({ success: false, message: 'SQL injection attempt detected.' }); } const sql = "SELECT did FROM image WHERE did = '" + issuerDid + "' and final_file = '" + finalFileName + "'"; db.get( @@ -137,7 +137,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { ); }); if (!didForOriginal) { - return res.status(404).send(JSON.stringify({ success: false, message: 'No image entry found for user ' + issuerDid + ' for file ' + finalFileName })); + return res.status(404).send({ success: false, message: 'No image entry found for user ' + issuerDid + ' for file ' + finalFileName }); } // check if any other user recorded this image @@ -155,7 +155,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { ); }); if (othersWhoSentImage) { - return res.status(400).send(JSON.stringify({ success: false, message: 'Other users have also saved this image so it cannot be modified. You will have to replace your own references.' })); + return res.status(400).send({ success: false, message: 'Other users have also saved this image so it cannot be modified. You will have to replace your own references.' }); } // remove from S3 @@ -170,10 +170,10 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { && response.$metadata.httpStatusCode !== 204) { const errorTime = new Date().toISOString(); console.error(errorTime, "Error deleting from S3 with bad HTTP status, with metadata:", response.$metadata); - return res.status(500).send(JSON.stringify({ + return res.status(500).send({ success: false, message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime - })); + }); } // might as well remove from DB and add it all back again later @@ -214,7 +214,7 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { ); }); if (imageUrl) { - return res.status(201).send(JSON.stringify({ success: true, url: imageUrl, message: 'This image already existed.' })); + return res.status(201).send({ success: true, url: imageUrl, message: 'This image already existed.' }); } } @@ -265,10 +265,10 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { if (response.$metadata.httpStatusCode !== 200) { const errorTime = new Date().toISOString(); console.error(errorTime, "Error uploading to S3 with bad HTTP status, with metadata:", response.$metadata); - return res.status(500).send(JSON.stringify({ + return res.status(500).send({ success: false, message: "Got bad status of " + response.$metadata.httpStatusCode + " from S3. See server logs at " + errorTime - })); + }); } else { fs.rm(reqFile.path, (err) => { if (err) { @@ -282,19 +282,19 @@ app.post('/image', uploadMulter.single('image'), async (req, res) => { } catch (uploadError) { const errorTime = new Date().toISOString(); console.error(errorTime, "Error uploading to S3:", uploadError); - return res.status(500).send(JSON.stringify({ + return res.status(500).send({ success: false, message: "Got error uploading file. See server logs at " + errorTime + " Error Details: " + uploadError - })); + }); } }) } catch (error) { const errorTime = new Date().toISOString(); console.error(errorTime, "Error processing image upload:", error); - res.status(500).send(JSON.stringify({ + res.status(500).send({ success: false, - message: "Got error processing image upload. See server logs at " + errorTime + " Error Details: " + error - })); + message: "Got error processing image upload. See server logs at " + errorTime + " Error Details: " + JSON.stringify(error) + }); } }); @@ -391,7 +391,7 @@ app.delete('/image/:url', async (req, res) => { console.error(errorTime, "Error processing image delete:", error); return res.status(500).send({ success: false, - message: "Got error processing image delete. See server logs at " + errorTime + " Error Details: " + error + message: "Got error processing image delete. See server logs at " + errorTime + " Error Details: " + JSON.stringify(error) }); } }); @@ -428,7 +428,7 @@ async function retrievelimits(req, res) { console.error("Got bad response of", response.status, "when checking rate limits for", issuerDid); return { success: false, - result: res.status(400).send(JSON.stringify({ success: false, message: 'Got bad status of ' + response.status + ' when checking limits with endorser server. Verify that the account exists and that the JWT works for that server.'})) + result: res.status(400).send({ success: false, message: 'Got bad status of ' + response.status + ' when checking limits with endorser server. Verify that the account exists and that the JWT works for that server.'}) }; } else { const body = await response.json(); @@ -453,7 +453,7 @@ async function retrievelimits(req, res) { if (maxImagesPerWeek == null) { return { success: false, - result: res.status(400).send(JSON.stringify({ success: false, message: 'Unable to determine rate limits for this user. Verify that the account exists and that the JWT works for that server.' })) + result: res.status(400).send({ success: false, message: 'Unable to determine rate limits for this user. Verify that the account exists and that the JWT works for that server.' }) }; } @@ -497,7 +497,7 @@ async function decodeJwt(req, res) { if (!auth || !auth.startsWith('Bearer ')) { return { success: false, - result: res.status(401).send(JSON.stringify({success: false, message: 'Missing "Bearer JWT" in Authorization header.'})) + result: res.status(401).send({success: false, message: 'Missing "Bearer JWT" in Authorization header.'}) }; } const jwt = auth.substring('Bearer '.length); @@ -507,7 +507,7 @@ async function decodeJwt(req, res) { console.error(errorTime, 'Got invalid JWT in Authorization header:', verified); return { success: false, - result: res.status(401).send(JSON.stringify({ success: false, message: 'Got invalid JWT in Authorization header. See server logs at ' + errorTime })) + result: res.status(401).send({ success: false, message: 'Got invalid JWT in Authorization header. See server logs at ' + errorTime }) }; } return { success: true, issuerDid: verified.issuer, jwt: jwt }; diff --git a/test/test.sh b/test/test.sh index 380ea2d..e253e2d 100755 --- a/test/test.sh +++ b/test/test.sh @@ -27,6 +27,13 @@ JWT=$(node -e "$JWT_CODE_USER_0") echo JWT: $JWT RESULT=$(curl -X POST -H "Authorization: Bearer $JWT" -F "image=@test0.png" "$HOST/image") echo curl result: $RESULT +SUCCESS=$(echo $RESULT | jq -r '.success') +if [ $SUCCESS = "true" ]; then + echo "User #0 uploaded file." +else + echo "User #0 failed to upload a file."; + exit 1 +fi echo "Download from the URL supplied" URL0=$(echo $RESULT | jq -r '.url') @@ -57,7 +64,7 @@ else exit 1 fi -echo "Now unsuccessfully upload a change to the image by user 1" +echo "Now fail to upload a change to the image by user 1" FILENAME0=$(basename $URL0) JWT=$(node -e "$JWT_CODE_USER_1") echo JWT: $JWT @@ -125,3 +132,16 @@ else echo "Test file 1 was not cleaned off server."; exit 1 fi + +echo "Upload test2.png by did:peer user" +JWT="eyJ0eXAiOiJKV0FOVCIsImFsZyI6IkVTMjU2In0.eyJBdXRoZW50aWNhdGlvbkRhdGFCNjRVUkwiOiJTWllONVlnT2pHaDBOQmNQWkhaZ1c0X2tycm1paGpMSG1Wenp1b01kbDJNRkFBQUFBQSIsIkNsaWVudERhdGFKU09OQjY0VVJMIjoiZXlKMGVYQmxJam9pZDJWaVlYVjBhRzR1WjJWMElpd2lZMmhoYkd4bGJtZGxJam9pWlhsS01sbDVTVFpsZVVwcVkyMVdhMXBYTlRCaFYwWnpWVE5XYVdGdFZtcGtRMGsyWlhsS1FWa3lPWFZrUjFZMFpFTkpOa2x0YURCa1NFSjZUMms0ZG1NeVRtOWFWekZvVEcwNWVWcDVTWE5KYTBJd1pWaENiRWxxYjJsU01td3lXbFZHYW1SSGJIWmlhVWx6U1cxU2JHTXlUbmxoV0VJd1lWYzVkVWxxYjJsalIydzJaVzFGYVdaWU1ITkpiVlkwWTBOSk5rMVVZM2xOUkUwMFQwUlZNazE1ZDJsaFYwWXdTV3B2ZUU1NlNYZE5lbWMwVGxSQmVreERTbkJqTTAxcFQybEthMkZYVVRaalIxWnNZMnB2ZDJWcmRFNVNiWEF5Vmxka1dtTnJNSGhoUm1nelVrZE9kR0pVVWtOWmJtaE1XV3hLVDFWWFJsbFZhM0I1VVRGQ2FGRnNjREJSTWpsd1lVaE9UVlpHUWt0UmJrSnVWbGhTUkU5VmRHdFBXRUo1WldwR2RsWklSalJXTWxaMFVtMWFUMVl3VGs5YU1IaEdVMjVzVVU1RlduWlVSWFF3WWxjMVdHRkdSbmhaVlU1MVVXMVdiVll5T1hSU00wcFVVVlJPTWs1RFNqa2lMQ0p2Y21sbmFXNGlPaUpvZEhSd09pOHZiRzlqWVd4b2IzTjBPamd3T0RBaUxDSmpjbTl6YzA5eWFXZHBiaUk2Wm1Gc2MyVjkiLCJleHAiOjE3MjAzODg1NjMsImlhdCI6MTcyMDM4ODUwMywiaXNzIjoiZGlkOnBlZXI6MHpLTUZqdlVnWXJNMWhYd0RjbW00QmJ4S2JSTlFhWFJKckNQYUJadENvaWhzTFRQSkJwZ1V0QzlLZDlwcnoxb1RxeFdlbUZmTldDTmdMRUp5UDRGb0xLdG1uV2hRcWFDbkJlZldvbUdyU0EzdjQifQ.MEQCIAsMMNUcSjoxn0LZuE6FvZ6dsm-uQROeX3RPWt6QlRyPAiA670XdJXnLw8QFR9a6KCMt-qUyGZg88mMfT-1DtipcwA" +echo JWT: $JWT +RESULT=$(curl -X POST -H "Authorization: Bearer $JWT" -F "image=@test2.svg" "$HOST/image") +echo curl result: $RESULT +SUCCESS=$(echo $RESULT | jq -r '.success') +if [ $SUCCESS = "true" ]; then + echo "User #2 uploaded SVG file." +else + echo "User #2 failed to upload SVG file. Note that this may be because the server wasn't started with NODE_ENV=test-local which bypasses check of the exp date."; + exit 1 +fi