fix middleware

pagopa-archive · Mar 13, 2023 · 031df65 · 031df65
1 parent 776972e
commit 031df65
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 15 deletions.
diff --git a/utils/crypto.ts b/utils/crypto.ts
@@ -21,7 +21,7 @@ export const constants = {
  * @returns {string} contentDigest The 'Content-Digest' header value.
  */
 export const generateDigestHeader = (
-  payload: Buffer,
+  payload: Buffer | string,
   cipher: string
 ): string => {
   // Validate the input payload
@@ -52,7 +52,7 @@ export const generateDigestHeader = (
  */
 export const validateDigestHeader = (
   contentDigestHeader: string,
-  body: Buffer
+  body: Buffer | string
 ): void => {
   if (!contentDigestHeader) {
     throw new Error("Content-Digest header missing");

diff --git a/utils/middleware/__tests__/http_message_signature_middleware.test.ts b/utils/middleware/__tests__/http_message_signature_middleware.test.ts
@@ -17,7 +17,7 @@ describe("HttpMessageSignatureMiddleware", () => {
       app: {
         get: () => ({
           bindings: {
-            req: { rawBody: Buffer.from(JSON.stringify(aValidPayload)) }
+            req: { rawBody: JSON.stringify(aValidPayload) }
           }
         })
       },
@@ -40,7 +40,7 @@ describe("HttpMessageSignatureMiddleware", () => {
       app: {
         get: () => ({
           bindings: {
-            req: { rawBody: Buffer.from(JSON.stringify(aValidPayload)) }
+            req: { rawBody: JSON.stringify(aValidPayload) }
           }
         })
       },

diff --git a/utils/middleware/http_message_signature_middleware.ts b/utils/middleware/http_message_signature_middleware.ts
@@ -36,28 +36,33 @@ export const LollipopHeadersForSignature = t.intersection([
 ]);
 
 export const isValidDigestHeader = (
-  contentDigestHeader: string,
-  body: Buffer
+  contentDigestHeader: string | undefined,
+  body: Buffer | string
 ): boolean =>
   pipe(
-    E.tryCatch(
-      () => crypto.validateDigestHeader(contentDigestHeader, body),
-      E.toError
+    contentDigestHeader,
+    E.fromNullable(new Error("Missing 'content-digest' header")),
+    E.chain(contentDigest =>
+      E.tryCatch(
+        () => crypto.validateDigestHeader(contentDigest, body),
+        E.toError
+      )
     ),
     E.fold(constFalse, constTrue)
   );
 
 export const validateHttpSignature = (
   request: express.Request,
   assertionRef: AssertionRef,
-  publicKey: JwkPublicKey
+  publicKey: JwkPublicKey,
+  body?: string
 ): TE.TaskEither<Error, true> =>
   pipe(
     {
       httpHeaders: request.headers,
       url: request.url,
       method: request.method,
-      body: request.body,
+      body,
       verifier: {
         keyMap: {
           [assertionRef]: {
@@ -124,13 +129,16 @@ export const HttpMessageSignatureMiddleware = (): IRequestMiddleware<
     ),
     E.filterOrElseW(
       ({ rawBody, lollipopHeaders }) =>
-        lollipopHeaders["content-digest"]
+        rawBody || lollipopHeaders["content-digest"]
           ? isValidDigestHeader(lollipopHeaders["content-digest"], rawBody)
           : true,
-      () => ResponseErrorInternal("The body do not match the content digest")
+      () =>
+        ResponseErrorInternal(
+          "The content-digest is empty or do not match the body"
+        )
     ),
     TE.fromEither,
-    TE.chainW(({ lollipopHeaders }) =>
+    TE.chainW(({ rawBody, lollipopHeaders }) =>
       pipe(
         lollipopHeaders["x-pagopa-lollipop-public-key"],
         JwkPublicKeyFromToken.decode,
@@ -140,7 +148,8 @@ export const HttpMessageSignatureMiddleware = (): IRequestMiddleware<
           validateHttpSignature(
             request,
             lollipopHeaders["x-pagopa-lollipop-assertion-ref"],
-            key
+            key,
+            rawBody
           )
         ),
         TE.mapLeft(error =>