joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update gcenter.js

Browse Source
This commit is contained in:
Manuel Trezza
2022-06-17 17:30:54 +02:00
parent c411c48d49
commit 53afafa13f
1 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Adapters/Auth/gcenter.js
View File

@@ -56,8 +56,9 @@ async function getAppleCertificate(publicKeyUrl) {
const cert_headers = await new Promise((resolve, reject) => const cert_headers = await new Promise((resolve, reject) =>
https.get(headOptions, res => resolve(res.headers)).on('error', reject) https.get(headOptions, res => resolve(res.headers)).on('error', reject)
); );
const validContentTypes = ['application/x-x509-ca-cert', 'application/pkix-cert'];
if ( if (
cert_headers['content-type'] !== 'application/pkix-cert' || !validContentTypes.includes(cert_headers['content-type']) ||
cert_headers['content-length'] == null || cert_headers['content-length'] == null ||
cert_headers['content-length'] > 10000 cert_headers['content-length'] > 10000
) { ) {
@@ -66,7 +67,7 @@ async function getAppleCertificate(publicKeyUrl) {
`Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}` `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
); );
} }
const {certificate, headers} = await getCertificate(publicKeyUrl); const { certificate, headers } = await getCertificate(publicKeyUrl);
if (headers['cache-control']) { if (headers['cache-control']) {
const expire = headers['cache-control'].match(/max-age=([0-9]+)/); const expire = headers['cache-control'].match(/max-age=([0-9]+)/);
if (expire) { if (expire) {
@@ -90,7 +91,7 @@ function getCertificate(url, buffer) {
}); });
res.on('end', () => { res.on('end', () => {
if (buffer) { if (buffer) {
resolve({certificate: Buffer.concat(data), headers: res.headers}); resolve({ certificate: Buffer.concat(data), headers: res.headers });
return; return;
} }
let cert = ''; let cert = '';
@@ -98,7 +99,7 @@ function getCertificate(url, buffer) {
cert += chunk.toString('base64'); cert += chunk.toString('base64');
} }
const certificate = convertX509CertToPEM(cert); const certificate = convertX509CertToPEM(cert);
resolve({certificate, headers: res.headers}); resolve({ certificate, headers: res.headers });
}); });
}) })
.on('error', reject); .on('error', reject);
@@ -132,7 +133,10 @@ function verifySignature(publicKey, authData) {
function verifyPublicKeyIssuer(cert, publicKeyUrl) { function verifyPublicKeyIssuer(cert, publicKeyUrl) {
const publicKeyCert = pki.certificateFromPem(cert); const publicKeyCert = pki.certificateFromPem(cert);
if (!ca.cert) { if (!ca.cert) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'); throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'
);
} }
try { try {
if (!ca.cert.verify(publicKeyCert)) { if (!ca.cert.verify(publicKeyCert)) {
@@ -163,21 +167,25 @@ async function validateAuthData(authData) {
// Returns a promise that fulfills if this app id is valid. // Returns a promise that fulfills if this app id is valid.
async function validateAppId(appIds, authData, options = {}) { async function validateAppId(appIds, authData, options = {}) {
if (!options.rootCertificateUrl) { if (!options.rootCertificateUrl) {
options.rootCertificateUrl = 'https://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt.pem' options.rootCertificateUrl =
'https://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt.pem';
} }
if (ca.url === options.rootCertificateUrl) { if (ca.url === options.rootCertificateUrl) {
return; return;
} }
const {certificate, headers} = await getCertificate(options.rootCertificateUrl, true); const { certificate, headers } = await getCertificate(options.rootCertificateUrl, true);
if ( if (
headers['content-type'] !== 'application/x-pem-file' || headers['content-type'] !== 'application/x-pem-file' ||
headers['content-length'] == null || headers['content-length'] == null ||
headers['content-length'] > 10000 headers['content-length'] > 10000
) { ) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'); throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND,
'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'
);
} }
ca.cert = pki.certificateFromPem(certificate); ca.cert = pki.certificateFromPem(certificate);
ca.url = options.rootCertificateUrl ca.url = options.rootCertificateUrl;
} }
module.exports = { module.exports = {