-
Notifications
You must be signed in to change notification settings - Fork 0
/
helpers.js
51 lines (42 loc) · 1.19 KB
/
helpers.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
'use strict';
const Boom = require('boom');
const Joi = require('joi');
let rp = require('request-promise');
rp = rp.defaults({
json: true
});
exports.validateInput = function(input, schema) {
const inputValidation = Joi.validate(input, schema);
if(inputValidation.error) {
throw Boom.badRequest(inputValidation.error);
}
};
exports.validateUser = function(authHeader) {
if(!authHeader) {
throw Boom.unauthorized();
}
//TODO check for 'Bearer ' and throw a bad request if it doesn't exist
// 'Bearer ' is 7 chars long
const token = authHeader.substring(7);
return rp({
method: 'POST',
uri: 'https://edifice.auth0.com/tokeninfo',
body: {
id_token: token
}
}).catch(function() {
throw Boom.unauthorized();
});
};
// This will eliminate the possibility of a timing attack
// https://codahale.com/a-lesson-in-timing-attacks/
exports.stringEquals = function(actual, test) {
if (actual.length !== test.length) {
return false;
}
let result = true;
for (let i = 0; i < test.length; i++) {
result = result && test.charAt(i) === actual.charAt(i);
}
return result;
};