-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.js
134 lines (103 loc) · 4.19 KB
/
main.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
const jsSHA = require('jssha');
const { buildQueryStringFromParams, joinUrlAndQueryString } = require('insomnia-url');
const isEmpty = obj => Object.keys(obj).length === 0 && obj.constructor === Object
const generateRandomString = ({ length }) => {
const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
let array = new Uint8Array(length);
window.crypto.getRandomValues(array);
array = array.map(x => validChars.charCodeAt(x % validChars.length));
const randomState = String.fromCharCode.apply(null, array);
return randomState;
}
const getHash256 = data => {
let hash;
if (data && !isEmpty(data)) {
if (typeof (data) !== "string") data = JSON.stringify(data);
const shaObj = new jsSHA("SHA-256", "TEXT");
shaObj.update(data);
hash = shaObj.getHash("HEX");
} else {
hash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
}
return hash;
}
const getDigest = (apiKey, nonce, timestamp, method, url, dataHash) => {
const phase1 = (apiKey + nonce + timestamp + method + encodeURIComponent(url) + dataHash);
const phase2 = phase1.toLowerCase();
return phase2;
}
const getSignature = (apiSecret, digest) => {
const hmacObj = new jsSHA("SHA-512", "TEXT");
hmacObj.setHMACKey(apiSecret, "B64");
hmacObj.update(digest);
const signature = hmacObj.getHMAC("HEX");
return signature;
}
const getFCX = (apiKey, apiSecret, method, url, data) => {
url = url.replace(/(\/\/localhost):\d+(\/?)/, '$1$2')
const timestamp = new Date().getTime().toString();
const nonce = generateRandomString({ length: 16 });
const dataHash = getHash256(data.text);
const digest = getDigest(apiKey, nonce, timestamp, method, url, dataHash);
const signature = getSignature(apiSecret, digest);
const fcx = (apiKey + ":" + nonce + ":" + timestamp + ":" + signature).toLowerCase();
// console.log('apiKey', apiKey);
// console.log('apiSecret', apiSecret);
// console.log('method', method);
// console.log('url', url);
// console.log('data', data.text);
// console.log('dataHash', dataHash);
// console.log('digest', digest);
// console.log('signature', signature);
// console.log('fcx', fcx);
return fcx;
}
const getKnownHostsFromEnvironment = env => {
const variable = 'use-fastcash-fcx-on';
const useFcxOn = env[variable];
if (!useFcxOn) return [];
const root = env[useFcxOn];
const hosts = new Set();
const getEntries = r => Object.keys(r)
.filter(k => typeof r[k] === 'object' && r[k] !== null)
.map(k => r[k]);
for (entry of getEntries(root)) {
const host = entry['host'];
if (host) hosts.add(host);
}
const host = root['host'];
if (host) hosts.add(host);
return Array.from(hosts);
}
const getUrl = request => {
const qs = buildQueryStringFromParams(request.getParameters());
const url = joinUrlAndQueryString(request.getUrl(), qs);
return url;
}
const canAddFcxAuthHeader = (request, currentUrl) => {
const knownHosts = getKnownHostsFromEnvironment(request.getEnvironment());
let canHandle = knownHosts.some(host => currentUrl.includes(host));
const auth = request.getAuthentication();
// caso ja tenha apikey definida, usa. exemplo: endpoints de PCI
if (auth && !isEmpty(auth)) {
canHandle = /bearer/.test(auth.type) && /apikey/.test(auth.prefix)
}
return canHandle;
}
const addFcxAuthHeader = async context => {
const request = context.request;
const url = getUrl(request);
if (canAddFcxAuthHeader(request, url)) {
const variable = 'fastcash';
const user = request.getEnvironmentVariable(variable);
if (!user) throw new Error(`Variable '${variable}' with 'credentials' are required`);
const apiKey = user.credentials.apiKey;
const apiSecret = user.credentials.apiSecret;
const method = request.getMethod();
const data = request.getBody();
const fcx = getFCX(apiKey, apiSecret, method, url, data);
request.setHeader('Authorization', `FCX ${fcx}`);
console.log('FCX added to request', url);
}
}
module.exports.requestHooks = [addFcxAuthHeader]