diff --git a/backend/src/federation/authenticateCommunities.ts b/backend/src/federation/authenticateCommunities.ts index bf35900e6..6a06889f5 100644 --- a/backend/src/federation/authenticateCommunities.ts +++ b/backend/src/federation/authenticateCommunities.ts @@ -1,4 +1,4 @@ -import { Community as DbCommunity, FederatedCommunity as DbFederatedCommunity, getHomeCommunity } from 'database' +import { CommunityLoggingView, Community as DbCommunity, FederatedCommunity as DbFederatedCommunity, FederatedCommunityLoggingView, getHomeCommunity } from 'database' import { validate as validateUUID, version as versionUUID } from 'uuid' import { CONFIG } from '@/config' @@ -14,57 +14,56 @@ import { AuthenticationClientFactory } from './client/AuthenticationClientFactor const logger = getLogger(`${LOG4JS_BASE_CATEGORY_NAME}.federation.authenticateCommunities`) export async function startCommunityAuthentication( - foreignFedCom: DbFederatedCommunity, + fedComB: DbFederatedCommunity, ): Promise { + logger.debug(`startCommunityAuthentication()...`, { + fedComB: new FederatedCommunityLoggingView(fedComB), + }) const homeComA = await getHomeCommunity() - logger.debug('homeComA', homeComA) + logger.debug('homeComA', new CommunityLoggingView(homeComA!)) const homeFedComA = await DbFederatedCommunity.findOneByOrFail({ foreign: false, apiVersion: CONFIG.FEDERATION_BACKEND_SEND_ON_API, }) - logger.debug('homeFedComA', homeFedComA) - logger.debug('foreignFedCom', foreignFedCom) - const foreignComB = await DbCommunity.findOneByOrFail({ publicKey: foreignFedCom.publicKey }) - logger.debug('started with foreignComB:', foreignComB) + logger.debug('homeFedComA', new FederatedCommunityLoggingView(homeFedComA)) + const comB = await DbCommunity.findOneByOrFail({ publicKey: fedComB.publicKey }) + logger.debug('started with comB:', comB) // check if communityUuid is a valid v4Uuid and not still a temporary onetimecode try { - const validUUid = foreignComB.communityUuid !== null ? validateUUID(foreignComB.communityUuid) : false - logger.debug('validUUid', validUUid) - const versionUuid = foreignComB.communityUuid !== null ? versionUUID(foreignComB.communityUuid) : 0 - logger.debug('versionUuid', versionUuid) if ( - foreignComB && - ((foreignComB.communityUuid === null && foreignComB.authenticatedAt === null) || - (foreignComB.communityUuid !== null && validUUid && versionUuid === 4)) + comB && + ((comB.communityUuid === null && comB.authenticatedAt === null) || + (comB.communityUuid !== null && + validateUUID(comB.communityUuid) && + versionUUID(comB.communityUuid) === 4)) ) { - const client = AuthenticationClientFactory.getInstance(foreignFedCom) + logger.debug('comB has a valid v4Uuid and not still a temporary onetimecode') + const client = AuthenticationClientFactory.getInstance(fedComB) if (client instanceof V1_0_AuthenticationClient) { - if (!foreignComB.publicJwtKey) { - throw new Error('Public JWT key still not exist for foreign community') + if (!comB.publicJwtKey) { + throw new Error('Public JWT key still not exist for comB ' + comB.name) } //create JWT with url in payload encrypted by foreignCom.publicJwtKey and signed with homeCom.privateJwtKey const payload = new OpenConnectionJwtPayloadType( ensureUrlEndsWithSlash(homeFedComA.endPoint).concat(homeFedComA.apiVersion), ) - const jws = await encryptAndSign(payload, homeComA!.privateJwtKey!, foreignComB.publicJwtKey) + logger.debug('payload', payload) + const jws = await encryptAndSign(payload, homeComA!.privateJwtKey!, comB.publicJwtKey!) + logger.debug('jws', jws) // prepare the args for the client invocation const args = new EncryptedTransferArgs() args.publicKey = homeComA!.publicKey.toString('hex') args.jwt = jws - logger.debug( - 'before client.openConnection() args:', - homeComA!.publicKey.toString('hex'), - args.jwt, - ) + logger.debug('before client.openConnection() args:', args) if (await client.openConnection(args)) { - logger.debug(`successful initiated at community:`, foreignFedCom.endPoint) + logger.debug(`successful initiated at community:`, fedComB.endPoint) } else { - logger.error(`can't initiate at community:`, foreignFedCom.endPoint) + logger.error(`can't initiate at community:`, fedComB.endPoint) } } } else { - logger.debug(`foreignComB.communityUuid is not a valid v4Uuid or still a temporary onetimecode`, foreignComB.communityUuid, foreignComB.authenticatedAt) + logger.debug(`comB.communityUuid is not a valid v4Uuid or still a temporary onetimecode`, comB.communityUuid, comB.authenticatedAt) } } catch (err) { logger.error(`Error:`, err) diff --git a/backend/src/federation/validateCommunities.ts b/backend/src/federation/validateCommunities.ts index ff719f7a6..4e41cfef1 100644 --- a/backend/src/federation/validateCommunities.ts +++ b/backend/src/federation/validateCommunities.ts @@ -43,36 +43,36 @@ export async function validateCommunities(): Promise { .getMany() logger.debug(`found ${dbFederatedCommunities.length} dbCommunities`) - for (const dbCom of dbFederatedCommunities) { - logger.debug('dbCom', new FederatedCommunityLoggingView(dbCom)) + for (const dbFedComB of dbFederatedCommunities) { + logger.debug('dbFedComB', new FederatedCommunityLoggingView(dbFedComB)) const apiValueStrings: string[] = Object.values(ApiVersionType) logger.debug(`suppported ApiVersions=`, apiValueStrings) - if (!apiValueStrings.includes(dbCom.apiVersion)) { - logger.debug('dbCom with unsupported apiVersion', dbCom.endPoint, dbCom.apiVersion) + if (!apiValueStrings.includes(dbFedComB.apiVersion)) { + logger.debug('dbFedComB with unsupported apiVersion', dbFedComB.endPoint, dbFedComB.apiVersion) continue } try { - const client = FederationClientFactory.getInstance(dbCom) + const client = FederationClientFactory.getInstance(dbFedComB) if (client instanceof V1_0_FederationClient) { const pubKey = await client.getPublicKey() - if (pubKey && pubKey === dbCom.publicKey.toString('hex')) { - await DbFederatedCommunity.update({ id: dbCom.id }, { verifiedAt: new Date() }) - logger.debug(`verified community with:`, dbCom.endPoint) + if (pubKey && pubKey === dbFedComB.publicKey.toString('hex')) { + await DbFederatedCommunity.update({ id: dbFedComB.id }, { verifiedAt: new Date() }) + logger.debug(`verified dbFedComB with:`, dbFedComB.endPoint) const pubComInfo = await client.getPublicCommunityInfo() if (pubComInfo) { - await writeForeignCommunity(dbCom, pubComInfo) + await writeForeignCommunity(dbFedComB, pubComInfo) + logger.debug(`wrote response of getPublicCommunityInfo in dbFedComB ${dbFedComB.endPoint}`) try { - await startCommunityAuthentication(dbCom) + await startCommunityAuthentication(dbFedComB) } catch (err) { - logger.warn(`Warning: Community Authentication still not ready:`, err) + logger.warn(`Warning: Authentication of community ${dbFedComB.endPoint} still ongoing:`, err) } - logger.debug(`write publicInfo of community: name=${pubComInfo.name}`) } else { logger.debug('missing result of getPublicCommunityInfo') } } else { - logger.debug('received not matching publicKey:', pubKey, dbCom.publicKey.toString('hex')) + logger.debug('received not matching publicKey:', pubKey, dbFedComB.publicKey.toString('hex')) } } } catch (err) { diff --git a/core/src/graphql/logic/interpretEncryptedTransferArgs.ts b/core/src/graphql/logic/interpretEncryptedTransferArgs.ts index cb8353690..bd7c3285e 100644 --- a/core/src/graphql/logic/interpretEncryptedTransferArgs.ts +++ b/core/src/graphql/logic/interpretEncryptedTransferArgs.ts @@ -9,26 +9,25 @@ import { LOG4JS_BASE_CATEGORY_NAME } from '../../config/const' const logger = getLogger(`${LOG4JS_BASE_CATEGORY_NAME}.graphql.resolver.util.interpretEncryptedTransferArgs`) export const interpretEncryptedTransferArgs = async (args: EncryptedTransferArgs): Promise => { - const pubKeyBuf = Buffer.from(args.publicKey, 'hex') - - // first find with args.publicKey the community 'comA', which starts openConnection request - const comA = await DbCommunity.findOneBy({ publicKey: pubKeyBuf }) - if (!comA) { - const errmsg = `unknown requesting community with publicKey ${pubKeyBuf.toString('hex')}` + logger.debug('interpretEncryptedTransferArgs()... args:', args) + // first find with args.publicKey the community 'requestingCom', which starts the request + const requestingCom = await DbCommunity.findOneBy({ publicKey: Buffer.from(args.publicKey, 'hex') }) + if (!requestingCom) { + const errmsg = `unknown requesting community with publicKey ${args.publicKey}` logger.error(errmsg) throw new Error(errmsg) } - if (!comA.publicJwtKey) { - const errmsg = `missing publicJwtKey of requesting community with publicKey ${pubKeyBuf.toString('hex')}` + if (!requestingCom.publicJwtKey) { + const errmsg = `missing publicJwtKey of requesting community with publicKey ${args.publicKey}` logger.error(errmsg) throw new Error(errmsg) } - logger.debug(`found requestedCom:`, new CommunityLoggingView(comA)) - // verify the signing of args.jwt with homeCom.privateJwtKey and decrypt args.jwt with comA.publicJwtKey + logger.debug(`found requestingCom:`, new CommunityLoggingView(requestingCom)) + // verify the signing of args.jwt with homeCom.privateJwtKey and decrypt args.jwt with requestingCom.publicJwtKey const homeCom = await getHomeCommunity() - const jwtPayload = await verifyAndDecrypt(args.jwt, homeCom!.privateJwtKey!, comA.publicJwtKey) as JwtPayloadType + const jwtPayload = await verifyAndDecrypt(args.jwt, homeCom!.privateJwtKey!, requestingCom.publicJwtKey) as JwtPayloadType if (!jwtPayload) { - const errmsg = `invalid payload of community with publicKey ${pubKeyBuf.toString('hex')}` + const errmsg = `invalid payload of community with publicKey ${args.publicKey}` logger.error(errmsg) throw new Error(errmsg) }