Tanya Madaan
@@ -9,6 +9,8 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/zenazn/pkcs7pad"
|
"github.com/zenazn/pkcs7pad"
|
||||||
|
|
||||||
|
"github.com/beckn/beckn-onix/pkg/model"
|
||||||
)
|
)
|
||||||
|
|
||||||
// decrypter implements the Decrypter interface and handles the decryption process.
|
// decrypter implements the Decrypter interface and handles the decryption process.
|
||||||
@@ -24,18 +26,18 @@ func New(ctx context.Context) (*decrypter, func() error, error) {
|
|||||||
func (d *decrypter) Decrypt(ctx context.Context, encryptedData, privateKeyBase64, publicKeyBase64 string) (string, error) {
|
func (d *decrypter) Decrypt(ctx context.Context, encryptedData, privateKeyBase64, publicKeyBase64 string) (string, error) {
|
||||||
privateKeyBytes, err := base64.StdEncoding.DecodeString(privateKeyBase64)
|
privateKeyBytes, err := base64.StdEncoding.DecodeString(privateKeyBase64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("invalid private key: %w", err)
|
return "", model.NewBadReqErr(fmt.Errorf("invalid private key: %w", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKeyBase64)
|
publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKeyBase64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("invalid public key: %w", err)
|
return "", model.NewBadReqErr(fmt.Errorf("invalid public key: %w", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decode the Base64 encoded encrypted data.
|
// Decode the Base64 encoded encrypted data.
|
||||||
messageByte, err := base64.StdEncoding.DecodeString(encryptedData)
|
messageByte, err := base64.StdEncoding.DecodeString(encryptedData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("failed to decode encrypted data: %w", err)
|
return "", model.NewBadReqErr(fmt.Errorf("failed to decode encrypted data: %w", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
aesCipher, err := createAESCipher(privateKeyBytes, publicKeyBytes)
|
aesCipher, err := createAESCipher(privateKeyBytes, publicKeyBytes)
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ import (
|
|||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/beckn/beckn-onix/pkg/model"
|
||||||
"github.com/zenazn/pkcs7pad"
|
"github.com/zenazn/pkcs7pad"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -23,12 +24,12 @@ func New(ctx context.Context) (*encrypter, func() error, error) {
|
|||||||
func (e *encrypter) Encrypt(ctx context.Context, data string, privateKeyBase64, publicKeyBase64 string) (string, error) {
|
func (e *encrypter) Encrypt(ctx context.Context, data string, privateKeyBase64, publicKeyBase64 string) (string, error) {
|
||||||
privateKeyBytes, err := base64.StdEncoding.DecodeString(privateKeyBase64)
|
privateKeyBytes, err := base64.StdEncoding.DecodeString(privateKeyBase64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("invalid private key: %w", err)
|
return "", model.NewBadReqErr(fmt.Errorf("invalid private key: %w", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKeyBase64)
|
publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKeyBase64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("invalid public key: %w", err)
|
return "", model.NewBadReqErr(fmt.Errorf("invalid public key: %w", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert the input string to a byte slice.
|
// Convert the input string to a byte slice.
|
||||||
@@ -50,11 +51,11 @@ func createAESCipher(privateKey, publicKey []byte) (cipher.Block, error) {
|
|||||||
x25519Curve := ecdh.X25519()
|
x25519Curve := ecdh.X25519()
|
||||||
x25519PrivateKey, err := x25519Curve.NewPrivateKey(privateKey)
|
x25519PrivateKey, err := x25519Curve.NewPrivateKey(privateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to create private key: %w", err)
|
return nil, model.NewBadReqErr(fmt.Errorf("failed to create private key: %w", err))
|
||||||
}
|
}
|
||||||
x25519PublicKey, err := x25519Curve.NewPublicKey(publicKey)
|
x25519PublicKey, err := x25519Curve.NewPublicKey(publicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to create public key: %w", err)
|
return nil, model.NewBadReqErr(fmt.Errorf("failed to create public key: %w", err))
|
||||||
}
|
}
|
||||||
sharedSecret, err := x25519PrivateKey.ECDH(x25519PublicKey)
|
sharedSecret, err := x25519PrivateKey.ECDH(x25519PublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package schemavalidator
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
@@ -10,6 +11,7 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/beckn/beckn-onix/pkg/log"
|
||||||
"github.com/beckn/beckn-onix/pkg/model"
|
"github.com/beckn/beckn-onix/pkg/model"
|
||||||
|
|
||||||
"github.com/santhosh-tekuri/jsonschema/v6"
|
"github.com/santhosh-tekuri/jsonschema/v6"
|
||||||
@@ -57,7 +59,7 @@ func (v *schemaValidator) Validate(ctx context.Context, url *url.URL, data []byt
|
|||||||
var payloadData payload
|
var payloadData payload
|
||||||
err := json.Unmarshal(data, &payloadData)
|
err := json.Unmarshal(data, &payloadData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to parse JSON payload: %v", err)
|
return model.NewBadReqErr(fmt.Errorf("failed to parse JSON payload: %v", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Extract domain, version, and endpoint from the payload and uri.
|
// Extract domain, version, and endpoint from the payload and uri.
|
||||||
@@ -66,8 +68,7 @@ func (v *schemaValidator) Validate(ctx context.Context, url *url.URL, data []byt
|
|||||||
version = fmt.Sprintf("v%s", version)
|
version = fmt.Sprintf("v%s", version)
|
||||||
|
|
||||||
endpoint := path.Base(url.String())
|
endpoint := path.Base(url.String())
|
||||||
// ToDo Add debug log here
|
log.Debugf(ctx, "Handling request for endpoint: %s", endpoint)
|
||||||
fmt.Println("Handling request for endpoint:", endpoint)
|
|
||||||
domain := strings.ToLower(cxtDomain)
|
domain := strings.ToLower(cxtDomain)
|
||||||
domain = strings.ReplaceAll(domain, ":", "_")
|
domain = strings.ReplaceAll(domain, ":", "_")
|
||||||
|
|
||||||
@@ -77,12 +78,12 @@ func (v *schemaValidator) Validate(ctx context.Context, url *url.URL, data []byt
|
|||||||
// Retrieve the schema from the cache.
|
// Retrieve the schema from the cache.
|
||||||
schema, exists := v.schemaCache[schemaFileName]
|
schema, exists := v.schemaCache[schemaFileName]
|
||||||
if !exists {
|
if !exists {
|
||||||
return fmt.Errorf("schema not found for domain: %s", schemaFileName)
|
return model.NewBadReqErr(errors.New("schema not found for domain"))
|
||||||
}
|
}
|
||||||
|
|
||||||
var jsonData any
|
var jsonData any
|
||||||
if err := json.Unmarshal(data, &jsonData); err != nil {
|
if err := json.Unmarshal(data, &jsonData); err != nil {
|
||||||
return fmt.Errorf("failed to parse JSON data: %v", err)
|
return model.NewBadReqErr(fmt.Errorf("failed to parse JSON data: %v", err))
|
||||||
}
|
}
|
||||||
err = schema.Validate(jsonData)
|
err = schema.Validate(jsonData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -104,7 +105,6 @@ func (v *schemaValidator) Validate(ctx context.Context, url *url.URL, data []byt
|
|||||||
// Return the array of schema validation errors
|
// Return the array of schema validation errors
|
||||||
return &model.SchemaValidationErr{Errors: schemaErrors}
|
return &model.SchemaValidationErr{Errors: schemaErrors}
|
||||||
}
|
}
|
||||||
// Return a generic error for non-validation errors
|
|
||||||
return fmt.Errorf("validation failed: %v", err)
|
return fmt.Errorf("validation failed: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -112,9 +112,6 @@ func (v *schemaValidator) Validate(ctx context.Context, url *url.URL, data []byt
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidatorProvider provides instances of Validator.
|
|
||||||
type ValidatorProvider struct{}
|
|
||||||
|
|
||||||
// Initialise initialises the validator provider by compiling all the JSON schema files
|
// Initialise initialises the validator provider by compiling all the JSON schema files
|
||||||
// from the specified directory and storing them in a cache indexed by their schema filenames.
|
// from the specified directory and storing them in a cache indexed by their schema filenames.
|
||||||
func (v *schemaValidator) initialise() error {
|
func (v *schemaValidator) initialise() error {
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/beckn/beckn-onix/pkg/model"
|
||||||
"golang.org/x/crypto/blake2b"
|
"golang.org/x/crypto/blake2b"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -32,20 +33,17 @@ func New(ctx context.Context, config *Config) (*validator, func() error, error)
|
|||||||
func (v *validator) Validate(ctx context.Context, body []byte, header string, publicKeyBase64 string) error {
|
func (v *validator) Validate(ctx context.Context, body []byte, header string, publicKeyBase64 string) error {
|
||||||
createdTimestamp, expiredTimestamp, signature, err := parseAuthHeader(header)
|
createdTimestamp, expiredTimestamp, signature, err := parseAuthHeader(header)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
return model.NewSignValidationErr(fmt.Errorf("error parsing header: %w", err))
|
||||||
return fmt.Errorf("error parsing header: %w", err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
signatureBytes, err := base64.StdEncoding.DecodeString(signature)
|
signatureBytes, err := base64.StdEncoding.DecodeString(signature)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
|
||||||
return fmt.Errorf("error decoding signature: %w", err)
|
return fmt.Errorf("error decoding signature: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
currentTime := time.Now().Unix()
|
currentTime := time.Now().Unix()
|
||||||
if createdTimestamp > currentTime || currentTime > expiredTimestamp {
|
if createdTimestamp > currentTime || currentTime > expiredTimestamp {
|
||||||
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
return model.NewSignValidationErr(fmt.Errorf("signature is expired or not yet valid"))
|
||||||
return fmt.Errorf("signature is expired or not yet valid")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
createdTime := time.Unix(createdTimestamp, 0)
|
createdTime := time.Unix(createdTimestamp, 0)
|
||||||
@@ -55,13 +53,11 @@ func (v *validator) Validate(ctx context.Context, body []byte, header string, pu
|
|||||||
|
|
||||||
decodedPublicKey, err := base64.StdEncoding.DecodeString(publicKeyBase64)
|
decodedPublicKey, err := base64.StdEncoding.DecodeString(publicKeyBase64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
return model.NewSignValidationErr(fmt.Errorf("error decoding public key: %w", err))
|
||||||
return fmt.Errorf("error decoding public key: %w", err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ed25519.Verify(ed25519.PublicKey(decodedPublicKey), []byte(signingString), signatureBytes) {
|
if !ed25519.Verify(ed25519.PublicKey(decodedPublicKey), []byte(signingString), signatureBytes) {
|
||||||
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
return model.NewSignValidationErr(fmt.Errorf("signature verification failed"))
|
||||||
return fmt.Errorf("signature verification failed")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
@@ -91,14 +87,13 @@ func parseAuthHeader(header string) (int64, int64, string, error) {
|
|||||||
|
|
||||||
expiredTimestamp, err := strconv.ParseInt(signatureMap["expires"], 10, 64)
|
expiredTimestamp, err := strconv.ParseInt(signatureMap["expires"], 10, 64)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
return 0, 0, "", model.NewSignValidationErr(fmt.Errorf("invalid expires timestamp: %w", err))
|
||||||
return 0, 0, "", fmt.Errorf("invalid expires timestamp: %w", err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
signature := signatureMap["signature"]
|
signature := signatureMap["signature"]
|
||||||
if signature == "" {
|
if signature == "" {
|
||||||
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
// TODO: Return appropriate error code when Error Code Handling Module is ready
|
||||||
return 0, 0, "", fmt.Errorf("signature missing in header")
|
return 0, 0, "", model.NewSignValidationErr(fmt.Errorf("signature missing in header"))
|
||||||
}
|
}
|
||||||
|
|
||||||
return createdTimestamp, expiredTimestamp, signature, nil
|
return createdTimestamp, expiredTimestamp, signature, nil
|
||||||
|
|||||||
Reference in New Issue
Block a user