[chore] security package update

[impl] server static content
[impl] Offline activation 2nd wave
2021-08-31 03:42:04 +02:00 · 2021-08-31 02:38:10 +02:00 · 2021-08-31 01:42:50 +02:00 · 2021-08-30 04:48:46 +02:00
11 changed files with 986 additions and 1598 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -30,25 +30,27 @@
    "join-js": "^1.0.0",
    "jsonwebtoken": "^8.2.1",
    "kcors": "^2.2.1",
-    "knex": "^0.14.6",
+    "knex": "^0.95.10",
    "koa": "^2.5.1",
    "koa-bodyparser": "^4.2.0",
    "koa-helmet": "^4.0.0",
    "koa-jwt": "^3.3.1",
    "koa-logger": "^3.2.0",
+    "koa-mount": "^4.0.0",
    "koa-response-time": "^2.0.0",
    "koa-router": "^7.4.0",
-    "lodash": "^4.17.10",
+    "koa-static": "^5.0.0",
+    "lodash": "^4.17.21",
    "mysql": "^2.15.0",
    "pg": "^7.4.1",
    "qs": "^6.5.1",
    "request": "^2.85.0",
    "request-promise": "^4.2.2",
-    "slug": "^0.9.1",
+    "slug": "^0.9.4",
    "uuid": "^3.2.1",
    "validator": "^9.4.1",
    "winston": "^2.4.2",
-    "yup": "^0.24.1"
+    "yup": "^0.32.9"
  },
  "devDependencies": {
    "faker": "^4.1.0",
--- a/src/app.js
+++ b/src/app.js
@ -30,6 +30,8 @@ app.use(logger())

 app.use(camelizeMiddleware)

+app.use(require('koa-mount')('/temp/license-activator-tool', require('koa-static')('./public')))
+
 app.use(error)
 app.use(db(app))
 app.use(cors(config.cors))
--- a/src/config/supportedApps.js
+++ b/src/config/supportedApps.js
@ -2,10 +2,18 @@
 * Pick parameters which are significant for including into license file
 */
 exports.pickParams = function (appId, systemParams) {
-//	if (appId === 'coc') {
-	const appParams = ['biosSerialNum', 'osId', 'mainboardSerialNum', 'diskSerialNum', 'nicMac'];
-	const requiredParams = 2;
-//	}
+	let appParams = ['biosSerialNum', 'osId', 'mainboardSerialNum', 'diskSerialNum', 'nicMac'];
+	let requiredParams = 2;
+
+	if (appId === 'cocserver') {
+		if (systemParams.hasOwnProperty("cpuIdHypervisor")) {
+			appParams = ['osId', 'computerUUID', 'cpuIdModel', 'nicMac', 'diskSerialNum', 'nicMac', 'mainboardSerialNum', 'computerSerial'];
+			requiredParams = 3
+		}
+		else {
+			appParams = ['osId', 'computerUUID', 'mainboardSerialNum', 'computerSerial', 'diskSerialNum', 'nicMac', 'cpuIdModel'];
+        }
+	}

 	let resParams = {};
 	console.log(systemParams)
@ -20,4 +28,4 @@ exports.pickParams = function (appId, systemParams) {
 	}

 	return null;
-};
+};
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@ -1,9 +1,11 @@
 const apiV1 = require('./apiV1-controller')
+const temp = require('./temp-controller')
 const products = require('./products-controller')
 const login = require('./login-controller')

 module.exports = {
-	apiV1,
+    apiV1,
+    temp,
    products,
    login
 }
--- a/src/controllers/temp-controller.js
+++ b/src/controllers/temp-controller.js
@ -0,0 +1,36 @@
+const base32 = require('hi-base32')
+const crypto = require('crypto')
+const { parseOfflinePreactivationRequest } = require('../lib/generateLicenseFile')
+
+
+function checkRequestString(requestString) {
+    if (requestString !== null && typeof requestString === 'string') {
+        if (requestString.length > 0) {
+            return (requestString)
+        }
+    }
+    throw new Error('Invalid request string')
+}
+
+module.exports = {
+
+    async generateNewLicense(ctx) {
+        const licenseNum = base32.encode(crypto.randomBytes(15))
+        const licenseNumNice = licenseNum.match(/.{4}/g).join('-')
+        ctx.body = '<html><body>' +
+            `License for client: <pre>${licenseNumNice}</pre>` +
+            'SQL command to insert license into database with 2 licensed modules <strong>ccengine</strong> (windows app) and <strong>cndata</strong> (CN data): <pre>' +
+            `Insert Into License (productId, licenseNum, customerId) Values ('coc', '${licenseNum}', '123456');\n` +
+            `Insert Into LicensedModule (productId, licenseNum, moduleId) Values ('coc', '${licenseNum}', 'ccengine');\n` +
+            `Insert Into LicensedModule (productId, licenseNum, moduleId) Values ('coc', '${licenseNum}', 'cndata');\n` +
+            '</pre>' +
+            '</body></html>';
+    },
+
+    async parseOfflineActivationRequest(ctx) {
+        const { body } = ctx.request
+        console.log(body)
+        ctx.body = await parseOfflinePreactivationRequest(checkRequestString(body.requestString))
+    }
+
+}
--- a/src/lib/generateLicenseFile.js
+++ b/src/lib/generateLicenseFile.js
@ -39,3 +39,34 @@ exports.generateLicenseFile = async function (activationId, productId, systemPar
 	console.log(output.toString('hex'));
 	return output
 }
+
+exports.parseOfflinePreactivationRequest = async function (activationRequest) {
+    const beginTag = "-BEGIN ACTIVATION REQUEST-----"
+    let beginPos = activationRequest.indexOf(beginTag)
+    if (beginPos < 0) {
+        throw "Invalid activation request format"
+    }
+    beginPos = beginPos + beginTag.length;
+    activationRequest = activationRequest.substring(beginPos)
+
+    const endTag = "-----END ACTIVATION REQUEST-"
+    let endPos = activationRequest.indexOf(endTag)
+    if (endPos < 0) {
+        throw "Invalid activation request format"
+    }
+    const data = activationRequest.substring(0, endPos)
+
+    const buff = Buffer.from(data, 'base64');
+
+    const algorithm = 'aes-256-gcm';
+    const password = Buffer.from('e73db572349005f1c41979baf8166a0900745119fa096b9c3efbcee11ddd8b88', 'hex');
+    const decipher = crypto.createDecipheriv(algorithm, password, buff.subarray(0, 16))
+    decipher.setAuthTag(buff.subarray(-16))
+    let decrypted = decipher.update(buff.subarray(16, -16))
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+    console.log(decrypted)
+    const inflateRaw = denodeify(zlib.inflateRaw)
+    const decompressed = await inflateRaw(decrypted);
+    console.log(JSON.stringify(JSON.parse(decompressed.toString()), null, 4))
+    return JSON.parse(decompressed.toString('utf-8'));
+}
--- a/src/routes/index.js
+++ b/src/routes/index.js
@ -5,6 +5,7 @@ const backend = new Router()

 const apiV1 = require('./apiV1-router')
 api.use(apiV1)
+const temp = require('./temp-router')

 const products = require('./products-router')
 const login = require('./login-router')
@ -13,21 +14,7 @@ backend.use(products)
 backend.use(login)

 router.use('/api', api.routes())
+router.use('/temp', temp)
 router.use('/backend', backend.routes())

-const base32 = require('hi-base32')
-const crypto = require('crypto')
-router.get('/temp/generate-new-license', async function(ctx) {
-    const licenseNum = base32.encode(crypto.randomBytes(15))
-    const licenseNumNice = licenseNum.match(/.{4}/g).join('-')
-    ctx.body = '<html><body>' +
-               `License for client: <pre>${licenseNumNice}</pre>` +
-               'SQL command to insert license into database with 2 licensed modules <strong>ccengine</strong> (windows app) and <strong>cndata</strong> (CN data): <pre>' +
-               `Insert Into License (productId, licenseNum, customerId) Values ('coc', '${licenseNum}', '123456');\n` +
-               `Insert Into LicensedModule (productId, licenseNum, moduleId) Values ('coc', '${licenseNum}', 'ccengine');\n` +
-               `Insert Into LicensedModule (productId, licenseNum, moduleId) Values ('coc', '${licenseNum}', 'cndata');\n` +
-               '</pre>' +
-               '</body></html>'
-});
-
 module.exports = router
--- a/src/routes/temp-router.js
+++ b/src/routes/temp-router.js
@ -0,0 +1,8 @@
+const Router = require('koa-router')
+const ctrl = require('controllers').temp
+const router = new Router()
+
+router.get('/generate-new-license', ctrl.generateNewLicense);
+router.get('/parse-offline-activation-request', ctrl.parseOfflineActivationRequest);
+
+module.exports = router.routes()
--- a/test/nodb-services.js
+++ b/test/nodb-services.js
@ -0,0 +1,32 @@
+const Koa = require('koa')
+const Router = require('koa-router')
+const app = new Koa()
+const cors = require('kcors')
+const bodyParser = require('koa-bodyparser')
+const { generateNewLicense, parseOfflineActivationRequest } = require("../src/controllers/temp-controller.js")
+
+const router = new Router()
+
+router.get('/temp/generate-new-license', generateNewLicense)
+router.post('/temp/parse-offline-activation-request', parseOfflineActivationRequest);
+
+app.use(require('koa-mount')('/temp/license-activator-tool', require('koa-static')('c:/work/license-activator-tool/build')))
+
+app.use(cors({
+    origin: '*',
+    exposeHeaders: ['Authorization'],
+    credentials: true,
+    allowMethods: ['GET', 'PUT', 'POST', 'DELETE'],
+    allowHeaders: ['Authorization', 'Content-Type'],
+    keepHeadersOnError: true
+}))
+
+app.use(bodyParser({
+    enableTypes: ['json']
+}))
+
+
+// response
+app.use(router.routes())
+
+app.listen(3001, () => console.log('server started 3001'))
--- a/test/testOffineActivationRequest.js
+++ b/test/testOffineActivationRequest.js
@ -0,0 +1,9 @@
+const { parseOfflinePreactivationRequest} = require('../src/lib/generateLicenseFile')
+
+parseOfflinePreactivationRequest(`-----BEGIN ACTIVATION REQUEST-----
+8o4j86i3bfbWkHQ/quJGsjdjeDwkdaKFQb7L/+7nxueACWZ/x3msv8pt8iEbDoSX
+i/MDZ5TRgav6Xw/bNl2K4uWvyBsHjnIn8+M3oxCVtxkLbXyOzdJfKrbls616mIUP
+FiiQzW1Pa9P7L2ebXAPTDFe4v5OWyGRFfcrFvDMeK570KT4Ol/xwIE/obRF8WhXe
+x2vr
+-----END ACTIVATION REQUEST-----`).then(() => 0)
+    .catch((reason) => console.log(reason))
Author	SHA1	Message	Date
Peter Sykora	55f33ad490	[chore] security package update	2021-08-31 03:42:04 +02:00
Peter Sykora	d9ae244c97	[impl] server static content	2021-08-31 02:38:10 +02:00
Peter Sykora	bf64ffeb01	[impl] Offline activation 2nd wave	2021-08-31 01:42:50 +02:00
Peter Sykora	db63daf633	[impl] Offline activation request	2021-08-30 04:48:46 +02:00