Merge pull request #34 from Koredotcom/XOP-2118

yesuch-kore · web-flow · commit ddd3dda0fe57 · 2023-10-16T20:33:20.000+05:30
Added support for HS512 JWT signing algorithm
diff --git a/config.json b/config.json
@@ -17,6 +17,14 @@
             "appId": "test_app_id2"
         }
     },
+    "jwt": {
+        "jwtAlgorithm": "HS256",
+        "jwt-expiry": 60,
+        "st-67890":{
+            "jwtAlgorithm": "HS512",
+            "jwt-expiry": 60
+        }
+    },
     "redis": {
         "options": {
             "host": "localhost",
diff --git a/lib/app/middlewares/APIKeyMiddleware/index.js b/lib/app/middlewares/APIKeyMiddleware/index.js
@@ -7,6 +7,7 @@ var jwt = require("jwt-simple");
 var config = require('../../../../config');
 var apiPrefix = config.app.apiPrefix;
 var credentials = config.credentials;
+var jwtProps = config.jwt;
 
 function APIKeyMiddleware() {
     var botIdregex = /(?<botId>st-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-5[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})/;
@@ -17,6 +18,7 @@ function APIKeyMiddleware() {
 
         var botId = url.match(botIdregex).groups.botId;
         var cred = credentials[botId]?credentials[botId]:credentials;
+        var jwtAlg = (jwtProps[botId] ? jwtProps[botId].jwtAlgorithm : jwtProps.jwtAlgorithm) || "HS256" ; //Adding HS256 as default algorithm if config is not set.
 
         if(_.has(header, 'apikey')){//DEPRECATED::SOON TO BE REMOVED
             if(header.apikey===cred.apikey)
@@ -25,7 +27,7 @@ function APIKeyMiddleware() {
         if(_.has(header, 'token')){
             var appId;
             try {
-                appId = jwt.decode(header.token, cred.apikey).appId;
+                appId = jwt.decode(header.token, cred.apikey, false, jwtAlg).appId;
             } catch(e){
                 console.info("invalid jwt token");
             }
diff --git a/lib/sdk/lib/invokePlatformAPIs.js b/lib/sdk/lib/invokePlatformAPIs.js
@@ -4,18 +4,29 @@ var config = require("../../../config");
 var { makeHttpCall } = require("../../../makeHttpCall");
 
 function getSignedJWTToken(botId) {
-    var appId, apiKey;
+    var appId, apiKey, jwtAlgorithm, jwtExpiry;
+    var defAlg = "HS256";
+
     if (config.credentials[botId]) {
         appId = config.credentials[botId].appId;
         apiKey = config.credentials[botId].apikey;
     } else {
         appId = config.credentials.appId;
         apiKey = config.credentials.apikey;
     }
+
+    if (config.jwt[botId]) {
+        jwtAlgorithm = config.jwt[botId].jwtAlgorithm;
+        jwtExpiry = config.jwt[botId].jwtExpiry;
+    } else {
+        jwtAlgorithm = config.jwt.jwtAlgorithm;
+        jwtExpiry = config.jwt.jwtExpiry;
+    }
+
     return jwt.encode({ 
         appId: appId, 
-        exp: Date.now()/1000 + (config.jwt_expiry || 60) //set the default expiry as 60 seconds
-    }, apiKey);
+        exp: Date.now()/1000 + (jwtExpiry || 60) //set the default expiry as 60 seconds
+    }, apiKey, (jwtAlgorithm || defAlg));
 }
 
 function makeRequest(url, method, body, opts) {
@@ -24,6 +35,7 @@ function makeRequest(url, method, body, opts) {
     opts    = opts || {};
     headers = opts.headers || {};
     headers['content-type'] = 'application/json';
+
     headers.auth = getSignedJWTToken(botId);
 
     return new Promise(function(resolve, reject) {
