Use hex encoding for application ids/keys

base64 encoded ids/keys are not friendly for urls
This commit is contained in:
Raymond Feng 2014-02-07 11:14:01 -08:00
parent a506ced005
commit 618b563c6e
2 changed files with 43 additions and 28 deletions

View File

@ -98,12 +98,13 @@ var crypto = require('crypto');
function generateKey(hmacKey, algorithm, encoding) {
hmacKey = hmacKey || 'loopback';
algorithm = algorithm || 'sha256';
encoding = encoding || 'base64';
algorithm = algorithm || 'sha1';
encoding = encoding || 'hex';
var hmac = crypto.createHmac(algorithm, hmacKey);
var buf = crypto.randomBytes(64);
var buf = crypto.randomBytes(32);
hmac.update(buf);
return hmac.digest('base64');
var key = hmac.digest(encoding);
return key;
}
/**
@ -121,7 +122,7 @@ var Application = loopback.createModel('Application', ApplicationSchema);
Application.beforeCreate = function (next) {
var app = this;
app.created = app.modified = new Date();
app.id = generateKey('id', 'sha1');
app.id = generateKey('id', 'md5');
app.clientKey = generateKey('client');
app.javaScriptKey = generateKey('javaScript');
app.restApiKey = generateKey('restApi');
@ -208,13 +209,18 @@ Application.authenticate = function (appId, key, cb) {
cb && cb(err, null);
return;
}
var matched = null;
['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey'].forEach(function (k) {
if (app[k] === key) {
matched = k;
var result = null;
var keyNames = ['clientKey', 'javaScriptKey', 'restApiKey', 'windowsKey', 'masterKey'];
for (var i = 0; i < keyNames.length; i++) {
if (app[keyNames[i]] === key) {
result = {
application: app,
keyType: keyNames[i]
};
break;
}
});
cb && cb(null, matched);
}
cb && cb(null, result);
});
};

View File

@ -121,7 +121,8 @@ describe('Application', function () {
it('Authenticate with application id & clientKey', function (done) {
Application.authenticate(registeredApp.id, registeredApp.clientKey,
function (err, result) {
assert.equal(result, 'clientKey');
assert.equal(result.application.id, registeredApp.id);
assert.equal(result.keyType, 'clientKey');
done(err, result);
});
});
@ -129,7 +130,8 @@ describe('Application', function () {
it('Authenticate with application id & javaScriptKey', function (done) {
Application.authenticate(registeredApp.id, registeredApp.javaScriptKey,
function (err, result) {
assert.equal(result, 'javaScriptKey');
assert.equal(result.application.id, registeredApp.id);
assert.equal(result.keyType, 'javaScriptKey');
done(err, result);
});
});
@ -137,7 +139,8 @@ describe('Application', function () {
it('Authenticate with application id & restApiKey', function (done) {
Application.authenticate(registeredApp.id, registeredApp.restApiKey,
function (err, result) {
assert.equal(result, 'restApiKey');
assert.equal(result.application.id, registeredApp.id);
assert.equal(result.keyType, 'restApiKey');
done(err, result);
});
});
@ -145,7 +148,8 @@ describe('Application', function () {
it('Authenticate with application id & masterKey', function (done) {
Application.authenticate(registeredApp.id, registeredApp.masterKey,
function (err, result) {
assert.equal(result, 'masterKey');
assert.equal(result.application.id, registeredApp.id);
assert.equal(result.keyType, 'masterKey');
done(err, result);
});
});
@ -153,7 +157,8 @@ describe('Application', function () {
it('Authenticate with application id & windowsKey', function (done) {
Application.authenticate(registeredApp.id, registeredApp.windowsKey,
function (err, result) {
assert.equal(result, 'windowsKey');
assert.equal(result.application.id, registeredApp.id);
assert.equal(result.keyType, 'windowsKey');
done(err, result);
});
});
@ -170,13 +175,14 @@ describe('Application', function () {
describe('Application subclass', function () {
it('should use subclass model name', function (done) {
var MyApp = Application.extend('MyApp');
MyApp.attachTo(loopback.createDataSource({connector: loopback.Memory}));
MyApp.register('rfeng', 'MyApp2',
{description: 'My second mobile application'}, function (err, result) {
var ds = loopback.createDataSource({connector: loopback.Memory});
MyApp.attachTo(ds);
MyApp.register('rfeng', 'MyApp123',
{description: 'My 123 mobile application'}, function (err, result) {
var app = result;
assert.equal(app.owner, 'rfeng');
assert.equal(app.name, 'MyApp2');
assert.equal(app.description, 'My second mobile application');
assert.equal(app.name, 'MyApp123');
assert.equal(app.description, 'My 123 mobile application');
assert(app.clientKey);
assert(app.javaScriptKey);
assert(app.restApiKey);
@ -184,14 +190,17 @@ describe('Application subclass', function () {
assert(app.masterKey);
assert(app.created);
assert(app.modified);
MyApp.findById(app.id, function (err, myApp) {
assert(!err);
assert(myApp);
Application.findById(app.id, function (err, myApp) {
// Remove all instances from Application model to avoid left-over data
Application.destroyAll(function () {
MyApp.findById(app.id, function (err, myApp) {
assert(!err);
assert(myApp === null);
done(err, myApp);
assert(myApp);
Application.findById(app.id, function (err, myApp) {
assert(!err);
assert(myApp === null);
done(err, myApp);
});
});
});
});