MagRelo · March 10, 2020 19:23
diff --git a/signatures.js b/signatures.js
 const sigUtil = require('eth-sig-util');

 const { checkUserMembership } = require('./pg-controller');

 function recover(message, signature) {
  return sigUtil.recoverPersonalSignature({
    data: message,
    sig: signature
  });
 }

 exports.htmlAuth = async function(req, res, next) {
  // check for header
  if (!req.headers['x-servesa']) {
    return res.status(401).send('Unauthorized');
  }

  // parse header object
  const authObject = JSON.parse(req.headers['x-servesa']);
  if (!authObject.message || !authObject.signature) {
    return res.status(401).send('Unauthorized');
  }

  // recover key from signature
  const userKey = recover(authObject.message, authObject.signature);

  // whatever kind of access control...
  const isMember = await checkUserMembership(userKey, '0x1234...');

  if (!isMember) {
    console.log('member not found in group');
    return res.status(401).send('Unauthorized');
  }

  // call next middleware function
  next();
 };

 exports.socketAuth = async function(packet, next) {
  // check for header
  if (!packet.handshake.headers['x-servesa']) {
    console.log('no header');
    return next(new Error('401'));
  }

  // parse header object
  const authObject = JSON.parse(packet.handshake.headers['x-servesa']);
  if (!authObject.message || !authObject.signature) {
    console.log('no auth content');
    return next(new Error('401'));
  }

  // recover key from signature
  const recoveredUserKey = recover(authObject.message, authObject.signature);

  // whatever kind of access control...
  const isMember = await checkUserMembership(recoveredUserKey, '0x1234...');

  if (!isMember) {
    console.log('member not found in group');
    return next(new Error('401'));
  }

  // call next middleware function
  next();
 };
	const sigUtil = require('eth-sig-util');

	const { checkUserMembership } = require('./pg-controller');

	function recover(message, signature) {
	return sigUtil.recoverPersonalSignature({
	data: message,
	sig: signature
	});
	}

	exports.htmlAuth = async function(req, res, next) {
	// check for header
	if (!req.headers['x-servesa']) {
	return res.status(401).send('Unauthorized');
	}

	// parse header object
	const authObject = JSON.parse(req.headers['x-servesa']);
	if (!authObject.message \|\| !authObject.signature) {
	return res.status(401).send('Unauthorized');
	}

	// recover key from signature
	const userKey = recover(authObject.message, authObject.signature);

	// whatever kind of access control...
	const isMember = await checkUserMembership(userKey, '0x1234...');

	if (!isMember) {
	console.log('member not found in group');
	return res.status(401).send('Unauthorized');
	}

	// call next middleware function
	next();
	};

	exports.socketAuth = async function(packet, next) {
	// check for header
	if (!packet.handshake.headers['x-servesa']) {
	console.log('no header');
	return next(new Error('401'));
	}

	// parse header object
	const authObject = JSON.parse(packet.handshake.headers['x-servesa']);
	if (!authObject.message \|\| !authObject.signature) {
	console.log('no auth content');
	return next(new Error('401'));
	}

	// recover key from signature
	const recoveredUserKey = recover(authObject.message, authObject.signature);

	// whatever kind of access control...
	const isMember = await checkUserMembership(recoveredUserKey, '0x1234...');

	if (!isMember) {
	console.log('member not found in group');
	return next(new Error('401'));
	}

	// call next middleware function
	next();
	};