From 8e557fc07234fb83da295d3ca552b0d8aebd03ea Mon Sep 17 00:00:00 2001 From: Jonathan Barrow Date: Fri, 9 Aug 2024 18:46:34 -0400 Subject: [PATCH] fix: make NNAS middleware only accept console tokens --- src/database.ts | 7 ++++++- src/middleware/pnid.ts | 7 ++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/database.ts b/src/database.ts index 72c1f7e..251d8ea 100644 --- a/src/database.ts +++ b/src/database.ts @@ -104,12 +104,17 @@ export async function getPNIDByBasicAuth(token: string): Promise { +export async function getPNIDByTokenAuth(token: string, allowedTypes?: number[]): Promise { verifyConnected(); try { const decryptedToken = decryptToken(Buffer.from(token, 'hex')); const unpackedToken = unpackToken(decryptedToken); + + if (allowedTypes && !allowedTypes.includes(unpackedToken.system_type)) { + return null; + } + const pnid = await getPNIDByPID(unpackedToken.pid); if (pnid) { diff --git a/src/middleware/pnid.ts b/src/middleware/pnid.ts index f858839..1b75e13 100644 --- a/src/middleware/pnid.ts +++ b/src/middleware/pnid.ts @@ -14,7 +14,7 @@ async function PNIDMiddleware(request: express.Request, response: express.Respon const parts = authHeader.split(' '); const type = parts[0]; let token = parts[1]; - let pnid: HydratedPNIDDocument | null; + let pnid: HydratedPNIDDocument | null = null; if (request.isCemu) { token = Buffer.from(token, 'hex').toString('base64'); @@ -22,8 +22,9 @@ async function PNIDMiddleware(request: express.Request, response: express.Respon if (type === 'Basic') { pnid = await getPNIDByBasicAuth(token); - } else { - pnid = await getPNIDByTokenAuth(token); + } else if (type === 'Bearer') { + // TODO - This "accepted types list" is mostly a hack. Change this + pnid = await getPNIDByTokenAuth(token, [1, 2]); } if (!pnid) {