Skip to content

Commit 03b6ad2

Browse files
Henry Gesumants-dev
Henry Ge
and
sumants-dev
authored
Adding encryption for JSON requests (#37)
* add json get encryption * Redirects unique encrypted alias for each worker to specific survey link * Removed scrap Co-authored-by: Sumant R Shringari <[email protected]>
1 parent 185e20d commit 03b6ad2

File tree

3 files changed

+79
-2
lines changed

3 files changed

+79
-2
lines changed

package-lock.json

Lines changed: 42 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
"stop_mongo": "sudo service mongodb stop"
1212
},
1313
"dependencies": {
14+
"axios": "^0.24.0",
1415
"body-parser": "^1.19.0",
1516
"cookie-parser": "^1.4.5",
1617
"cors": "^2.8.5",

server.ts

Lines changed: 36 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ import { ParsedQs } from "qs";
1717
import { env } from "process";
1818
import bodyParser = require("body-parser");
1919
import { type } from "os";
20+
const axios = require('axios')
2021

2122
const crypto_algorithm = "aes-192-cbc";
2223
//PLACEHOLDER VALUES FOR CRYPTO. DO NOT USE FOR PRODUCTION. Replace "researcherpassword" with researcher"s password.
@@ -131,6 +132,14 @@ app.get("/s/", async (req, res) => {
131132
getsurvey(req.query, req, res);
132133
});
133134

135+
app.get("/se/:encrypted", async (req, res) => {
136+
// encryption handled by python backend services at endpoint in internal docs (would)
137+
let result = await Db_Wrapper.find({'alias': req.params.encrypted}, "survey_links")
138+
result = result[0]
139+
const parsed = {"url": result.SurveyUrl, "WorkerId": result.WorkerId}
140+
getsurvey(parsed, req, res)
141+
});
142+
134143
app.get("/e/:data", async (req, res) => {
135144
//in the future, private_key and iv will be obtained through researcher database
136145
try {
@@ -179,8 +188,33 @@ app.get("/results", async (req, res) => {
179188

180189
// This needs to be encrypted to only give results to someone who is authenticated to read them
181190
app.get("/results/json", async (req, res) => {
182-
await Db_Wrapper.find({}, "responses")
183-
.then(all_responses => {res.send(all_responses)});
191+
let rID = req.header('rID');
192+
let clientKey = req.header('clientKey');
193+
194+
clientKey == null ? 'default' : clientKey; //DO NOT USE IN PRODUCTION DELETE THIS LINE
195+
196+
/*
197+
* Model: rID leads to researcher database in the future
198+
* Researcher database outline:
199+
* rID --> researcherID that points to the specific researcher
200+
* clientKey --> client key that the researcher uses to access data
201+
* privateKey --> server key that we use to verify the clientKey
202+
*/
203+
204+
try {
205+
const decipher = crypto.createDecipheriv(crypto_algorithm, private_key_example, iv_example);
206+
let decrypted = decipher.update(clientKey, "hex", "utf8");
207+
decrypted += decipher.final("utf8");
208+
if (decrypted === rID || clientKey == 'default') {
209+
await Db_Wrapper.find({}, "responses")
210+
.then(all_responses => {res.send(all_responses)});
211+
} else {
212+
throw new Error('ID + Key incorrect');
213+
}
214+
} catch (error) {
215+
console.error(error);
216+
res.redirect("/");
217+
}
184218
});
185219

186220
/* THIS NEEDS TO BE AUTHENTICATED TO ADMIN USER

0 commit comments

Comments
 (0)