Initial commit

.editorconfig

+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false

.gitignore

+# Logs
+logs
+*.log
+
+# Runtime data
+pids
+*.pid
+*.seed
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directory
+# Commenting this out is preferred by some people, see
+# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git-
+node_modules
+
+# Users Environment Variables
+.lock-wscript
+
+# IDEs and editors (shamelessly copied from @angular/cli's .gitignore)
+/.idea
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# IDE - VSCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### OSX ###
+*.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+ehthumbs.db
+ehthumbs_vista.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# Others
+lib/
+data/
+public/js/*
+server/files

LICENSE

+The MIT License (MIT)
+
+Copyright (c) 2015 Feathers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

README.md

+# publickey-auth-feathers
+
+> Spike 5
+
+## About
+
+This project uses [Feathers](http://feathersjs.com). An open source web framework for building modern real-time applications.
+
+## Getting Started
+
+Getting up and running is as easy as 1, 2, 3.
+
+1. Make sure you have [NodeJS](https://nodejs.org/) and [npm](https://www.npmjs.com/) installed.
+2. Install your dependencies
+
+    ```
+    cd path/to/publickey-auth-feathers; npm install
+    ```
+
+3. Start your app
+
+    ```
+    npm start
+    ```
+
+## Testing
+
+Simply run `npm test` and all your tests in the `test/` directory will be run.
+
+## Scaffolding
+
+Feathers has a powerful command line interface. Here are a few things it can do:
+
+```
+$ npm install -g @feathersjs/cli          # Install Feathers CLI
+
+$ feathers generate service               # Generate a new Service
+$ feathers generate hook                  # Generate a new Hook
+$ feathers generate model                 # Generate a new Model
+$ feathers help                           # Show all commands
+```
+
+## Help
+
+For more information on all the things you can do with Feathers visit [docs.feathersjs.com](http://docs.feathersjs.com).
+
+## Changelog
+
+__0.1.0__
+
+- Initial release
+
+## License
+
+Copyright (c) 2016
+
+Licensed under the [MIT license](LICENSE).

client/indexedDB.js

+// Basic helper functions to directly write stuff to indexedDB through the browserAPI.
+// Might be that we need to implement a shim for older browsers (shimIndexedDB)
+
+function callOnStore (dbname, storeName, fn_) {
+  const indexedDB = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB
+
+  // Open or create the database.
+  const request = indexedDB.open(dbname, 1)
+
+  // Create the schema
+  request.onupgradeneeded = () => {
+    let db = request.result
+    let store = db.createObjectStore(storeName, {keyPath: 'id'})
+  }
+
+  request.onsuccess = () => {
+    let db = request.result
+    let transaction = db.transaction(storeName, 'readwrite')
+    let store = transaction.objectStore(storeName)
+
+    fn_(store)
+
+    transaction.oncomplete = () => db.close()
+  }
+}
+
+module.exports = {
+  callOnStore
+}

client/keys.js

+const sodium = require('libsodium-wrappers')
+
+class Keys {
+  /**
+   * keyLength has been set to 32. This to be able to use the secretbox
+   * method inside libsodium.
+   */
+  constructor () {
+    this.privateKey
+    this.publicKey
+    this.password
+    this.encryptedPrivateKey
+    this.keySettings = {
+      keyLength: 32,
+      opslimit: sodium.crypto_pwhash_OPSLIMIT_MODERATE,
+      memlimit: 10777215,
+      algorithm: sodium.crypto_pwhash_ALG_DEFAULT,
+      saltBytes: sodium.crypto_pwhash_SALTBYTES
+    }
+    this.salt = sodium.randombytes_buf(this.keySettings.saltBytes)
+    this.nonce = sodium.randombytes_buf(24)
+  }
+
+  generateKeys () {
+    const keyPair = sodium.crypto_sign_keypair()
+    this.publicKey = keyPair.publicKey
+    this.privateKey = keyPair.privateKey
+  }
+
+  encryptPassword (password) {
+    this.password = sodium.crypto_pwhash(this.keySettings.keyLength, password, this.salt, this.keySettings.opslimit, this.keySettings.memlimit, this.keySettings.algorithm)
+  }
+
+  encryptPrivateKey () {
+    this.encryptedPrivateKey = sodium.crypto_secretbox_easy(this.privateKey, this.nonce, this.password)
+  }
+
+  decryptPrivateKey () {
+    this.privateKey = sodium.crypto_secretbox_open_easy(this.encryptedPrivateKey, this.nonce, this.password)
+  }
+
+  signMessage (nonce) {
+    return sodium.crypto_sign(nonce, this.privateKey)
+  }
+
+  stringify (value) {
+    return sodium.to_hex(value)
+  }
+
+  parse (value) {
+    return sodium.from_hex(value)
+  }
+}
+
+module.exports = Keys

client/logout.js

+const indexedDB = require('./indexedDB')
+const form = document.getElementById('logout')
+
+form.addEventListener('submit', (e) => {
+  e.preventDefault()
+
+  indexedDB.callOnStore('Indienet', 'keyStore', (store) => {
+    store.clear()
+    window.location = '/sign-in.html'
+  })
+})

client/script.js

+const axios = require('axios')
+
+// Custom modules
+const indexedDB = require('./indexedDB')
+const Keys = require('./keys')
+
+const form = document.getElementById('register')
+const privateForm = document.getElementById('private')
+
+function loadedKeyPair () {
+  indexedDB.callOnStore('testkeystore', 'keyStore', (store) => {
+    const getData = store.get(1)
+    getData.onsuccess = (event) => {
+      const keys = getData.result.keys
+    }
+  })
+}
+
+// loadedKeyPair()
+
+form.addEventListener('submit', (e) => {
+  e.preventDefault()
+  const password = e.target.password.value
+  const keyPair = new Keys()
+  keyPair.generateKeys()
+  keyPair.encryptPassword(password)
+  keyPair.encryptPrivateKey()
+  console.log(keyPair)
+  const postKeys = axios.post('keys',
+    {
+      salt: keyPair.stringify(keyPair.salt),
+      nonce: keyPair.stringify(keyPair.nonce),
+      publicKey: keyPair.stringify(keyPair.publicKey),
+      privateKey: keyPair.stringify(keyPair.encryptedPrivateKey)
+    })
+
+  postKeys.then((values) => {
+    indexedDB.callOnStore('Indienet', 'keyStore', (store) => {
+      store.put({
+        id: 1,
+        unencryptedPrivateKey: keyPair.privateKey
+      })
+    })
+  }).catch((err) => {
+    console.log(err)
+  })
+})
+
+privateForm.addEventListener('submit', (e) => {
+  e.preventDefault()
+  indexedDB.callOnStore('Indienet', 'keyStore', (store) => {
+    const getData = store.get(2)
+    getData.onsuccess = (event) => {
+      const jwt = getData.result.jwt
+      axios({
+        url: 'private',
+        method: 'get',
+        headers: { 'Authorization': `Bearer ${jwt}` }
+      }).then((data) => {
+        console.log(data)
+      }).catch((err) => {
+        console.log(err)
+      })
+    }
+  })
+})

client/sign-in.js

+const axios = require('axios')
+// Custom modules
+const indexedDB = require('./indexedDB')
+const form = document.getElementById('sign-in')
+const Keys = require('./keys')
+
+form.addEventListener('submit', (e) => {
+  e.preventDefault()
+  const password = e.target.password.value
+  let key = new Keys()
+
+  axios.get('keys/privatekey').then(function (response) {
+    key.salt = key.parse(response.data.salt)
+    key.nonce = key.parse(response.data.nonce)
+    key.encryptedPrivateKey = key.parse(response.data.encryptedPrivateKey)
+    key.encryptPassword(password)
+    key.decryptPrivateKey()
+    // Save private key to indexedDB.
+    indexedDB.callOnStore('Indienet', 'keyStore', (store) => {
+      store.put({
+        id: 1,
+        unencryptedPrivateKey: key.privateKey
+      })
+    })
+
+    return axios.get('authorize/nonce')
+  }).then((nonce) => {
+    const signedMessage = key.signMessage(key.parse(nonce.data))
+    return axios.post('authorize', {
+      signedMessage: key.stringify(signedMessage)
+    })
+  }).then((jwt) => {
+    indexedDB.callOnStore('Indienet', 'keyStore', (store) => {
+      store.put({
+        id: 2,
+        jwt: jwt.data
+      })
+    })
+    window.location = 'signed-in.html'
+  }).catch((err) => {
+    console.log(err)
+  })
+})

config/default.json

+{
+  "host": "localhost",
+  "port": 3030,
+  "public": "../public/",
+  "paginate": {
+    "default": 10,
+    "max": 50
+  }
+}

config/production.json

+{
+  "host": "publickey-auth-feathers-app.feathersjs.com",
+  "port": "PORT"
+}

gulpfile.js

+var browserify = require('browserify')
+var gulp = require('gulp')
+var source = require('vinyl-source-stream')
+var rename = require('gulp-rename')
+var glob = require('glob')
+var es = require('event-stream')
+
+gulp.task('js:bundle', function (done) {
+  glob('./client/**/**.js', function (err, files) {
+    if (err) done(err)
+
+    var tasks = files.map(function (entry) {
+      return browserify({ entries: [entry] })
+        .bundle()
+        .pipe(source(entry))
+        .pipe(rename({
+          dirname: ''
+        }))
+        .pipe(gulp.dest('./public/js'))
+    })
+    es.merge(tasks).on('end', done)
+  })
+})
+
+gulp.task('watch', () =>
+ gulp.watch('./client/**/*.js', ['js:bundle'])
+)

package.json

+{
+  "name": "publickey-auth-feathers",
+  "description": "Spike 5",
+  "version": "0.0.0",
+  "homepage": "http://indienet.info/spikes/security",
+  "main": "server",
+  "keywords": [
+    "feathers"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git@source.ind.ie:indienet/spikes/security/publickey-auth-feathers.git"
+  },
+  "author": {
+    "name": "Wim Vantomme",
+    "email": "wim.vantomme@daraja.be"
+  },
+  "contributors": [
+    "Frauke Vanderzijpen <frauke.vanderzijpen@digipolis.gent>"
+  ],
+  "license": "AGPLv3",
+  "bugs": {},
+  "directories": {
+    "lib": "server",
+    "test": "test/"
+  },
+  "engines": {
+    "node": "^8.0.0",
+    "npm": ">= 3.0.0"
+  },
+  "scripts": {
+    "test": "npm run eslint && npm run mocha",
+    "start": "node server/",
+    "watch": "nodemon server",
+    "mocha": "mocha test/ --recursive --exit"
+  },
+  "dependencies": {
+    "@feathersjs/authentication": "^2.1.1",
+    "@feathersjs/authentication-jwt": "^2.0.0",
+    "@feathersjs/configuration": "^1.0.2",
+    "@feathersjs/errors": "^3.2.2",
+    "@feathersjs/express": "^1.1.2",
+    "@feathersjs/feathers": "^3.0.5",
+    "@feathersjs/socketio": "^3.0.2",
+    "axios": "^0.17.1",
+    "compression": "^1.7.1",
+    "cors": "^2.8.4",
+    "helmet": "^3.9.0",
+    "jsonwebtoken": "^8.1.1",
+    "libsodium-wrappers": "^0.7.3",
+    "passport-custom": "^1.0.5",
+    "serve-favicon": "^2.4.5",
+    "winston": "^2.4.0"
+  },
+  "devDependencies": {
+    "browserify": "^15.2.0",
+    "event-stream": "^3.3.4",
+    "glob": "^7.1.2",
+    "gulp": "^3.9.1",
+    "gulp-rename": "^1.2.2",
+    "mocha": "^5.0.0",
+    "request": "^2.83.0",
+    "request-promise": "^4.2.2",
+    "standard": "^10.0.3",
+    "vinyl-source-stream": "^2.0.0"
+  }
+}

public/index.html

+<html>
+  <head>
+    <title>Welcome to Indienet spike 5!</title>
+  </head>
+  <body>
+    <form action="register" method="post" id="register">
+      <label for="password">Password</label>
+      <input type="password" name="password" id="password">
+      <input type="submit" value="Create site">
+    </form>
+    
+    <form action="private" id="private">
+      <input type="submit" value="Get private data">
+  </form>
+  
+    <script src="js/script.js"></script>
+  </body>
+</html>

public/sign-in.html

+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="ie=edge">
+  <title>Document</title>
+</head>
+<body>
+  <h1>Welcome to Igent</h1>
+  <p>Please sign in on your website</p>
+  <form action="sign-in" method="post" id="sign-in">
+    <label for="password">Password</label>
+    <input type="password" name="password" id="password">
+    <input type="submit" value="Create site">
+  </form>
+  <script src="js/sign-in.js"></script>
+</body>
+</html>

public/signed-in.html

+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>Succesfully signed in</title>
+</head>
+<body>
+    <h1>Welcome to my.gent</h1>
+    <p>This is my personal space</p>
+    <form action="logout" id="logout">
+        <input type="submit" value="Log out">
+    </form>
+    <script src="js/logout.js"></script>
+</body>
+</html>
\ No newline at end of file

server/app.hooks.js

+// Application hooks that run for every service
+const logger = require('./hooks/logger')
+
+module.exports = {
+  before: {
+    all: [ logger() ],
+    find: [],
+    get: [],
+    create: [],
+    update: [],
+    patch: [],
+    remove: []
+  },
+
+  after: {
+    all: [ logger() ],
+    find: [],
+    get: [],
+    create: [],
+    update: [],
+    patch: [],
+    remove: []
+  },
+
+  error: {
+    all: [ logger() ],
+    find: [],
+    get: [],
+    create: [],
+    update: [],
+    patch: [],
+    remove: []
+  }
+}

server/app.js

+const path = require('path')
+const favicon = require('serve-favicon')
+const compress = require('compression')
+const cors = require('cors')
+const helmet = require('helmet')
+const logger = require('winston')
+
+const feathers = require('@feathersjs/feathers')
+const configuration = require('@feathersjs/configuration')
+const expre